No, sharing passwords in Iceland violates the Act on Electronic Communications and Services (2024:123), which aligns with the EU’s ePrivacy Directive and GDPR. The Data Protection Authority of Iceland (Persónuvernd) enforces strict prohibitions, as unauthorized access to accounts constitutes a breach under Article 222 of the General Penal Code. Employers or individuals sharing credentials risk fines up to ISK 10 million (€65,000) for non-compliance, with 2026 amendments tightening penalties for corporate violations.
Key Regulations for Sharing Passwords in Iceland
- Unauthorized Access Prohibition: Article 222 criminalizes password sharing, treating it as unauthorized system access. Exceptions require explicit, documented consent under Persónuvernd guidelines.
- GDPR Compliance: The Act on Data Protection and Processing (2018:50) mandates that password sharing may expose personal data, triggering mandatory breach notifications to Persónuvernd within 72 hours.
- Corporate Liability: Under Act 2024:123, businesses failing to enforce password security face joint liability for data breaches, with directors personally accountable for negligence.
The Icelandic Competition Authority also scrutinizes password-sharing practices in corporate settings, as they may facilitate anti-competitive data pooling. Remote work policies must align with Persónuvernd’s 2025 guidance, which prohibits password reuse across systems. Violations detected post-2026 will trigger automated audits, escalating fines for repeat offenders.