There are still some possible pitfalls, though. "We are not exactly happy with the possibilities of the Patriot Act," Thon said.
The Patriot Act can be used by U.S. law enforcement agencies to seize data stored by companies that are based in the U.S. "There is nothing we can do about that," Thon said.
While the safe harbor principles currently provide enough protection to comply with Norwegian law, the Patriot Act is something that needs to be dealt with by the Norwegian government, Thon said.
While the Data Protection Authority allows local governments to store email in the cloud, it is unlikely that the it would allow municipalities to store social welfare or health care data on the servers of a U.S. based cloud service. The regulations for cloud providers are "not a carte blanche," to use any cloud service, said Thon, adding that use of cloud services should be dealt with on a case-by-case basis.
A Google spokesperson stated in an email that the company is "delighted that the Norwegian DPA approved Narvik's deployment of Google Apps." Google declined to comment on specifics.
The Norwegians are also investigating the use of Google Analytics by the local Tax Administration and the State Educational Loan Fund. The data protection watchdog concluded in late August that Google Analytics violates the country's privacy laws, because the agencies have no control over how Google uses information about users. The conclusion was reached after a preliminary investigation. A full report on that the matter is expected to be published before Christmas, Thon said.
Sign up for CIO Asia eNewsletters.