[Hovedside] - [Bibliografi] - [English bibliography]

Proportional control? 1

Førsteamanuensis, dr. juris Dag Wiese Schartum,
Avdeling for forvaltningsinformatikk, Universitetet i Oslo.




1 Introduction: "Control"

To many people, the word "control" is associated with unpleasant images. Behind control measures stands an authority who has the power to decide between right and wrong and to punish individuals who break certain rules and regulations. Most people strongly support controlling criminal actions. However, control may also affect citizens who we think of as law-abiding. In modern societies, legal regulations define legal norms within a wide range of life situations; from accepting paternity to paying inheritence tax. Along with every regulation, detailed and complicated requirements are often defined for us to follow, and it is considered criminal not to observe them. In such a context, many people may often be uncertain whether or not they are breaking a rule 2. In addition, many people are often aware that they are breaking a rule but regard their behaviour as excusable and not worthy of sanction 3. Due to the complexity of rules and regulations in modern sources, control measures within fields where ordinary people interact with decision-making bodies may create uncertainty among and resistance by "law-abiding citizens".

My approach to "control" is not based on a one-sided, negative view of control representing negative actions by decision-making bodies in order to "catch criminals". In my vocabulary, the word "control" represents the act of inspecting whether or not legal rules are applied according to a correct legal interpretation in the course of determining individual cases. This understanding does assume that control also should be regarded by citizens as a measure which secures legal rights to individuals. My view is, in other words, that control measures just as well may aid individuals, in the sense that they may help reveal errors that otherwise would have resulted in a loss for him or her.

This article will focus on control measures within Norwegian public mass administration. By "mass administration", I refer to decision-making concerning a high number of individual cases, according to highly routinized work processes, which involve a large amount of computerized case-handling. An important characteristic of these systems is that many of the legal rules which govern them and which are traditionally found in paper format have been transformed into computer programme code. To be concrete, the question is to what extent and in what ways organisations like social insurance administrations, tax administrations, labour authorities etc. should exercise control in connection with determining individual cases according to legislation. I will explicitly refrain from addressing issues concerning police investigation, state security, etc. and issues concerning control in situations where providing services (health, education etc.) constitutes the main activity. When control is discussed in this context, control of both the computerized and manual routines is important because they are so closely connected.

In the following article, I will base my descriptions and discussions on a division of the control task related to (i) the manual/computerized establishment of the factual basis for decisions and (ii) the computerized operations performed on these factual bases. Information technology makes available a range of new control measures for ensuring that citizens submit correct information in the course of a decision-making process (cf. i) above). These measures include:

  • Linking and matching machine-readable personal information to find discrepancies between expected identical information, unlawful combinations and/or occurrences of information etc.
  • Control of information submitted by individuals on the basis of statistics indicating probable correctness.
  • Defining limits for input information accepted by a computer system on the basis of legal sources or common-sense.

    The computerized operations (cf ii), above) may be controlled by manual and/or automatic testing of the different computer programmes of the system. When one applies for a loan, that person's annual income, debt, education and profession are factors taken into account in the bank's decision. A case-handling system which is programmed to add income figures, to check that the sum of income does not exceed a certain level, and to check whether applicants in certain categories have payment notices, is one example of computerized operations which could be made the subject of control.

    Both in relation to control with factual bases and with operations, it may be relevant to distinguish between advance and retrospective control. Advance control is executed before a final decision is made, whereas retrospective control is defined as control of an already-made decision. An example of advance control of the factual basis could be that figures from last year's tax return and figures from organisations with a duty to submit information about citizens to the tax authorities (banks, insurance companies, employers etc.) are compared with the information on this year's tax return. Significant differences would then lead to further investigations to establish the correct piece of information. One way for the factual basis to undergo retrospective control would be to link and match two or more computer registers in order to reveal unlawful results. If, for example, it is prohibited to receive unemployment benefits while receiving education, a link between the registers of the Labour Authorities and the State Educational Loan Fund could be a possible method of revealing unlawful results.

    Advance control of operations will typically be carried out as a part of the test programme for new applications, i.e. before they are put into operation. Retrospective control of operations may be undertaken as a result of an unlawful or undesirable result from the computer system or to a complaint from the individual affected. Such controls could lead to a change of the programme and could more likely lead to an alteration of manual routines surrounding the computerized routines, with the aim of catching and correcting errors from the computer system.

