Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

III. Privacy topics

Internet and consumer privacy

E-commerce

Since July 2000, spamming has been forbidden under the Marketing Practices Act (Markedsfoeringsloven).1 Article 13 of the EU Privacy and Electronic Communications Directive2 was transposed into Danish law on 10 June 2003,3 and changed Denmark's legal data protection framework on spam. According to the directive, people who have already given their address to companies in connection with the companies' sale of products or services can now be spammed with advertisements for "similar services" ("soft opt-in"), which the Marketing Practices Act did not previously allow.4

The Danish Consumer Ombudsman has published guidelines for industry regarding spamming and Section 6 of the Marketing Practices Act. Also, the Danish Consumer Ombudsman has established email addresses where consumers can file complaints regarding spam.5

During the recent years, the Danish Maritime and Commercial court has convicted companies for spamming. Companies have been fined up to DKK2,000,000 (approx. €269,000) for sending out unsolicited advertising material.6 The size of the fine also depends on other violations of the Marketing Practices Act.7

Cybersecurity

In June 2008 the DPA published requirements and recommendations concerning transfer of personal data via the Internet in the private sector.8 According to these requirements and recommendations the DPA demands sensitive personal data and social security numbers being transferred via Web sites must be encrypted.

In May 2010, the DPA decided not to take judicial action against Google for collecting pieces of email correspondence and other electronic communications from private persons when recording photographs and Internet addresses for Google Street View. Google had informed the DPA that it did not intend to collect this data and that the company had not used this data.

Online behavioural marketing and search engine privacy

No specific information has been provided under this section.

Online social networks and virtual communities

No specific information has been provided under this section.

Online youth safety

The Danish Data Protection Agency's Web site publishes guidelines for young computer users.9 These guidelines concern (1) what young users can write on the Internet, (2) when they can publish pictures on the Internet, (3) how they can remove something from the Internet, (4) how they secure their data on the Internet and (5) what they should be aware of, when they are on the Internet.

Workplace privacy

In 2008, the Copenhagen Maritime and Commercial Court rendered a decision in a case where a store employee was subjected to approximately half an hour to 45 minutes' video surveillance by his employer from the employer's private residence.10 The surveillance was not motivated by work or safety reasons. The surveillance led to the collection of information (images) of the employee for purposes other than those the employee was aware of. According to the Court, the collection was therefore in breach of the PPD, Section 5, subsection 1 concerning good practices for the processing of data and Section 5, subsection 2 which states that data must be collected for specified, explicit and legitimate purposes. Compensation for moral damages was DKK25,000 (€3,332).

Health and genetic privacy

Medical records

The National e-Health portal is a Internet-based solution collecting and providing information on, and access to, all Danish health care services.11 By bringing the entire health care sector together on the Internet and providing integration for some of the central registers and solutions in this sector, the portal supports a common infrastructure while offering a setting for citizens and healthcare professionals to meet and efficiently exchange information. Citizens can access their personalised health page via their digital signature. Among other available citizen services are: electronic booking of appointments, access to one's own medical records, prescription renewals, and health appointment calendars.12 The portal gathers together all electronic patient records that are stored in each individual hospital. Health care professionals have easy access to the latest patient information from most hospitals and laboratories in the country while being enabled to exchange information with other professionals. Access to patients' personal data requires special security certificates.13

The Danish e-Health portal contributed to making Denmark the world leader in the area of national health care information exchange. In this respect, the country has been chosen as the testing ground for a new standardised electronic health record-keeping system.14

Genetic identification

No specific information has been provided under this section.

Financial privacy

No specific information has been provided under this section.

Footnotes

  • 1. Section 6.
  • 2. Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), 12 July 2002, Article 13, available at http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32002L0058:E....
  • 3. Law No. 450 concerning the change of Law of Competition and Consumer Regulation of the Telecommunications Market, 10 June 2003.
  • 4. According to Section 6(2) of the Marketing Practices Act, a company may send advertising via electronic mail without the customer's prior consent if the customer, has already given his electronic mail address to the company in a previous purchase transaction. According to Section 6(2), it is a pre-condition that the customer is given the option, free of charge, and in an easy manner, of declining such communication both when giving his contact details to the company and in the event of subsequent communications. This means that the costumer must express dissent to avoid getting spammed (opt out), which is a change compared to the former regulation where the costumer also under such circumstances had to positively express his wish to receive advertising material (opt in). The amendment entered into force on 25 July 2003.
  • 5. The Guidelines can be downloaded (in Danish) from www.forbrugerombudsmanden.dk and complaints can be filed at "dansk@spamklage.dk " and "int@spamklage.dk".
  • 6. See judgment of 14 March 2005 of the Danish Maritime and Commercial Court in case M-1-04. The fine of DKK2,000,000 also involved improper comments about competitors.
  • 7. Lovbekendtgørelse 2009-08-31 nr. 839 om markedsføring (Consolidated Act on Marketing Practices No. 839 of 31 August 2009).
  • 8. See http://www.datatilsynet.dk/nyheder/nyhedsarkiv/artikel/datatilsynets-kra... (in Danish).
  • 9. See http://www.datatilsynet.dk/borger/boern-og-unge/ (in Danish).
  • 10. U.2008.727/2S, Sø- og Handelsretten (Copenhagen Maritime and Commercial Court).
  • 11. Cfr. Section "E-Government & Privacy", infra.
  • 12. ePractice, eGovernment Factsheet – Denmark – National Infrastructure, supra.
  • 13. Id.
  • 14. Id.