Gathering and exchange of information (GDPR)

Gathering of information prior to the implementation of protection measures – Article 34

Under Article 34, a competent authority considering protection measures for a child may request relevant information for this purpose from the authorities in another state. Gathering of the information must be justified by the best interests of the child or young person and thus it must be of importance for the protection of the child.

It may be information about the child or other involved persons, such as the parents. The requesting authority must demonstrate that the information is necessary for the best interests of the child. Questions pertaining to the transmitting of information are handled in accordance with the national rules of the state receiving the request. Read more about the exchange of information below.

Exchange of information with foreign authorities

Transfer of information to an authority or person abroad is regulated by the General Data Protection Regulation and the Danish Data Protection Act. Of particular relevance is Chapter II (Articles 5–10) of the Regulation. Chapter V of the Regulation contains supplementary rules on the transfer of personal data to third countries – i.e. states which are not member states of the European Union. Refer to the guidance on the transfer of personal data to third countries on the website of the Danish Data Protection Agency.

Note that the General Data Protection Regulation and the Danish Data Protection Act contain a number of general principles that must be adhered to. These include, among others, the data minimization principles in Article 5(1)(c) of the General Data Protection Regulation, according to which personal data must be adequate, relevant and limited to what is necessary in relation to the purpose of the data processing.

The rules in the General Data Protection Regulation are supplemented by Article 37 of the convention which contains a restriction on the exchange of information about children. It prohibits requesting or transmitting information about a child if it is possible that such information could place the child in danger, or constitute a serious threat to the child’s family members.

For more information about data protection legislation, see the Danish Data Protection Agency’s website and guidelines.