The Danish data protection authority, Datatilsynet, has ruled that pension providers, insurance companies and similar organizations are not authorized to automatically deny individuals' requests for access to their medical information. According to the ruling, organizations that practice automatic denials violate Article 15 of the EU General Data Protection Regulation. The DPA is requiring privacy impact assessments before any requests are denied. (Original articles are in Danish.)
If you want to comment on this post, you need to login.