Thomas Olsen is recognized as one of Norway’s foremost experts in data protection law.

He holds a doctorate degree in data protection law from the Norwegian Research Center for Computers and law at the University of Oslo. Thomas has extensive experience advising on data protection/GDPR, information security, digitization, use of artificial intelligence (AI), and digital advertising/marketing. He provides counsel to a number of international groups and key players across diverse industries, including IT/technology, telecoms, media, e-commerce, finance, and health.

In addition to extensive experience as a lawyer, he also has experience in supervisory work for the Norwegian Data Protection Authority, investigative work in European research projects and participation in large digitization projects for the Norwegian Tax Administration.

Thomas is a partner in SVW’s Technology and Media department and leads the firm’s privacy team, which for several years (2018-2024) has been voted the country’s best in Finansavisen’s annual lawyer survey. Thomas has five times been named Norway’s best privacy lawyer in Finansavisen’s lawyer, most recently in the 2024 survey. He is also top-ranked in data privacy by Chambers (Band 1) and Lexology (Client Choice – Data: Global Elite Thought Leader).

His special expertise encompasses AI-related issues, personal data transfer (Schrems II assessments, EU standard agreements, cloud services, and more than 10 BCR/P projects), internal guidelines and routines, risk and impact assessments (DPIA ), identity management, data processor and data exchange agreements (incl. regarding joint controllers), deletion of personal data, privacy in the workplace, handling of data security breaches, transactions/due diligence, and handling disputes and appeals with supervisory authorities.

Thomas is an experienced lecturer/course leader, affiliated with UiO, BI, JUS and the Norwegian Bar Association. He is the author of comments to the Personal Data Act and the General Data Protection Regulation in Gyldendal Rettsdata and co-author of a data protection handbook (Personvernhåndboken, Gyldendal). He has published numerous professional articles in Norwegian and international journals and carried out investigations and research work on behalf of the European Commission, the Privacy Commission, the Privacy Appels Board as well as a number of private and public enterprises.

Work experience

Education

Appointments

Publications

• Legal commentary to the Data Protection Act and the General Data Protection Regulation (GDPR),
  Gyldendal Rettsdata
• Advokatforeningens veileder om advokatvirksomheters etterlevelse av GDPR (GDPR guidance from the Norwegian Bar Association),
  Olsen, Thomas, Opdahl, Rune and Clausen, Christopher Sparre-Enger
• "Personvernhåndboken – en praktisk bok om personvernregelverket"
  Tønseth, Stubø, Olsen and Ljostad, (2016), Gyldendal
• "EU-domstolens Schrems II-avgjørelse: Privacy Shield kjent ugyldig og skjerpede krav til overføring av personopplysninger",
  Thomas et al, (3/2020), Lov & Data
• "Personvernøkende identitetsforvaltning (book version of PhD thesis, 450 pages),
  Olsen, Thomas, (2/2015), Complex
• "Norway – Data Protection in the Financial Sector",
  guidance note in OneTrust Dataguidance
• "Utlevering av opplysninger til utenlandske myndigheter",
  Olsen, Thomas, (3/2015), Lov & Data
• "Høyesteretts avgjørelse i GPS-/Avfallsservice-saken klargjør formålsbestemthetsprinsippet",
  Olsen, Thomas, (2/2013), Lov & Data
• "Personvernøkende teknologi og identitetsforvaltning",
  Olsen, Thomas, (1/2009), Report on behalf of the Privacy Commission, published in NOU
• "Identity management and data protection law: Risk, responsibility and compliance in "Circles of Trust",
  Olsen, Thomas and Mahler, Tobias, (2007), Computer Law & Security Report, 23(4) and 23(5)
• "Lovgivningsprosessen bak registreringsplikt for kontantkort til mobiltelefon", Report for the Privacy Appeals Board,
  (1/2006), Lov & Data