Denmark Bookmark and Share  
Surveillance: illegal Danish data retention law to stay in place and defence intelligence agency to receive PNR data
10.3.17
Follow us: | | Tweet


Two new articles published by EDRi explain how the Danish Defence Intelligence Service is to obtain access to Passenger Name Record (PNR) data; and that while the Danish law on data retention does not meet the standards laid down by the European Court of Justice in the recent Tele2 ruling, it will remain in place "until new rules for targeted data retention have been fully implemented."

See: Danish Defence Intelligence Service will get access to PNR data (EDRi, link):

"Much more concerning from a privacy and data protection point of view is the newly proposed law which will give the Danish Defence and Intelligence Service (DDIS) blanket access to the PNR database held by SKAT. Information about Danish citizens is excluded from the DDIS access, but it is very unclear how this distinction will be made for flights within Schengen where the PNR data does not include passport numbers. The comments of the proposed law mention using passenger contact information such as phone numbers and email addresses, which are somewhat unreliable indicators of nationality. For non-Danish citizens, DDIS can use the PNR data for any intelligence purpose directed against conditions abroad. Besides preventing threats against national security (such as terrorism), the comments of the law specifically mention monitoring travel patterns of persons that may act on behalf of foreign states, and even using PNR data to facilitate the recruitment of foreign agents.

The activities of DDIS generally fall under the national security exemption in the EU Treaties, but the Ministry of Defence states that the PNR access by DDIS is subject to EU law. This is rather unusual for processing of personal data by a defence intelligence agency. In the present case of access to PNR data, it raises several data protection issues based on case law from the Court of Justice of the European Union (CJEU) in, in particular, the Schrems judgment and the upcoming ruling on the EU-Canada PNR agreement, where the Advocate General opinion was published on 8 September 2016."

And: Denmark: Our data retention law is illegal, but we keep it for now (EDRi, link):

"In his statement to the committee, the Minister started by noting that the Danish government is still analysing the consequences of the judgment, but two conclusions are clear. First, EU law precludes a general and undifferentiated data retention scheme covering all subscribers. Secondly, EU law does not preclude a targeted data retention scheme for the purpose of fighting serious crime. The Minister of Justice then noted that the Danish data retention law covers all subscribers, similar to the data retention laws in the other Member States that currently have data retention. The unavoidable implication of this is that the current Danish data retention law does not comply with EU law, which the Minister of Justice admitted before the committee.

...In this situation, a country committed to the rule of law would take immediate steps to repeal the illegal legislation. In Denmark, this can be done very easily, since the Danish data retention law authorises the Minister of Justice to lay down the specific data retention requirements in an administrative order. A simple executive decision by the Minister of Justice, repealing the illegal data retention administrative order (”logningsbekendtgørelsen”), would suffice to uphold the rule of law in Denmark.

However, this will not happen in the immediate future. Despite being unable – twice – to convince the Court of Justice of the EU of this, the Minister of Justice still argues that data retention is simply too valuable for the Danish police. Therefore, the current blanket data retention will simply continue without any change until new rules for targeted data retention have been fully implemented. The Minister of Justice claims that the EU Commission has not made any demands to the Danish government to repeal the current (illegal) data retention rules."

See the Court of Justice: December 2016: Watson/Tele2 Sverige AB case: The Members States may not impose a general obligation to retain data on providers of electronic communications services (Press release, pdf) and Full-text of CJEU judgment (pdf)

Support our work by making a one-off or regular donation to help us continue to monitor the state and civil liberties in Europe.
Search our database for more articles and information or subscribe to our mailing list for regular updates from Statewatch News Online.

We welcome contributions to News Online and comments on this website. E-mail us, call +44 (0) 207 697 4266, or send post to Statewatch, 356 Holloway Road, London N7 6PA

Home | News Online | Journal | Observatories | Analyses | Database | SEMDOC | About Statewatch

© Statewatch ISSN 1756-851X. Personal usage as private individuals/"fair dealing" is allowed. We also welcome links to material on our site. Usage by those working for organisations is allowed only if the organisation holds an appropriate licence from the relevant reprographic rights organisation (eg: Copyright Licensing Agency in the UK) with such usage being subject to the terms and conditions of that licence and to local copyright law.