A potential leak of the information cannot be ruled out, according to the Parliamentary Oversight Committee on Intelligence and Security Services (EOS).
In a report submitted to parliament on Thursday afternoon, the committee asserts that PST obtained large amounts of data from low-cost airline Norwegian without the correct legal basis.
According to the committee, passenger lists were regularly sent to PST by Norwegian and eight other airlines.
Of the one million passengers said to be encompassed by the data, “hundreds of thousands are Norwegians,” the report states.
“This routine data collection is illegal. The information was stored for months and was accessible,” the committee writes according to NTB and Aftenposten’s report.
“A greater degree of caution could have been expected on the part of the airlines,” Grønnern said.
“You can’t just hand over sensitive information because PST is knocking on the door. You have to be certain this is okay in a legal context,” he added.
The head of committee said no “specific” checks had been made as to whether the information had been shared with foreign intelligence services.
Norwegian declined to comment on why they handed over the information or whether any data might have gone astray.
“The EOS committee’s conclusion is clear. We have no further comment,” said the company’s spokesperson Tonje Næss told NTB.
PST has stated it disagrees with the committee over the issue.
The police security service used Norway’s Immigration Act and Immigration Regulations (utlendingsloven og utlendingsforskriften) as the legal basis for data collection, according to PST director Hans Sverre Sjøvold.
“There has been disagreement between the (EOS) committee and as to whether there was sufficient legal basis,” Sjøvold said via a statement on the PST website.
PST has nevertheless suspended the practice following the criticism.
“PST has initiated a review of practices and routines in order to ensure correct collection and management of passenger lists,” Sjøvold’s statement said.