    In the debate about how much control should be present in society, one argument has been that there must be a limit to the control executed by decision-making bodies. In the Norwegian debate, the argument has partly been that society should not exercise excessive control over citizens and that society should allow people to play different roles in different situations. The question of roles highlights the fact that it is often difficult to decide what constitutes a "true" and "correct" factual basis and that people may have legitimate grounds to "colour" the factual basis of decisions according to their concrete interests in concrete cases. On such a basis, control initiatives which imply co-ordinated and uniform handling of cases between decision-making bodies are not always acceptable. For example, one's contacting the labour authorities in search of a job should not trigger the same administrative demands for information about education, job experience etc. as when the person applies to a company for a job. Different roles and situations may in other words call for the acceptance of different factual bases, even if the request for information may appear to be identical.

    The question "What is excessive control?" is of course a highly political one. Nevertheless, the Norwegian Data Inspectorate has seen it as one of its tasks to give advice regarding this question within the framework of the legislation on privacy and data protection. However, it is obviously difficult to approach this theme without a view on how to define a maximum level. For the Inspectorate, it may furthermore be problematic if its decisions are too closely associated with politics.Thus, the Inspectorate may choose formal instead of "political" grounds for their decisions. The political environment faces a similar dilemma. Most political parties are in favour of defending privacy and protection of personal data. At the same time, most parties are eager to stop criminal exploitation of the social welfare system and people's weakening of the economical basis of the welfare state by evading taxes etc.Thus, strong economic and social interests clash with privacy interests. Furthermore, the conflicting interests are of an incommensurable nature, in the sense that economic considerations tend to outweigh the often inaccurate and "emotional" privacy/data protection arguments. In many cases, privacy is forced to retreat as a result of strong economic considerations. Although each such balancing of interests may be based on a rational reasoning, it may be resistance against this development in sum. There may, in other words, introduce a series of "right" control measures but nevertheless end up with the "wrong" total result. Thus, we should not only decide on a case-by-case basis whether a set of control measures is desirable or not but should also judge how this contributes to the total control situation of the society. That is, in order to prevent undesired total effects, it may be necessary to change or even stop apparently acceptable single control measures. The subsequent parts of this article, the task is to discuss if there are ways to consider this conflict of interest which may secure a better overall balance between privacy/data protection and other interests.

    The main questions of this article will be: Are there or should their be any limit for control executed by public authorities? How may we create limits without limiting legitimate and necessary public powers?



    2 Proportionality between control and guidance

    In the Norwegian public administration, officers have a duty to give general guidance to citizens upon request. There is no similar general duty for private decision-making bodies, but a guidance is often offered as a "service" to the customer. To the extent that citizens aid an agency in collecting information about themselves, guidance provided to citizens within relevant legal questions could be used as one way of reducing the number of errors in this basis. This guidance may first and foremost prevent unintended errors but may also help to reduce the number of deliberate mistakes, because a direct contact between an officer and a citizen may have a binding effect on him or her.

    In hierarchically organised decision-making bodies, higher officials have the responsibility to give general guidance and instruction to their staff. For example a Directorate has this responsibility in relation to the street level officers who handle individual cases and make the first decisions in those cases. However, the degree of instruction and guidance from the central responsible body varies. A rather common situation seems to be that information concerning interpretation of relevant legislation, standard contracts etc. is issued as "circular letters" or handbooks for the officers to follow.

    Within computerized case handling, there is a particular need for providing information to street level officers on how to determine the factual basis for decisions in individual cases, i.e. questions about how to define terms like "income" and "debt". In a computerized case-processing routine, most operations pertaining to facts are executed automatically. Thus, there is a special need to give guidance and instructions to those persons who are in charge of constructing and programming the computer systems that perform those operations. It is a well-accepted truth that it is much cheaper to develop and programme the systems correctly from the start, rather than to control and correct in a late phase of the system development work or after the computer system is put into operation.

    I have pointed to the fact that improving guidance to citizens, to officers and to staffs in charge of system development may prevent mistakes and erroneous decisions. To the degree that increased control is expected to improve the quality of decision-making, one should first consider the proportionality between guidance and control measures. Increased control should, as a rule of thumb, always lead to increased guidance activities, and a changed proportion between the two lines of action should always have a firm basis.

