Indenrigs- og Sundhedsministeriet – Complaint Upheld (Denmark, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Datatilsynet in Norway upheld a complaint against the Ministry of the Interior and Health for denying a person's request to access a security log. This decision highlights the importance of transparency and access to personal data. It shows that even government bodies must be accountable to individuals regarding their data.
What happened
The Ministry of the Interior and Health refused a person's request to access the security log of the Civil Registration System.
Who was affected
A person who sought access to their information recorded in the security log.
What the authority found
The authority upheld the refusal, citing national security concerns as a reason for not granting access to the log.
Why this matters
This case illustrates the balance between data access rights and national security. It reminds government agencies to consider the implications of denying access to personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
On 3 October 2023, the DPA received a complaint by a data subject. He complained about the fact that the Ministry of the Interior and Health (Indenrigs- og Sundhedsministeriet) had refused to give him access to the security log of the Civil Registration System (Centrale Personregister - CPR). This log contains information about the date and time of searches and also an ID associated to the natural person performing the search. On 20 November 2023 the DPA forwarded the complaint to the controller, so that it could reconsider its refusal in light of the CJEU case [https://gdprhub.eu/index.php?title=CJEU_-_C-579/21_-_Pankki_S C-579/21, Pankki S]. On 4 January 2024 the controller upheld the refusal. It argued that [https://danskelove.dk/databeskyttelsesloven/22 § 22 of the Data Protection Act], the national legislation implementing Article 23 GDPR, introduces an exception to the right to access in this case. More specifically, the controller argued that considerations relating, among others, to the protection of national security, including the prevention, investigation, detection or prosecution of criminal offences outweighed the data subject’s right to access information that can be derived from the CPR security log. For example, the controller pointed out that granting such an access would mean revealing information relating to searches made by the Police. Moreover, the controller argued that the refusal is particularly justified by the resources that would be involved in processing and responding to an access request to the CPR security log. Finally, the controller emphasised that the CPR security log on itself cannot be used to check whether a given processing of personal data is lawful as it does not contain information about the authority's or company's purpose for processing the data subject's data. First of all, the DPA agreed with the controller about the fact that [https://danskelove.dk/databeskyttelsesloven/22 § 22 of the Data Protection Act] contains a nu
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Indenrigs- og Sundhedsministeriet in DK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Indenrigs- og Sundhedsministeriet - Denmark (2024). Retrieved from cookiefines.eu
Last updated: