Den­mark: fine for data dele­ti­on after infor­ma­ti­on request

The Danish Data Pro­tec­tion Aut­ho­ri­ty has reque­sted a fine against a recruit­ment com­pa­ny. The com­pa­ny had dele­ted per­so­nal data that was the sub­ject of a request for infor­ma­ti­on after recei­ving the request and befo­re pro­vi­ding the infor­ma­ti­on. The data pro­tec­tion aut­ho­ri­ty repor­ted the com­pa­ny to the poli­ce and recom­men­ded a fine of 50,000 Danish kro­ner (appro­xi­m­ate­ly CHF 7,100).

Unli­ke in most Mem­ber Sta­tes, the data pro­tec­tion aut­ho­ri­ty in Den­mark can­not impo­se a fine its­elf; the poli­ce inve­sti­ga­te the case and a court has to deci­de on a fine. See reci­tal 151:

Accor­ding to the legal systems Denmark’s and Esto­nia the fines pro­vi­ded for in this Ordi­nan­ce shall not be allo­wed. The pro­vi­si­ons on fines may be applied in such a way that the fine in Den­mark through the com­pe­tent natio­nal courts as a penal­ty and in Esto­nia through the Super­vi­so­ry aut­ho­ri­ty within the frame­work of mis­de­me­an­or pro­ce­e­dings impo­sed, pro­vi­ded that such appli­ca­ti­on of the rules in tho­se Mem­ber Sta­tes has the same effect as the fines impo­sed by the super­vi­so­ry aut­ho­ri­ties. The­r­e­fo­re, the com­pe­tent natio­nal courts should take into account the recom­men­da­ti­on of the super­vi­so­ry aut­ho­ri­ty that initia­ted the fine. In any event, the fines impo­sed should be effec­ti­ve, pro­por­tio­na­te and dissuasive.