The Right to Be Forgotten in Denmark

Abstract

The General Data Protection Regulation (hereinafter the GDPR) and the Danish Data Protection Act (hereinafter the DDPA) has been effective since 25 May 2018 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), see: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=ENG. The Danish Data Projection Act is available in English at https://www.datatilsynet.dk/media/6894/danish-data-protection-act.pdf.). However, the interpretation of the regulation still raises questions in Denmark. Thus, in this article, predictions of future case law are mainly based on the work of the Danish Ministry of Justice on adapting Danish law to the GDPR. This work resulted, among others, in a white paper encompassing more than 1000 pages, published on 24 May 2017 (White paper no. 1565, GDPR – and the legal framework of Danish legislation, available at: http://justitsministeriet.dk/nyt-og-presse/pressemeddelelser/2017/nye-regler-styrker-beskyttelsen-af-persondata-i-europa.). In Denmark, case law traditionally stays close to the evaluations and considerations set forth in such white papers and other preparatory works. The predictions must therefore be considered to be founded on a realistic and sound basis.