    When considering guidance versus control, one should always bear in mind that guidance covers an additional category of cases compared to control. Insufficient guidance of citizens may lead to situations where cases are not initiated, resulting in a legal loss for the individual in question. Control activities may not reveal such "passivity" because the absence of a case implies no information on which to base control measures. In this sense, guidance supports the rule of law principle more than the performance of control techniques.



    3 Proportionality between advance and retrospective control

    Collecting and registering factual information in the course of case-handling, often requires expensive manual operations. In Norway (and I believe in many other countries) decision-making bodies have begun trying to decrease the amount of manual collection and registration work. This change may again influence the level and type of control of the factual basis.

    One strategy for reducing the amount of collection/registration of case specific facts in the agency is to let parties outside the decision-making body do the work. Most people are familiar with filling in various kinds of forms with information about themselves. In addition, third parties are often placed in a central position, as a result of a legal duty for them to send relevant information in machine-readable form to the decision-making body. This may change the role of the citizen in question. What is asked for from citizens who apply for housing benefits or who are taxed according to the simplified tax form is that they confirm or protest the correctness and adequacy of the information sent by third parties to the decision-making body. This procedure reduces costs on public budgets dramatically, since the registering job is fulfilled by a different method.

    Another approach to more cost-effective collection of information, is to (strongly) reduce the manual control of the received information, for example by accepting factual information from citizens as correct and adequate. The officer in charge is then more or less turned into a "typist" who only transfers the information on the application form into the computer system. Traditionally, the officers would check the correctness of certain pieces of information, by making a telephone call to confirm the information. The "typist approach" leaves the citizen (applicant) standing more or less alone with the task of understanding and interpreting the requirements for adequate and correct information in accordance to legislation, contract, guidelines and forms.

    Irrespective of which of the two mentioned approaches are selected a heavy burden is placed on the citizen where the decision-making body traditionally established the factual basis of decisions jointly with the citizen. In order to fill in a form correctly or to control the correctness and adequacy of information forwarded by third parties, a deep legal knowledge within that specific field is required. Obviously, most citizens will lack the competence needed to secure a sufficient quality of such information. The role of third parties, on the other hand, being employers, banks and insurance companies may make important contributions to secure quality, because such organisations may have the capability to build up the required competence. To what extent they succeed, however, depend to a large extent on the existence of sufficient guidelines and instructions issued from the decision-making body. It is, in other words, important that third parties do not carry out their task in a legal "vacuum". A lack of guidance and instruction may create situations which open up different solutions to identical questions between third parties with the same duty to establish and forward information4.

    In parts of the Norwegian public administration, a trend towards cutting down on advance control of the factual basis of decisions collected from individuals seems to be developing. However, at the same time, there is an awareness of the fact that incorrect information is likely to pass without control and thus constitute the basis for decisions. This situation may again trigger a need to execute retrospective control measures in order to reveal and correct mistakes and if necessary prosecute persons with criminal intentions.

    Retrospective control of the factual basis for individual decisions after the decision is made could be carried out in many ways. One way would be to link two or more computer registers and match the information. If, for example, the State Educational Loan Fund wanted to control whether anyone receiving educational benefits is registered as unemployed and thus are not eligible receive benefits from the Loan Fund, a linking and matching procedure would result in a survey of every person registered in both registers. Further control actions and investigations would then have this list as a basis. Retrospective control could also be of a more sophisticated nature. Within the Norwegian Customs and Excise, for example, statistical material is used to select cases that are to be the object of control for the declarations of goods.

    When it comes to the control of the computerized operations on the factual basis, it is not possible to identify any trend in the direction of advance or retrospective control. Within systems development and programming, it is rather unthinkable that any responsible body or person would argue in favour of correcting mistakes after the computer system has been put into operation, rather than testing it before completion. On the contrary, the ideal would be to detect and correct errors as early as possible, because this would lead to much lower costs than corrections made late in the system development work, especially after the realisation of the system is started. However, an ideal is one thing, whereas reality is another. In practise, it would often be difficult - if not impossible - to test every path through a complex computer system. Even if a comprehensive testing programme is carried out, it is likely that several parts of the routines and operations were not checked before the system was made operative. My own findings from 1989 may give an indication of the problems. Here obvious errors existed in computer systems which had been in operation for two years 5. On the other hand, I have never come across any routine which is directed towards detecting and reporting mistakes in operative systems. In contrast to what seems to be the case with the control of the factual basis of decisions, no trend towards retrospective control may be detected - one may even question if there is any active retrospective control with the computerized operations at all.

