According to local media and TV2, the personal data of hundreds of citizens was found to have been used in a criminal context, including planning murders within a gang environment, leading to calls for stricter controls on data access powers in government institutions.
The accused employee and the exploitation of the civil registry
The accused is a 27-year-old man who held the position of student assistant in the Copenhagen municipality, and he was charged with the illegal and systematic use of the civil registry (CPR-registeret).
According to investigations by the National Enhed for Særlig Kriminalitet (NSK), which includes serious crimes and digital crimes, the accused was able to access the data of 1,742 citizens, including CPR numbers and residential addresses, and then distributed information about 66 people via the encrypted messaging applications Telegram and Signal, to be used in blackmail and planning gang-related murders.
Warnings from the Data Protection Authority
Allan Frank, an information security specialist at Datatilsynet, described the case as one of the “most serious” they have encountered, as it directly demonstrates the use of personal data in organized crime. Frank noted that it is rare for personal data to be used in this way, and argued that allowing such broad access to this data should be reviewed immediately. .
Calls to restrict access and maintain trust
Birgitte Arent Eiriksson, director of Justitia and a member of the Dataetisk Råd board, emphasized that public trust in institutions is jeopardized when they are granted excessive access to sensitive data. She stated that there is a critical need to segment and restrict access based on the actual function that justifies the use of the data.
There are precedents for similar violations in Denmark.
The current case comes within a growing context of data misuse in government institutions:
- 2023: Six employees in the capital region were dismissed after they unlawfully accessed the medical file of a kidnapping victim child.
- May 2025: A doctor accessed 4,747 medical files without permission.
- The same month: A hospital trainee reviewed the records of nearly 400 citizens without justification.
- Recently: An employee at Odense University Hospital was isolated after illegally accessing 174 patient records.
Politicians' reactions to the issue
The revelation of this case has led to reactions from the Danish parliament, and the following are statements from some political figures to TV2:
- Karina Lorentzen, a member of the SF party, said: “We are a fully digital society, but our record is full of errors and leaks. We need to adopt technologies such as algorithms or random checks to detect abuses,” stressing the importance of building systems capable of detecting the illegal use of data. .
- Louise Elholm of the Venstre party described the incident as “horrifying,” but stressed that new legislation could be an added burden and instead called for a local review of existing procedures first. .
- Birgitte Vind of the Social Democratic Party expressed support for the current protection methodology, but did not rule out the need to improve it, stressing the need to determine who has the right to access the data and to know the consequences of breaking the rules. .
A security scandal, but politicians don't believe in the need for new legislation.
Since the case represents not just a violation of citizens' privacy, but a security scandal involving the use of 1,742 CPR records within the context of planning a crime in a gang environment, experts are calling for a redesign of access privileges and the immediate activation of tamper detection systems. Politicians, however, do not agree on the need for new legislation, but rather call for an assessment and reform of internal procedures first.
