Securitas A/S – Dismissed (Denmark, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Danish DPA dismissed a complaint against Securitas A/S, where an employee claimed their personal data was shared without consent. The DPA found that Securitas had informed employees about the need for security clearance, which justified the data sharing. This decision highlights the importance of clear communication about data handling in employment settings.
What happened
Securitas A/S shared an employee's personal data with the Defense Intelligence Service for security clearance purposes.
Who was affected
The employee of Securitas A/S who was undergoing security clearance procedures.
What the authority found
The Danish DPA dismissed the complaint, agreeing with Securitas that the data sharing was justified and employees were informed about the security clearance requirements.
Why this matters
This case underscores the need for companies to clearly communicate data handling practices to employees, especially when security clearances are involved. It also shows that authorities may side with employers if proper procedures are followed.
GDPR Articles Cited
The data subject was employed by Securitas A/S as a security guard. Employment at Securitas as a security guard is subject to the approval of the Chief of Police (DK: Rigspolitichef). For employees who carry out "on-call duties" associated with customers with special security requirements, employment is also subject to register approval at the Police Intelligence Service (DK: Politiets Efterretningstjeneste) (“PET”). In connection with the employment at Securitas, the data subject was contacted by the Defense Intelligence Service (DK: Forsvarets Efterretningstjeneste) (“FE”) as the data subject had been nominated for a security clearance, and therefore, was viewed to have been filled out an electronic form for the processing. The data subject complained to the Danish DPA about Securitas disclosing their personal data to the FE, as the data subject stated that they had not consented to such disclosure. The data subject stated that Securitas had disclosed their personal data (job title, full name, and social security number). The data subject argued that they had not completed the “information form 2” to which Securitas referred to, and therefore, no declaration of consent had been given. The data subject argued that their personal data had been disclosed to the FE without their knowledge. Securitas argued that the disclosure of the data subject’s personal data to the FE as well as the PET was justified. Securitas stated that, at the time of the disclosure of personal data, the complainant was employed as a security guard and that all such “on-call employees” are informed of the requirement for security clearance through a communication portal. Securitas argued that the data subject had completed the “information form 2” and so, a declaration of consent. Securitas stated that the application for security approval would have been rejected, if the data subject had not completed, signed, and consented to it. The DPA initially notes that consent, under Article 6(1)(a
Outcome
Dismissed
The complaint or investigation was dismissed.
Related Enforcement Actions (0)
No other enforcement actions found for Securitas A/S in DK
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Securitas A/S - Denmark (2022). Retrieved from cookiefines.eu
Last updated: