- 23 Feb 2015
- Jens Harkov
The Legal Affairs Committee of the Danish Parliament recently issued a report on data protection, following an investigation into the possibilities of strengthening data privacy.
As a result of a high-profile case about invasion of data protection last year, the Cultural and Legal Affairs Committees of the Danish Parliament decided to set up a task force of 8 MPs to explore the possibilities of strengthening data privacy. The task force has now issued its report, setting out a number of principles and recommendations which should be considered going forward.
The report sets out a number of principles which, according to the task force, should be fundamental in terms of data protection. For instance, the responsibility for processing personal data should lie with the data controller as well as the data processor processing the data in question under a contract with the data controller. The report also mentions the issue of subject access requests, and emphasises that public authorities should only have limited access to personal data, i.e. on a need-to-know basis only.
The task force points to a number of factors which may serve to strengthen data privacy, first and foremost a strengthening of the Danish Data Protection Agency, among other things by giving higher priority to inspections. The task force also recommends investigating whether it would be possible to introduce an appeals body for the Agency's decisions. Finally, it raises the question of whether the Agency should be under the jurisdiction of the Danish Parliament instead of the Danish Ministry of Justice.
With regard to breaches of data protection, the task force takes the view that sanctions should be imposed on private companies as well as public authorities, and recommends looking into the level of fines.
Norrbom Vinding notes
- that the data protection principles set out in the report do not differ much from the principles which already follow from the Danish Data Protection Act and the administrative practice of the Danish Data Protection Agency;
- that, nevertheless, the report contains various proposals to strengthen the Agency's regulatory role and increase the level of fines; but
- that – regardless of the report – as a result of the proposed new regulation on data protection which is underway in the EU, changes will be made to the Agency's activities anyway, including a dramatically increased level of fines.