Danish Data Watchdog Highlights AI, Children’s Privacy, & Breach Prevention in 2024 Report

Key Takeaways

• AI in the Spotlight: Denmark expanded its AI oversight with a regulatory sandbox, new assessment templates, and targeted guidance across the public sector.
• Record Activity: The Authority handled 18,816 new cases in 2024, the highest annual volume on record.
• Children’s Data Protection Boosted: Denmark led Nordic efforts to adopt unified principles safeguarding kids in online gaming environments.
• Proactive Breach Guidance: New advice covering 10 common data breach scenarios was released, alongside an expanded early-response system.
• Public-Facing Resources Grown: Citizens gained a new consent-focused webpage and associations received tailored GDPR guidance tools.

Deep Dive

Denmark’s data protection authority, Datatilsynet, has released its 2024 annual report, spotlighting a year defined by record case volumes, deepened international collaboration, and a proactive push into fast-evolving areas like artificial intelligence and children’s online safety.

The report, delivered to the Danish Parliament and published this week, reflects what the agency described as “yet another year of high activity,” with 18,816 new cases logged, surpassing even the previous record. From updated guidance and breach-response protocols to regulatory sandboxes for AI, the Authority’s efforts spanned public institutions, private companies, and civil society alike.

One area that drew particular focus was artificial intelligence. As generative AI tools became more widely used, Datatilsynet doubled down on its oversight. The agency kicked off the year by hosting a high-profile panel discussion to mark International Data Protection Day, where experts debated both the potential and the pitfalls of AI, especially in Denmark’s strained healthcare system. Throughout 2024, the Authority expanded its regulatory sandbox program, giving selected organizations a chance to test and refine AI tools under the agency’s supervision. It also published two new templates in May to help organizations conduct data protection impact assessments, one tailored to AI, the other more broadly applicable.

Children’s privacy was another high priority. Building on a Nordic initiative launched in Helsinki, the Danish authority played a leading role in developing a new set of regional principles to protect minors in online gaming environments. The final framework was adopted at a meeting in Oslo in May and made public the following month.

At the same time, Datatilsynet sharpened its focus on helping organizations prevent breaches before they happen. After a successful pilot in 2023, the agency doubled the number of breach scenarios covered by its proactive guidance system in 2024. In January, it released a new advisory highlighting 10 common types of data breaches, ranging from misdirected emails to system design flaws, and provided practical technical and organizational measures that could help prevent them. It’s the kind of guidance that’s especially useful for frontline employees and IT managers, not just compliance officers.

For civil society groups, the Authority also launched a new GDPR resource hub designed specifically for Danish associations, from housing cooperatives to nonprofit organizations. Built in collaboration with stakeholders, the site breaks down key concepts and provides tailored examples to help these often-under-resourced groups better navigate their data responsibilities.

Even citizens themselves weren’t left behind. A new thematic page published in February clarified a common misconception, that consent is always required to process personal data. The page helps Danes better understand their rights, offers plain-language definitions, and addresses common questions about data access, deletion, and correction.

Throughout the year, the Authority continued to evolve not only what it does, but how it works. Internal systems were updated to enable a more data- and risk-based approach to supervision. The website was redesigned to improve usability for both professionals and the general public. Its telephone advisory service was reorganized to improve working conditions for staff and ensure more effective help for callers.

Internationally, Datatilsynet had a seat at the table for the EU Commission’s first formal evaluation of the EU-U.S. Data Privacy Framework. A representative joined the EU delegation to Washington, D.C. in July 2024 to assess the adequacy of U.S. data safeguards. The final report concluded that appropriate mechanisms are now in place, an outcome partly shaped by Denmark’s active involvement.

Notably, the Authority also tweaked its own standard data processing agreement in March, clarifying a previously contentious clause related to processor bankruptcy. The updated language is now optional and aligned with EU standards, after concerns were raised by stakeholders about its real-world workability.

And in a small but meaningful shift, the Authority updated its guidance in April around recording phone calls for training purposes. Contrary to earlier practice, such recordings can now proceed without consent, so long as individuals are notified and given the opportunity to opt out.

Taken together, the 2024 report paints a picture of a regulator both responsive and forward-looking. Whether it’s through new guidance, retooled systems, or a growing international role, Datatilsynet is signaling that protecting data in the modern world requires not just enforcement, but education, accessibility, and a willingness to adapt.

As AI, cross-border data transfers, and digital childhoods raise new questions about privacy and risk, Denmark’s data watchdog appears determined to stay a few steps ahead.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.