No More Posts Available.

No more pages to load.

    • Source: Privacy law in Denmark
    • Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet (The Danish Data Protection Agency) based mainly upon the Act on Processing of Personal Data.


      History of Danish Privacy Law


      Privacy law in Denmark was originally determined by 2 acts: the Private Registers Act of 1978, and the Public Authorities’ Registers Act of 1978, which governed the private sector and the public sector respectively. These 2 acts were replaced by the Act on Processing of Personal Data July 1, 2000, thereby implementing the European Union's Data Protection Directive (1995/46/EC). The Danish constitution also mentions privacy, in the form of paragraph 72 that stipulates that the confiscation and examination of letters and other papers; as well the interception of postal-, telegraph- and telephone communication cannot be done without a judicial order. September 28, 2006 The declaration of providers of electronic communication networks and electronic communication services registration and storage of information regarding teletraffic (Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik) was publicised, thereby implementing the European Union's Data Retention Directive (2006/24/EC), on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC”.


      The Main Acts


      In Danish privacy law, there are several acts that provides the basis for the collecting and storing private data. These are the Act on Processing of Personal Data and the Data Retention Executive Order.


      = Act on Processing of Personal Data

      =
      The Act on Processing of Personal Data is the main law regarding when and how personal data can be processed, in an electronic system, as well as manual handling of the data, when it is contained in a register. The act applies to all private companies, associations, organisations and to the public authorities. In the private sector, the law also applies to systematic processing of personal data, even if it does not happen electronically.
      The act differentiates between 3 different kinds of personal data, as they have to be treated differently, depending on the sensitivity of the data:

      Sensitive information
      Information regarding other purely private conditions
      Ordinary non-sensitive information
      The different kinds of personal data have different requirements for when they can be requested from a citizen, as to avoid that too much unnecessary sensitive data will be given to organisations that does not need them.
      The act also gives the citizens a series of rights, designed to help give more control of what information is being stored about him or her:

      Right to insight into the information, that is being handled about the citizen
      Right to be informed that information is being collected about the citizen
      Right to have incorrect information deleted or corrected


      = The Data Retention Executive Order

      =
      The Danish Surveillance law is the ratification of the European Union's Directive 2006/24/EC, which requires all providers of communication like telephones and internet to log certain data regarding the communication through their systems.
      §4 of the law require phone companies to log:

      The caller's phone number (A-number) as well as the name and address of the subscriber or registered user
      The called phone number (B-number) as well as the name and address of the subscriber or registered user
      The redirected phone number (C-number) as well as the name and address of the subscriber or registered user
      The receipt for receiving a message
      The identity of the used communications equipment (IMSI- and IMEI-numbers)
      The cell or cells a mobile phone was connected to by the communications start and end, and the exact geographical or physical location of the used cell masts used during the time of the communication
      The exact time of the start and end of the communication
      The time of the first activation of anonymous services (Prepaid mobile phones)
      §5 of the law require Internet Service Providers to log the following information about the initiating and the terminating packets:

      The senders IP-address
      The receivers IP-address
      The transport protocol used
      The senders port number
      The receivers port number
      The exact time of the start and end of the communication
      §5 section 2 of the law require Providers of Internet access to end users to log the following information about user:

      The allocated user identity
      The user identity and the phone number that have been allocated communications, which is a part of a public communicationsnetwork
      The name and address of the subscriber or registered user, to whom an IP-address, a user identity or a phone number was allocated at the time of the communication
      The exact time of the start and end of the communication
      The European Union's Directive 2006/24/EC do not require the member counties to record and store all of these items, but the Danish government decided to expand upon the European directive, to include collection of more data. This led to a drop in Denmark's Privacy index of 0.5, from 2.5 to 2.0


      The Data Protection Agency


      The Data Protection Agency is the central independent authority that makes sure the Act on Processing of Personal Data is obeyed in Denmark. Amongst other things it provides counselling, advice, treat complaints and perform inspections of authorities and companies. It comprises The Data Council and a secretariat.
      Anyone can complain to The Data Protection Agency if they feel Act on Processing of Personal Data is not obeyed in Denmark, The Agency will then launch a formal investigation into the matter and if required, it can issue fines and/or injunctions. It is possible to appeal the decisions of The Agency to a Danish court of law


      = The Data Council

      =
      The Data Council is composed of a chairperson and six board members. Its main task is to evaluate and make rulings:

      Of a principal nature
      Of significant common interest or with significant consequences for a public authority or private company
      That due to special circumstances should be decided by the council
      That a council member wish to discuss during a council meeting
      The current chairperson and 6 board members are:

      Chairperson, High Court Judge Henrik Waaben
      Lawyer Janne Glæsel
      Professor, dr. jur. Peter Blume
      CEO of the Danish Consumer Council Rasmus Kjeldahl
      Manager of concern IT-Security Kim Aarenstrup
      City manager Niels Johannesen
      Chief physician Hans Henrik Storm


      Important Cases




      = The Preben Randløv case

      =
      The goldsmith Preben Randløv was robbed February 8. 2008 where the robber not only got away with approximately 1.3 million DKR (€173,333) worth of jewelry, but also assaulted 2 employees, including Preben Randløv's wife. He then proceeded to upload a video from his shop surveillance camera of the masked robber, and issued a 25,000 DKR (€3,333) reward for any information that would lead to the arrest of the robber. The Data Protection Agency decided to initiate an administrative proceeding against Preben Randløv as he had not “asked the robber to consent” to the uploading of the video, and he was fined by 10,000 DKR (€1,333) by the police, as only the police have the authority to release videos of this nature. The video did lead to an arrest of 2 individuals who claimed they had bought the jewelry, but neither of them were convicted for the robbery.
      In October 2008, another one of Preben Randløv stores was robbed, and he told reporters during an interview, that he would upload a video of the new robbery as well.


      = The Shell case

      =
      In March 2009 it was discovered a Shell petrol station had a wall with pictures of petrol thieves in the shop of the petrol station. The Data Protection Agency decided to prosecute them because it was not legal according to the Act on Processing of Personal Data.


      Privacy Problems in Denmark


      According to Privacy International’s study: Leading surveillance societies in the EU and the World 2007, the main concerns in Denmark regarding privacy is the following:

      Constitutional right to privacy depends on section 71 on personal liberty and section 72 on search and seizure
      Comprehensive privacy law, and exempts security and defence services
      Data privacy authority is appointed by the minister of justice, and the ministry is also responsible for the budget
      Data privacy authority may enter any premise without a court order to investigate under the privacy law
      Extensive interception of communications; and use of bugs on computers to monitor activity and keystrokes; and plans are in place to minimise notification
      Police require a list of all active mobile phones near the scene of a crime
      DNA samples may be required from applicants for residency based on family ties
      Implemented retention of communications data well before EU mandate, for one year
      Police took the DNA of 300 youth protestors in 2007
      Implementing air travel surveillance program
      Parliament is over-keen to implement surveillance programs
      Ratified Cybercrime convention
      These issues have cause Denmark to receive a very low rating on their Privacy index, a 2.0 (Extensive surveillance societies) compared to a 2.5 in 2006 (Systemic failure to uphold safeguards). This places Denmark on a 34th place of the 45 included counties in the study (although United States and United Kingdom are placed on 40th and 43rd place respectively, with scores of 1.5 and 1.4)


      References




      External links


      Datatilsynet
      PI
      Danmarks Riges Grundlov

    Kata Kunci Pencarian: