Data Protection in Denmark: Difference between revisions
m (Add Danish name for Danish Business Authority) |
(Danish titles of regulation + links to legislation) |
||
Line 22: | Line 22: | ||
==Legislation== | ==Legislation== | ||
===History=== | ===History=== | ||
The first privacy laws in Denmark came with the ''Private Registers Act'' and the ''Public Authorities' Registers Act'', both in 1978. These acts were replaced in 2000 with the national implementation of Directive EC/95/46 through the ''Act on Processing of Personal Data''. | The first privacy laws in Denmark came with the ''[https://www.retsinformation.dk/Forms/R0710.aspx?id=59244 Private Registers Act]'' (''Registerloven'') and the ''[https://www.retsinformation.dk/Forms/R0710.aspx?id=59265 Public Authorities' Registers Act]'' (''Lov om offentlige myndigheders registre''), both in 1978. These acts were replaced in 2000 with the national implementation of Directive EC/95/46 through the ''[https://www.retsinformation.dk/Forms/R0710.aspx?id=828 Act on Processing of Personal Data]'' (''Persondataloven''). | ||
===National constitutional protections=== | ===National constitutional protections=== | ||
Privacy is mentioned in the Danish constitution § 72, which prohibits the confiscation and examination of letters, as well as the interception of postal,- telegraph,- and telephone communication without a judicial order, as well as § 71 which concerns personal liberty. | Privacy is mentioned in the [https://www.retsinformation.dk/Forms/R0710.aspx?id=45902#P72 Danish constitution § 72], which prohibits the confiscation and examination of letters, as well as the interception of postal,- telegraph,- and telephone communication without a judicial order, as well as § 71 which concerns personal liberty. | ||
===National GDPR implementation law=== | ===National GDPR implementation law=== | ||
In Denmark the GDPR is implemented by the ''Databeskyttelsesloven'' (Data Protection Act). | In Denmark the GDPR is implemented by the ''[https://www.retsinformation.dk/Forms/r0710.aspx?id=201319 Databeskyttelsesloven]'' (Data Protection Act). | ||
====Age of consent==== | ====Age of consent==== | ||
Line 48: | Line 48: | ||
===National ePrivacy Law=== | ===National ePrivacy Law=== | ||
The ePrivacy Directive is implemented through | The ePrivacy Directive is implemented through [https://www.retsinformation.dk/Forms/R0900.aspx?s30=32002L0058&ctl00$MainContent$ctl02=0 several laws and execute orders], primarily the ''[https://www.retsinformation.dk/Forms/R0710.aspx?id=161319 Act on Electronic Communications Networks and Services]'' (''Lov om elektroniske kommunikationsnet og -tjenester''). The regulations regarding cookies are implemented in the ''[https://www.retsinformation.dk/Forms/R0710.aspx?id=139279 Cookie Order]'' (''Cookiebekendtgørelsen''). | ||
==Data Protection Authority== | ==Data Protection Authority== | ||
The Danish Data Protection Authority (''Datatilsynet'') is the national data protection authority for Denmark, with the notable exception in the area of CCTV, which falls under the jurisdiction of the police. The Danish Business Authority (''Erhvervsstyrelsen'') supervise cookies and telecommunication. | The Danish Data Protection Authority (''Datatilsynet'') is the national data protection authority for Denmark, with the notable exception in the area of CCTV, which falls under the jurisdiction of the police. The [https://danishbusinessauthority.dk/ Danish Business Authority] (''Erhvervsstyrelsen'') supervise cookies and telecommunication. | ||
→ Details see [[Datatilsynet (Denmark)]] | → Details see [[Datatilsynet (Denmark)]] |
Latest revision as of 17:53, 3 March 2020
Data Protection in Denmark | |
---|---|
Data Protection Authority: | Datatilsynet (Denmark) |
National Implementation Law (Original): | Databeskyttelsesloven |
English Translation of National Implementation Law: | English Translation |
Official Language(s): | Danish |
National Legislation Database(s): | Link |
English Legislation Database(s): | n/a |
National Decision Database(s): | n/a |
Legislation
History
The first privacy laws in Denmark came with the Private Registers Act (Registerloven) and the Public Authorities' Registers Act (Lov om offentlige myndigheders registre), both in 1978. These acts were replaced in 2000 with the national implementation of Directive EC/95/46 through the Act on Processing of Personal Data (Persondataloven).
National constitutional protections
Privacy is mentioned in the Danish constitution § 72, which prohibits the confiscation and examination of letters, as well as the interception of postal,- telegraph,- and telephone communication without a judicial order, as well as § 71 which concerns personal liberty.
National GDPR implementation law
In Denmark the GDPR is implemented by the Databeskyttelsesloven (Data Protection Act).
Age of consent
The age of consent is 13 years under § 6 of the Data Protection Act.
Freedom of Speech
According to § 3(8) of the Data Protection Act, the Data Protection Act as well as Chapter II-VII and IX of the GDPR does not apply to processing that is exclusively for journalistic, artistic or literary purposes, with the exception of Article 28-32, which still applies.
Employment context
Personal data may be processed under Article 6 and Article 9 for the purpose of fulfilling employment law obligations and rights of the controller or data subject as laid down by other law or collective agreements, pursuant to § 12 of the Data Protection Act. In addition, personal data may be processed by the data controller or a third party, on the basis of the legitimate interest that arises from law or collective agreements, provided that the interests or fundamental rights of the data subject is not overridden, following § 12 (2).
In an employment context, processing of personal data may take place on the basis of consent in accordance with Article 7.
Research
According to § 10 of the Data Protection Act, special categories of data may be processed for the sole reason of statistical and scientific purposes. There are further restrictions to secure purpose limitation, as well as restricting disclosure to other parties.
Other relevant national provisions and laws
CCTV is regulated by a specific act (in DK) concerning the use of CCTV. The act concerns private individuals, but does not cover the use of CCTV by the government. As such, the use of CCTV by the government falls under the purview of the GDPR. Another notable side with the CCTV act is that it is under the jurisdiction of the police, and not the danish Data Protection Authority.
National ePrivacy Law
The ePrivacy Directive is implemented through several laws and execute orders, primarily the Act on Electronic Communications Networks and Services (Lov om elektroniske kommunikationsnet og -tjenester). The regulations regarding cookies are implemented in the Cookie Order (Cookiebekendtgørelsen).
Data Protection Authority
The Danish Data Protection Authority (Datatilsynet) is the national data protection authority for Denmark, with the notable exception in the area of CCTV, which falls under the jurisdiction of the police. The Danish Business Authority (Erhvervsstyrelsen) supervise cookies and telecommunication.
→ Details see Datatilsynet (Denmark)
Judicial protection
The Courts
The judicial system of Denmark is composed of a mostly unified, three-tiered court system, with the County Court in the first instance, the High Court in second instance, and the Supreme Court in the third and last instance.
As the administrative does not issue fines in Denmark, breaches under the GDPR are sent to the police with a suggested fine. The prosecution will then build a case against the defendant, and the proceedings will be decided by the courts under the general rules of criminal procedures pursuant to the Danish Administration of Justice Act. Estonia is the only other country where the fines are issued by the courts and not by the Data Protection Authority.