Pension providers and insurers can’t reject consumer requests for their personal medical information until they conduct a data-privacy audit, Denmark’s data regulator said.
The Nov. 25 decision by the Danish Data Protection Agency outlaws company policies that automatically reject such consumer requests but doesn’t require insurers and similar organizations to hand over the data. It could serve as influential guidance, even though interpretations of EU law by national data protection agencies are not legally enforceable across the bloc.
The decision “confirms that a medical analysis is personal data,” Michael Gorm Madsen, an attorney with Bird and Bird, said in an ...
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.