According to the International Association of Privacy Professionals (IAPP), the Norwegian data protection authority (Datatilsynet) has fined NOK 400,000 (approximately EUR 40.000) the Norwegian Public Roads Administration for violating the GDPR. The administration violated the purpose limitation principle, after using video-cameras to ensure contracting companies and their workers complied with the terms of their work agreements. The use of the images and subsequent personal data was found "significantly beyond" what the contractors expected their data to be used for.