Legal advice from Datatilsynet

Legal advice from Datatilsynet

Legal advice from Datatilsynet

No Comments on Legal advice from Datatilsynet

While there still is a lot of work left with the technical part of the project, I wanted to reach out and see if I would run into any problems with the legal stuff. I wrote emails explaining my project to both Datatilsynet and Digitaliseringsstyrelsen. Datatilsynet responded after a while with a request to call them, as the nature of my project required them to use a phone and not email. Here is the Legal advice from Datatilsynet

Since my project involves hacking of properties that are not mine to begin with, I wanted to make sure that a simple contract made between my customer and I would insure that nobody could get in trouble after the job was done.
The phone interview lasted about 20 minutes and was very interesting. The questions can be summed up in:

  • Any particular laws which forbid me to make an agreed “hack” of a corporate network, then to generate a report based on network and security issues and problems.

Still waiting for information from Digitaliseringsstyrelsen, but according to Datatilsynet, I shouldn’t have any problems.  They had some pointers and advise to the contract that should be signed before starting any work. Since I am sniffing traffic from the network, it would be advised to store this data in a safe manner in case there is any person sensitive data.

Since the device I’m working on doesn’t save the person sensitive data anywhere, but just reads the data packages, I shouldn’t have any problems.  According to Datatilsynet, if a company has employees, they will also have a protocol for safeguarding person sensitive data.  Datatilsynet advised me to create a data processor agreement according to the specifications in Danish law § 42 paragraph. 2. This would help protect me in case anything would happen.

My project doesn’t save any data, but merely use the data already in the air to crack the passwords. This data in the airwaves could very well be Facebook messages, or emails, but since I’m not using the data for any purpose related to the person sensitive information and not storing it, the project shouldn’t be affected by any person sensitive data laws. Now I just need to get answers from Digitaliseringsstyrelsen as they might be able to get me some more information about what potential problems I could encounter.

Martin Jørgensen

Martin Jørgensen

Got my degree from EAL in 2012 as an IT-Technologist with specialty in network. I enjoy living in a century where I can earn a living doing my hobby. Material I publish here are often part of my small projects.
Martin Jørgensen

Latest posts by Martin Jørgensen (see all)

Tags:

Related Posts

Back to Top