Denmark: Datatilsynet issues criticism against Dagrofa for unnecessary disclosure of personal data
On September 25, 2023, the Danish data protection authority (Datatilsynet) published its decision in Case No. 2023-832-0081, as issued on the same date, in which it expressed criticism against Dagrofa ApS, for violations of Act No. 502 of 23 May 2018 on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data (the Act), following a complaint made by an individual.
Background to the decision
The complainant claimed that a merchant at a Meny store, owned and operated by Dagrofa, had passed on personal data about the complainant, including information on criminal offenses, to the complainant's former supervisor without authorization. As a result, the complainant stated that they were dismissed from their workplace.
Findings of the Datatilsynet
The Datatilsynet determined that Dagrofa was the data controller for the processing of personal data in question in the case. Further, the Datatilsynet held that the disclosure of information that the complainant had committed criminal offenses was not necessary for Dagrofa to safeguard its legitimate interest. Therefore, the Datatilsynet found that Dagrofa's processing of personal data violated Section 8(4) of the Act.
The Datatilsynet issued criticism against Dagrofa for the aforementioned violations.