    If we take on the perspective of the citizen, it is an obvious advantage if the importance of advance control is emphasised, both with the factual basis of decisions and with the operations on these facts. The control with the factual basis directly concerns the citizen's participation in the decision-making process. A weak advance control would encourage attempts to fool the computer system and thereby commit criminal actions (tax evasion, social insurance fraud). Such a control strategy could be compared with self-service stores and unmanned trams, which tempt fractions of the population into cheating. A retrospective control strategy could, in other words, have a criminal stimulating effect rather than a preventive one.

    The control strategy in relation to computerized operations should also stress the importance of advance testing. Here, the challenge is first and foremost to prepare for this ideal to be followed. One of several measures should be to involve legal experts in parts of the system development work, in order to check the legal content before realisation of the system. However, in addition to emphasising the importance of advance control, it is necessary to secure routines for a certain retrospective control. The reason is simply that it is not realistic to act as though errors never occur.

    In my view, decision-making authorities should make sure that there is a certain proportionality between advance and retrospective control. The fact that increased retrospective control is chosen as a strategy may show that there is an uncovered need for advance control 6. A rise in the activity within one of the two control strategies should lead to a consideration of the other strategy. Furthermore, grounds should be given for a changed proportionality between the two strategies.



    4 Proportionality between control in favour and in disfavour of individuals

    The new control measures that information technology has made possible have been put into operation in a period where cuts to government budgets have been a major political objective 7. Thus the control techniques have to a large extent been employed in order to reach results that would reduce government spending or increase government income. Altered control strategies may reduce administrative budgets, i.e. administrative expenses are cut down. However, a shift of control strategies which allows a reduction of the staff, for example, could lead to control measures which are less suitable for supporting the needs and interests of the individual citizen (for example; from advance control to retrospective control). Changed control strategies may also give savings and increased income within the budgets of the different schemes and government arrangements (social insurance, customs and excise, tax, unemployment benefits etc.). On the other hand, to the extent that under-consumption of benefits is revealed, control may also lead to higher government spending.

    According to basic principles in Norwegian administrative law, decision-making bodies have a duty to investigate all aspects of individual cases in order to establish a sufficient basis for decisions. The objective is of course to decide individual cases in accordance with legislation and the rule of law principle. In its effort to determine a correct and adequate factual basis for decisions in individual cases, the administrative body has a duty to chose an objective approach, i.e. it is not allowed to pursue the interests of one of the parties involved one-sidedly. In cases were government administration must be regarded as a party, this principle implies that the decision-making body also must take on the task to advocate the interest of the "counter-party"; the citizen. Such a balanced approach to handling cases should be seen as one of the pillars on which peoples' confidence rests in public administration. Certainly, a citizen who is a party in an individual case may have an obligation established by law to contribute to the clarification of the case. Notwithstanding this obligation, such a duty for the party to investigate does not displace the basic principle.

    In my view, one of the major elements of the horror scenarios of "the control society" is linked to a violation of the mentioned principle of the decision-makers' objective approach. In other words, government and other decision-making bodies should not use modern technology in order to one-sidedly pursue "their own" or "the community's" interests while neglecting the needs of the individuals. If non-objective motives drive the control initiatives, control will easily be seen as something negative for the citizens. For example, a lack of proportionality is created if the social insurance agency only employs control technologies in order to catch social insurance fraud, while at the same time ignoring an under-consumption of social insurance benefits. Such a technology use may leave a picture of a decision-making body occupied with rule of law only as long as it serves its own interests (budgets), but much less if expenses increase because rights and welfare are supported in a better way.

    In my opinion, many "negative" control measures will gain support in the population as long as the control is carried out fairly. There is, I believe, a strong consensus about using information technology to reveal criminal actions. On the other hand, the boundary between criminal actions worthy of penalty and excusable unlawful actions is hard to draw. In particular, it may be difficult to find support in the population for control measures which strictly follow legislation rather than the opinion of "man in the street". Control actions may in this way strike "honest and respectable citizens" who have been unlucky enough to make "a small mistake". If a strict enforcement of the law is combined with a one-sided emphasis to "catch people", instead of assisting them, it could give rise to negative attitudes so that government control measures which normally would have been accepted and supported by the population, will be rejected.

