Privacy law in Denmark is supervised and enforced by the independent agency Datatilsynet (The Danish Data Protection Agency) based mainly upon the Act on Processing of Personal Data. [1]
Privacy law in Denmark was originally determined by 2 acts: the Private Registers Act of 1978, and the Public Authorities’ Registers Act of 1978, which governed the private sector and the public sector respectively. These 2 acts were replaced by the Act on Processing of Personal Data July 1, 2000, thereby implementing the European Union’s Data Protection Directive (1995/46/EC). The Danish constitution also mentions privacy, in the form of paragraph 72 that stipulates that the confiscation and examination of letters and other papers; as well the interception of postal-, telegraph- and telephone communication cannot be done without a judicial order. [2] September 28, 2006 The declaration of providers of electronic communication networks and electronic communication services registration and storage of information regarding teletraffic (Bekendtgørelse om udbydere af elektroniske kommunikationsnets og elektroniske kommunikationstjenesters registrering og opbevaring af oplysninger om teletrafik) was publicised, thereby implementing the European Union’s Data Retention Directive (2006/24/EC), on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC”. [3]
In Danish privacy law, there are several acts that provides the basis for the collecting and storing private data. These are the Act on Processing of Personal Data and the Data Retention Executive Order.
The Act on Processing of Personal Data is the main law regarding when and how personal data can be processed, in an electronic system, as well as manual handling of the data, when it is contained in a register. The act applies to all private companies, associations, organisations and to the public authorities. In the private sector, the law also applies to systematic processing of personal data, even if it does not happen electronically. [4] The act differentiates between 3 different kinds of personal data, as they have to be treated differently, depending on the sensitivity of the data:
The different kinds of personal data have different requirements for when they can be requested from a citizen, as to avoid that too much unnecessary sensitive data will be given to organisations that does not need them. The act also gives the citizens a series of rights, designed to help give more control of what information is being stored about him or her:
The Danish Surveillance law is the ratification of the European Union’s Directive 2006/24/EC, which requires all providers of communication like telephones and internet to log certain data regarding the communication through their systems. [5] §4 of the law require phone companies to log:
§5 of the law require Internet Service Providers to log the following information about the initiating and the terminating packets:
§5 section 2 of the law require Providers of Internet access to end users to log the following information about user:
The European Union’s Directive 2006/24/EC do not require the member counties to record and store all of these items, [6] but the Danish government decided to expand upon the European directive, to include collection of more data. This led to a drop in Denmark’s Privacy index of 0.5, from 2.5 to 2.0 [7] [8]
The Data Protection Agency is the central independent authority that makes sure the Act on Processing of Personal Data is obeyed in Denmark. Amongst other things it provides counselling, advice, treat complaints and perform inspections of authorities and companies. It comprises The Data Council and a secretariat. Anyone can complain to The Data Protection Agency if they feel Act on Processing of Personal Data is not obeyed in Denmark, The Agency will then launch a formal investigation into the matter and if required, it can issue fines and/or injunctions. It is possible to appeal the decisions of The Agency to a Danish court of law
The Data Council is composed of a chairperson and six board members. Its main task is to evaluate and make rulings:
The current chairperson and 6 board members are:
The goldsmith Preben Randløv was robbed February 8. 2008 where the robber not only got away with approximately 1.3 million DKR (€173,333) worth of jewelry, but also assaulted 2 employees, including Preben Randløv's wife. He then proceeded to upload a video from his shop surveillance camera of the masked robber, and issued a 25,000 DKR (€3,333) reward for any information that would lead to the arrest of the robber. The Data Protection Agency decided to initiate an administrative proceeding against Preben Randløv as he had not “asked the robber to consent” to the uploading of the video, and he was fined by 10,000 DKR (€1,333) by the police, as only the police have the authority to release videos of this nature. The video did lead to an arrest of 2 individuals who claimed they had bought the jewelry, but neither of them were convicted for the robbery. In October 2008, another one of Preben Randløv stores was robbed, and he told reporters during an interview, that he would upload a video of the new robbery as well. [9]
In March 2009 it was discovered a Shell petrol station had a wall with pictures of petrol thieves in the shop of the petrol station. The Data Protection Agency decided to prosecute them because it was not legal according to the Act on Processing of Personal Data. [10]
According to Privacy International’s study: Leading surveillance societies in the EU and the World 2007, the main concerns in Denmark regarding privacy is the following:
These issues have cause Denmark to receive a very low rating on their Privacy index, a 2.0 (Extensive surveillance societies) compared to a 2.5 in 2006 (Systemic failure to uphold safeguards). This places Denmark on a 34th place of the 45 included counties in the study (although United States and United Kingdom are placed on 40th and 43rd place respectively, with scores of 1.5 and 1.4)
Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, and the legal and political issues surrounding them. It is also known as data privacy or data protection.
The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Protection Directive is an important component of EU privacy and human rights law.
Mass surveillance is the intricate surveillance of an entire or a substantial fraction of a population in order to monitor that group of citizens. The surveillance is often carried out by local and federal governments or governmental organisations, such as organizations like the NSA and the FBI, but it may also be carried out by corporations. Depending on each nation's laws and judicial systems, the legality of and the permission required to engage in mass surveillance varies. It is the single most indicative distinguishing trait of totalitarian regimes. It is also often distinguished from targeted surveillance.
