Data Protection Authority
Data Protection Authority audits processing of personal data at the prosecution authority
16th May 2025
The Data Protection Authority has decided to conduct audits of the processing of personal data by those with prosecution powers in Iceland, i.e. the Director of Public Prosecutions, the District Prosecutor and the police chiefs, as to how the processing is conducted today. The aim of the audit is to investigate whether prosecutors comply with Act no. 75/2019 on the Processing of Personal Data for Law Enforcement Purposes in connection with the processing of personal data in evidence.
The audits are based on recent news about the alleged data breaches of two former police officers from police investigations and the Special Prosecutor’s Office.
On the one hand, the Data Protection Authority considers whether prosecutors delete personal data of evidence in accordance with the law. On the other, it considers whether the adequate security of personal data in evidence is ensured, taking into account the risks that may arise from those who work for the offices, including contractors, illegally utilising the personal data in evidence that they have access to for their work.
The audits have already been called and the Data Protection Authority has called for data and information for the purposes of the investigation.