    I have mentioned the principle of objective investigation of individual cases by government decision-making bodies. This principle is not stringent enough to serve as a basis for a clear definition of the "right" balance between "negative" and "positive" control measures. However, in my view, there are strong reasons to discuss to what extent a parallel principle should be applied on the general level of designing control strategies. Thus, in my opinion, there are good arguments in favour of securing a proportionality between control measures directed towards revealing criminal actions and control measures directed towards assisting people is receiving enough benefits and/or not paying too much tax. An increase of control to stop misuse of social benefits should therefore lead to considerations of whether or not there is a need to strengthen the fight against under-consumption of benefits. Control technology should, in order words, be applied in the perspective that "legal losses" are unacceptable no matter which interests are violated.



    5 Proportionality between control directed towards the decision-making body itself and control directed towards others

    Above, under point 3 of this article, I briefly sketched a changed division of work between the decision-making bodies, individual citizens who are parties to the case, and third parties which collect and forward information about the citizen. Changed control routines imply a novel distribution of tasks related to case-processing. In important parts of Norwegian government administration, the individuals who are parties to the case as well as third parties have been honoured as the major contributors in establishing the factual bases of decisions in individual cases. If one combines this situation with the principle that decision-making bodies should be mainly responsible for establishing a sufficient factual basis, a symbiosis is created were the decision-making body will have to instruct, guide and control private third parties as if they constituted a part of the body itself.

    It may seem logical to pursue this need to control the work of the third parties and to increase the amount of control directed towards such external partners. However, another alternative is to increase the control of the results received by the authorities rather than control the process that generate these results. Although this last approach may be less effective than a direct interference with the processes of private organisations, it represents an alternative which to a large extent respects the integrity of these organisations. More importantly, it makes it possible to uphold a distinct boundary between decision-making bodies and other actors in the process of deciding individual cases.

    In my view, it should always be considered whether sufficiently strong grounds exist to increase control measures directed towards external participants in a decision-making process without at the same time increasing the effort of internal control measures. The shift of the work division between the decision-making body and private third parties does not automatically call for a control strategy directed towards these parties.



    6 Proportionality between control with computerized operations and control with manual operations

    Mass-administrative work in Norway is to a very large extent computerized. In certain branches of public administration, a large percentage of single-cases are decided without any officer ever seeing the case. Even in computerized public administration, however, a great number of cases are decided by a concrete judgement by an officer in charge. This is in particular the case for "hard cases", i.e. cases which are classified and coded as difficult by a person, by the computer system or as result of random sampling. Furthermore, the high degree of automation is to a large extent due to the changed division of work between the decision-making bodies and third parties. This implies that the public computerized routines are based on manual work carried out in the organisations of these third parties, namely their collection and evaluation of case-relevant facts. Thus, when control measures directed towards computerized versus manual routines are considered, it is important to see that this question comprises more than the decision-making body itself. Notwithstanding this, the contributing third parties also have computer systems which are interconnected with the decision-making in public administration and which therefor are candidates for control.

    One may choose to discuss if it is the computerized or manual parts of the total case-processing process which provides the greatest amount of errors. If, for example investigations show high error rates for manual operations, it is tempting to generalise and put extra effort in ensuring the quality of manual work. On the other hand, one may argue that it is more cost-effective to control and improve computerized routines, because then one only has to control a rather small group of participants in the project organisation. In comparison, it will probably be much more difficult to control the manual work of thousands of officers in charge who are scattered around the whole country. A discussion of "which is worst?" could also contain assumptions of errors created by manual handling of cases as worse, because there will often be no pattern which helps to trace the mistakes and to facilitate correction (as opposed to machines, people are inconsistent even when they make mistakes!). On the other hand, errors from computerized mass-administration could be regarded as mistakes which effectively are scattered everywhere within seconds and which may multiply themselves exponentially through interconnection with various computer information systems.

    It is not very fruitful to discuss whether computers or persons represent the greatest problem for high quality decisions. Manual and computerized work are highly integrated and should be seen as part of the same problem. With the degree of automatization found in Norwegian mass-administration, a choice in emphasising computerized work, for example, could lead to control first and foremost directed toward the decision-making body's operations on case-relevant facts. However, with such a strategy, the determination of these facts would not be given special attention. Since the stipulation of factual bases and the manipulation of this information in computer programmes must be seen as phases in one process, a control strategy for this process should comprise manual and computerized parts on equal terms. Thus, when changing the proportionality between control of manual and control of computerized routines, specific grounds should be presented.



