Proposal for new Finance Act does not prioritise data security

The government's level of ambition when it comes to ensuring better supervision of how both authorities and private companies handle our sensitive personal data remains largely unchanged. In the proposal for next year's Finance Act, the Danish Data Protection Agency avoids cuts and receives an increased grant of DKK 3.3 million. However, the vast majority of the money is earmarked for a new external reporting channel for whistleblowers, and the plan is to turn down the supervisory functions. 

From 2019 to 2020, the total number of cases before the Danish Data Protection Agency increased from 15,681 to 17,768, which corresponds to 13 per cent, which is why the government’s proposal seems rather unambitious, says Jørn Guldberg, who is an IT security expert in the Danish Engineering Society, IDA.  

"At a time when all politicians are celebrating the many benefits of digitalisation, it would be more than appropriate to give priority to the body tasked with ensuring that Danish children and adults can feel safe, can move freely digitally and know that those who do not comply with our laws are held accountable, " he says. 

Jørn Guldberg stresses that we are at a time when the supervision of our sensitive personal information is more important than ever before. 

"The watchdog we in Denmark have given this important task is the Danish Data Protection Agency. It must ensure that individuals and authorities know, and not least comply with, the rules governing the processing of personal data and that citizens know their rights. It is therefore a body that needs to be strengthened if due diligence is to be exercised," he said. 

Municipalities, regions and the government are about to present a new joint public digitalisation strategy, and here it is important to stress that the foundation for further digitisation rests on whether we can trust our personal data to be handled safely, says IDA’s IT security expert.

"Therefore, the government and the other parties at Christiansborg should take the challenge seriously. The Danish Data Protection Agency really needs to be strengthened so that it can provide much more guidance to authorities and companies on how to handle sensitive personal data. Furthermore, politicians should work towards the Danish Data Protection Agency – in line with the national supervision of several other European countries – being able to issue administrative fines themselves, instead of having to make a report to an already pressured police force," says Jørn Guldberg.