A pen register, or dialed number recorder (DNR), is an electronic device that records all numbers called from a particular telephone line. The term has come to include any device or program that performs similar functions to an original pen register, including programs monitoring Internet communications.
The Data Protection Act 1998 was a United Kingdom Act of Parliament designed to protect personal data stored on computers or in an organised paper filing system. It enacted the EU Data Protection Directive 1995's provisions on the protection, processing and movement of data.
The Information Commissioner's Office (ICO) is a non-departmental public body which reports directly to the Parliament of the United Kingdom and is sponsored by the Department for Digital, Culture, Media and Sport (DCMS). It is the independent regulatory office dealing with the Data Protection Act 2018 and the General Data Protection Regulation, the Privacy and Electronic Communications Regulations 2003 across the UK; and the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in England, Wales and Northern Ireland and, to a limited extent, in Scotland.
The Electronic Communications Privacy Act of 1986 (ECPA) was enacted by the United States Congress to extend restrictions on government wire taps of telephone calls to include transmissions of electronic data by computer, added new provisions prohibiting access to stored electronic communications, i.e., the Stored Communications Act, and added so-called pen trap provisions that permit the tracing of telephone communications . ECPA was an amendment to Title III of the Omnibus Crime Control and Safe Streets Act of 1968, which was primarily designed to prevent unauthorized government access to private electronic communications. The ECPA has been amended by the Communications Assistance for Law Enforcement Act (CALEA) of 1994, the USA PATRIOT Act (2001), the USA PATRIOT reauthorization acts (2006), and the FISA Amendments Act (2008).
Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations.
Personal data, also known as personal information or personally identifiable information (PII) is any information relating to an identifiable person.
Information privacy, data privacy or data protection laws provide a legal framework on how to obtain, use and store data of natural persons. The various laws around the world describe the rights of natural persons to control who is using its data. This includes usually the right to get details on which data is stored, for what purpose and to request the deletion in case the purpose is not given anymore.
Data retention defines the policies of persistent data and records management for meeting legal and business data archival requirements. Although sometimes interchangeable, it is not to be confused with the Data Protection Act 1998.
Privacy law refers to the laws that deal with the regulation, storing, and using of personally identifiable information, personal healthcare information, and financial information of individuals, which can be collected by governments, public or private organisations, or other individuals. It also applies in the commercial sector to things like trade secrets and the liability that directors, officers, and employees have when handing sensitive information.
Privacy and Electronic Communications Directive 2002/58/EC on Privacy and Electronic Communications, otherwise known as ePrivacy Directive (ePD), is an EU directive on data protection and privacy in the digital age. It presents a continuation of earlier efforts, most directly the Data Protection Directive. It deals with the regulation of a number of important issues such as confidentiality of information, treatment of traffic data, spam and cookies. This Directive has been amended by Directive 2009/136, which introduces several changes, especially in what concerns cookies, that are now subject to prior consent.
Workplace privacy is related with various ways of accessing, controlling, and monitoring employees' information in a working environment. Employees typically must relinquish some of their privacy while in the workplace, but how much they must do so can be a contentious issue. The debate rages on as to whether it is moral, ethical and legal for employers to monitor the actions of their employees. Employers believe that monitoring is necessary both to discourage illicit activity and to limit liability. With this problem of monitoring employees, many are experiencing a negative effect on emotional and physical stress including fatigue, lowered employee morale and lack of motivation within the workplace. Employers might choose to monitor employee activities using surveillance cameras, or may wish to record employees activities while using company-owned computers or telephones. Courts are finding that disputes between workplace privacy and freedom are being complicated with the advancement of technology as traditional rules that govern areas of privacy law are debatable and becoming less important.
The Data Retention Directive was passed on 15 March 2006 and regulated data retention, where data has been generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks. It amended the Directive on Privacy and Electronic Communications. According to the Data Retention Directive, EU member states had to store citizens' telecommunications data for a minimum of six months and at most twenty-four months.
The Spanish Data Protection Agency is an independent agency of the government of Spain which oversees the compliance with the legal provisions on the protection of personal data. The agency is headquartered in the city of Madrid and it extends its authority to the whole country.
There are across the world several National data protection authorities, which are authorities tasked with information privacy. In the European Union and the EFTA member countries their status was formalized by the Data Protection Directive and they were involved in the Madrid Resolution.
The Telecommunications Amendment Act 2015 is an Australian law that amends the Telecommunications Act 1979 and the Telecommunications Act 1997 to introduce a statutory obligation for Australian telecommunication service providers to retain, for a period of two years, particular types of telecommunications data (metadata) and introduces certain reforms to the regimes applying to the access of stored communications and telecommunications data under the TIA Act.
The ePrivacy Regulation (ePR) is a proposal for the regulation of various privacy-related topics, mostly in relation to electronic communications within the European Union. Its full name is "Regulation of the European Parliament and of the Council concerning the respect for private life and the protection of personal data in electronic communications and repealing Directive 2002/58/EC ." It would repeal the Privacy and Electronic Communications Directive 2002 and would be lex specialis to the General Data Protection Regulation. It would particularise and complement the latter in respect of privacy-related topics. Key fields of the proposed regulation are the confidentiality of communications, privacy controls through electronic consent and Browsers, and cookies.
{{Use American English|date = March 2019}