    7 Limits for control?

    In a commentary to The Norwegian Personal Data Registers Act, then chairman of the Data Inspectorate, professor Knut S. Selmer, states that:

    On the basis of this statement, one may ask: How powerful should Data Inspectorate be? The future role of the Norwegian Data Inspectorate is currently under debate in connection with a revision of The Personal Data Registers Act within the framework of EU's directive on data. One of the core questions addressed is the organisational placement of the Data Inspectorate, its powers and degree of independence from the government. Another question pertains to a required balance between discretionary power of the Inspectorate, on the one hand and clear and detailed rules governing the area on the other hand. Although there are arguments pointing towards an Inspectorate with a high degree of autonomy in relation to the government, it is obvious that the Data Inspectorate should not develop into some kind of "super-authority" with the power to stop government inititatives on a widely discretionary basis, for example because a measure is regarded to constitute excessive control. However, many people will probably agree that there is a need for more than a "barking watchdog" and that the Inspectorate thus should have powers enabling it to contribute to a constructive effort in order to avoid society driving into the ditch of "the control society". In order to succeed, the Data Inspectorate must be given legislation which authorises a certain degree of constructive intervention in order to secure a "controlling society"with an acceptable profile of total control measures. In my view, future legislation should imbed rules establishing a duty for the controllers of the processing of personal data to a) document the need for increased control and b) to document that new control measures are in proportion with regard to the following five dichotomies:

  • Guidance and control.
  • Advance and retrospective control.
  • Control in favour and in disfavour of individuals.
  • Internal control and control with external subjects.
  • Control with manual and computerized operations.

    It should be considered to empower the Data Inspectorate to decide whether or not the new control measures introduced by public administration is based on a sufficently documented need for increased control. Furthermore, the Inspectorate should decide whether or not these new control measures reflect an acceptable balance between the five dichotomies referred to above. Such authority could for instance be considered in relation to processing personal data submitted under a duty to undergo prior control by the Data Inspectorate (EU directive art. 20) and selected categories of processing comprised by the duty to notify the supervisory authority (EU directive art. 18).

    It is time that the question of "limit for control?" is addressed by the legislators in order to avoid the danger of slipping into a control and surveillance society. Control efforts which one-sidedly are directed towards revealing citizens possible criminal actions, control which leads to penalties rather than to prevention, and control which is directed towards others rather than themselves may be comprehended as initiatives which alter the relation between the controlling authority and the subjects of control. Thus, in my view, the main challenge is to utilise the control potential of information technology without major changes of important power-relationships in society. Claims for "proportional control" may and should therefore both be seen in the perspective of privacy and data protection and in the context of a political-democratic debate concerning the execution of power.



    |Hovedside] - [Bibliografi]




    Fotnoter

    1 This article is mainly based on the doctoral thesis "Rettssikkerhet og systemutvikling i offentlig forvaltning" ("Rule of law and system development in public administration"), Universitetsforlaget 1993. The main findings and results are available in English in Schartum, Dag Wiese: Dirt in the Machinery of Government? Legal Challenges Connected to Computerized Case-Processing in Public Administration, In: Bing og Torvund (red.), 25 years Anniversary Anthology, Norwegian Research Centre for Computers and Law, Tano, Oslo 1995, p 151 - 92 and International Journal of Law and Information Technology, vol. 2, p 327-54.

    2 For example, one may not be aware of how long one may live in the house of the mother of one's child before one is regarded to "living together with" this woman, and thus change the basis for her child support from the State Educational Loan Fund.

    3 You are, for example, aware of the time you may live in the house of the mother of your child before you are regarded as "living together with" this woman, but find this limit unreasonable because your contribution to the household is very limited, c.f. previous footnote.

    4 Such differences are found in an investigation presented in a thesis at the Section for Information Technology and Administrative Systems, by Even Harket.

    5 These errors did not result in any warning or message from the system, but gave apparently correct decisions.

    6 However, succeeding control should and must always be a part of the total control procedures.


    8 Knut S. Selmer in Djønne, Grønn and Hafli: "Personregisterloven", Tano 1987, p 16.