Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet (The Danish Data Protection Agency) based mainly upon the Act on Processing of Personal Data.
Privacy law in Denmark was originally determined by 2 acts: the Private Registers Act of 1978, and the Public Authorities’ Registers Act of 1978, which governed the private sector and the public sector respectively. These 2 acts were replaced by the Act on Processing of Personal Data July 1, 2000, thereby implementing the European Union's Data Protection Directive (1995/46/EC). The Danish constitution also mentions privacy, in the form of paragraph 72 that stipulates that the confiscation and examination of letters and other papers; as well the interception of postal-, telegraph- and telephone communication cannot be done without a judicial order. September 28, 2006 The declaration of providers of electronic communication networks and electronic communication services registration and storage of information regarding teletraffic (Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik) was publicised, thereby implementing the European Union's Data Retention Directive (2006/24/EC), on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC”.
In Danish privacy law, there are several acts that provides the basis for the collecting and storing private data. These are the Act on Processing of Personal Data and the Data Retention Executive Order.
The Act on Processing of Personal Data is the main law regarding when and how personal data can be processed, in an electronic system, as well as manual handling of the data, when it is contained in a register. The act applies to all private companies, associations, organisations and to the public authorities. In the private sector, the law also applies to systematic processing of personal data, even if it does not happen electronically. The act differentiates between 3 different kinds of personal data, as they have to be treated differently, depending on the sensitivity of the data:
The different kinds of personal data have different requirements for when they can be requested from a citizen, as to avoid that too much unnecessary sensitive data will be given to organisations that does not need them. The act also gives the citizens a series of rights, designed to help give more control of what information is being stored about him or her:
The Danish Surveillance law is the ratification of the European Union's Directive 2006/24/EC, which requires all providers of communication like telephones and internet to log certain data regarding the communication through their systems. §4 of the law require phone companies to log:
§5 of the law require Internet Service Providers to log the following information about the initiating and the terminating packets:
§5 section 2 of the law require Providers of Internet access to end users to log the following information about user:
The European Union's Directive 2006/24/EC do not require the member counties to record and store all of these items, but the Danish government decided to expand upon the European directive, to include collection of more data. This led to a drop in Denmark's Privacy index of 0.5, from 2.5 to 2.0
The Data Protection Agency is the central independent authority that makes sure the Act on Processing of Personal Data is obeyed in Denmark. Amongst other things it provides counselling, advice, treat complaints and perform inspections of authorities and companies. It comprises The Data Council and a secretariat. Anyone can complain to The Data Protection Agency if they feel Act on Processing of Personal Data is not obeyed in Denmark, The Agency will then launch a formal investigation into the matter and if required, it can issue fines and/or injunctions. It is possible to appeal the decisions of The Agency to a Danish court of law
The Data Council is composed of a chairperson and six board members. Its main task is to evaluate and make rulings:
The current chairperson and 6 board members are:
The goldsmith Preben Randløv was robbed February 8. 2008 where the robber not only got away with approximately 1.3 million DKR (€173,333) worth of jewelry, but also assaulted 2 employees, including Preben Randløv's wife. He then proceeded to upload a video from his shop surveillance camera of the masked robber, and issued a 25,000 DKR (€3,333) reward for any information that would lead to the arrest of the robber. The Data Protection Agency decided to initiate an administrative proceeding against Preben Randløv as he had not “asked the robber to consent” to the uploading of the video, and he was fined by 10,000 DKR (€1,333) by the police, as only the police have the authority to release videos of this nature. The video did lead to an arrest of 2 individuals who claimed they had bought the jewelry, but neither of them were convicted for the robbery. In October 2008, another one of Preben Randløv stores was robbed, and he told reporters during an interview, that he would upload a video of the new robbery as well.
In March 2009 it was discovered a Shell petrol station had a wall with pictures of petrol thieves in the shop of the petrol station. The Data Protection Agency decided to prosecute them because it was not legal according to the Act on Processing of Personal Data.
According to Privacy International’s study: Leading surveillance societies in the EU and the World 2007, the main concerns in Denmark regarding privacy is the following:
These issues have cause Denmark to receive a very low rating on their Privacy index, a 2.0 (Extensive surveillance societies) compared to a 2.5 in 2006 (Systemic failure to uphold safeguards). This places Denmark on a 34th place of the 45 included counties in the study (although United States and United Kingdom are placed on 40th and 43rd place respectively, with scores of 1.5 and 1.4)
((cite web)): CS1 maint: archived copy as title (link)=x-347-559545
((cite web)): CS1 maint: archived copy as title (link)
((cite web)): CS1 maint: archived copy as title (link)=x-347-559597