This is the sixth article in our series covering cyber laws of various countries. While the previous article presented an overview of cyber crime and laws in Russia, this article focuses on Denmark. Denmark is a Nordic country which ranks 10th in the Human Development Index (HDI). Denmark has been ranked the most digitised country in the European Union (EU) for two consecutive years. The country was also adjudged to be the most digitised country globally in 2018 as per the International Digital Economy and Society Index. In 2020, it was ranked 3rd among the EU member states by the Digital Economy and Security Index.
Denmark has a population of 5.83 million, as estimated in 2020, out of which 5.54 million are active internet users. This number has seen a rise of 230,000 since 2018. It is further expected to rise to a high of 5.73 million by 2024. Factors such as a technologically proficient population, wide-ranging digitisation of public services, and businesses implementing new technology at a fast pace have led Denmark to be labelled as one of the most digital countries across the world. In 2018, Denmark was 2nd among the Nordic countries with 4.1 million social media users. A survey found Facebook to be the most used social media site by the residents. Approximately 77% of women and 68% of men use Facebook daily in Denmark.
Cyber Laws in Denmark
1. Denmark’s Constitution (1953)
The Constitution of Denmark, 1953, under Section 72, safeguards the right to privacy. Under this section, no breach of privacy can occur in postal, telegraph, and telephone matters, except by court order, or if authorised by a statute.
2. EU General Data Protection Regulation (GDPR)
The General Data Protection Regulation, commonly known as GDPR, is a European Union law. It is directly applicable in Denmark since it is a Member State of the EU. The Danish Government had enacted the Danish Act on Data Protection, 2018 to implement the GDPR, which repealed the earlier Danish Act on Processing of Personal Data, 2000. However, this Data Protection Act is not applicable in Greenland and the Faroe Islands. The definitions given under the GDPR and the 2018 Act are in agreement with each other.
GDPR defines personal data under Article 4(1) as any information that helps identify an individual, such as name, location details, physical, economic, cultural factors, etc. The individual to whom the data pertains is known as the data subject. Article 4(2) defines processing as performing any operation on the data, such as storing, collecting, organising, recording, etc.
Principles for processing personal data
Article 5 lays down certain principles for the processing of personal data:
- Lawfulness, transparency, and fairness in processing personal data.
- The organisation should only use personal data for the intended use.
- The organisation should only collect relevant and necessary data.
- Data has to be accurate at all times.
- The organisation should securely store data.
- Processing shall ensure confidentiality and integrity
When an organisation collects personal data from a data subject, they should disclose the following information (Article 13):
- Information about the data controller
- Data Protection Officer (DPO) details
- Purpose and legal basis for processing
- Recipients of data
- Time duration for which the controller will store data
- Rights of a data subject
- Restriction on processing of personal data
However, these requirements are not applicable if public interest exceeds the data subject’s interest.
Rights of a data subject
Under GDPR, a data subject has the following rights:
- Right to access (Article 15)
- Right to rectify (Article 16)
- Right to erasure (Article 17)
- Right to restrict processing (Article 18)
- Right to data portability (Article 20)
- Right to object (Article 21)
3. The Danish Criminal Code
The Danish Criminal Code or the Danish Penal Code contains the following provisions related to cyber crimes:
- Anybody who unlawfully disturbs public mail services, publicly used telegraph and telephone services, radio/television installations, and information systems will be imprisoned for a maximum of six years or shall pay a fine. (Section 193)
- Anyone found selling obscene pictures or objects to a person below 16 years shall be liable to a fine. (Section 234)
- Dissemination of obscene photographs, films, other visual reproductions to individuals below 18 years of age shall attract imprisonment of 2 years or a fine. In aggravating circumstances, where a child’s life is endangered or is seriously harmed, or gross violence is used, the imprisonment shall increase to 6 years. (Section 235)
- Unlawful access to information that is meant to be used for data processing shall be punishable with imprisonment of up to 1.5 years or a fine. (Section 263)
Denmark has maintained its position of being one of the most digitised countries for the last few years. Besides, the implementation of the GDPR has proved to be beneficial for the country. If Denmark continues to implement the above-mentioned laws efficaciously and introduces new provisions as per the changing requirements, it can control the ever-increasing rate of cyber crimes. Individuals can report cyber-related sex crimes and crimes against digital devices in Denmark here.
To contribute to our blog and knowledge base, write to us at firstname.lastname@example.org and elaborate on how you can help create a safer cyber space.