1. Meaning of Litigation Hold in Denmark (Legal Context)

In Denmark, “litigation hold” is not a codified legal term. Instead, it is functionally achieved through:

• Duty to preserve evidence during foreseeable litigation
• GDPR Article 5(1)(e) storage limitation exceptions
• Court-ordered disclosure / preservation measures
• E-discovery style obligations in civil litigation
• Cyber preservation duties after security incidents

Practical meaning in Denmark:

A company or authority must suspend deletion of relevant electronic data (emails, logs, metadata, cloud records) when:

• Litigation is reasonably expected, OR
• Regulatory investigation is ongoing, OR
• Data is needed for legal claims or defense

Failure may lead to:

• Adverse inference in court
• Evidence exclusion risks
• GDPR sanctions
• Procedural penalties under Danish civil procedure principles

2. Cyber Preservation & Data Retention Disputes in Denmark

Denmark is heavily shaped by EU constitutional privacy law, meaning disputes usually revolve around:

• Whether mass retention is legal
• Whether targeted retention is proportionate
• Whether stored cyber data can be used as evidence
• Whether preservation violates fundamental rights (EU Charter Articles 7 & 8)

3. Key Legal Conflict Areas

A. Mass Data Retention vs Privacy Rights

Denmark has repeatedly maintained data retention laws, but they conflict with EU jurisprudence.

B. Litigation Hold vs GDPR Storage Limitation

Companies must balance:

• Legal obligation to preserve evidence
  vs
• GDPR requirement to delete data when no longer needed

C. Cyber Evidence Admissibility

Even unlawfully retained data may sometimes still be used in Danish courts (case-dependent).

4. Key Case Law (Denmark + EU influencing Denmark)

Below are 6 major cases shaping litigation hold and cyber preservation disputes in Denmark:

1. Tele2 Sverige AB v Post- och telestyrelsen (C-203/15 & C-698/15)

Court: Court of Justice of the European Union (CJEU)
Year: 2016

Holding:

• General and indiscriminate data retention is illegal under EU law
• Requires targeted and limited retention only

Impact on Denmark:

• Danish data retention framework was found non-compliant
• Forced Denmark to acknowledge legal incompatibility of blanket logging

👉 This is the foundation of modern Danish cyber preservation limits.

2. La Quadrature du Net v France (C-511/18, C-512/18, C-520/18)

Court: CJEU
Year: 2020

Holding:

• Mass surveillance is only allowed in strict national security exceptions
• Requires strict proportionality and time limitation

Impact in Denmark:

• Danish Ministry of Justice had to redesign retention laws
• Triggered partial reforms but also ongoing legal uncertainty

3. G.D. v Commissioner of An Garda Síochána (C-140/20)

Court: CJEU
Year: 2022

Holding:

• Access to retained communications data must be:
  • Prior reviewed by independent authority
  • Strictly necessary and proportionate

Impact in Denmark:

• Forced reconsideration of lawful access rules
• Affects admissibility of cyber evidence in criminal cases

4. Danish Supreme Court – Association Against Illegal Surveillance Case (2022)

Court: Højesteret (Danish Supreme Court)

Holding:

• Danish logging order not automatically invalid in all cases
• Courts may assess legality case-by-case
• Plaintiffs lacked sufficient legal interest in broad invalidation claims

Significance:

• Confirms Denmark does not automatically strike down surveillance laws
• Reinforces judicial discretion in cyber evidence disputes

5. Danish Data Retention Litigation (Borgerretsfonden v Ministry of Justice)

Court: Danish civil courts (ongoing litigation referenced in 2017–2018 proceedings)

Key issue:

• Whether Denmark’s blanket retention violates EU law

Holding (procedural developments):

• Government admitted non-compliance with EU law
• Case delayed due to legal standing and procedural disputes

Importance:

• Shows how litigation hold arguments intersect with state surveillance preservation systems

6. Case on GDPR Evidence and Cyber Harm – Højesteret (2025)

Court: Danish Supreme Court
Year: 2025

Holding:

• Compensation under GDPR Article 82 requires:
  • Proven actual harm
  • Not speculative fear

Importance for litigation hold:

• Limits claims for “data exposure harm”
• Impacts preservation disputes after cyber incidents (e.g., stolen data cases)

7. European Court of Human Rights – Foreningen imod Ulovlig Logning v Denmark

Court: European Court of Human Rights (ECHR)
Year: Communicated 2023

Issue:

• Whether Danish blanket retention violates:
  • Article 8 (privacy)
  • Article 10 (expression)
  • Article 13 (effective remedy)

Importance:

• Could directly reshape Denmark’s cyber preservation regime
• May require stricter litigation hold destruction rules

5. How Litigation Hold Actually Works in Danish Practice

In real Danish cyber litigation scenarios:

1. Trigger Point

Litigation hold begins when:

• Lawsuit is filed OR
• “Reasonable anticipation” of litigation arises

2. Data Covered

• Emails (Exchange / M365)
• Server logs
• Metadata (IP logs, access logs)
• Cloud storage
• Security incident logs

3. Legal Basis

• GDPR Article 6(1)(c) (legal obligation)
• Retsplejeloven (procedural necessity)
• EU case law obligations

4. Conflict Zone

• Data retention laws (state surveillance)
  vs
• Litigation hold (private/legal preservation)
  vs
• GDPR deletion obligations

6. Core Legal Principles Derived from Danish + EU Jurisprudence

From the above cases, Danish cyber preservation law follows these principles:

(1) No blanket retention principle

→ From Tele2 Sverige

(2) Strict necessity principle

→ From La Quadrature du Net

(3) Independent access control requirement

→ From G.D. case

(4) Case-by-case judicial assessment

→ From Danish Supreme Court rulings

(5) Evidence admissibility is national discretion but EU-limited

→ Hybrid rule under EU Charter influence

7. Practical Legal Conclusion

In Denmark, “litigation hold cyber preservation disputes” are not governed by a single doctrine, but by a three-layer legal conflict system:

1. EU fundamental rights law (dominant)
2. Danish procedural law (secondary)
3. Corporate compliance + GDPR obligations (operational layer)

Key takeaway:

Denmark allows preservation of cyber evidence for litigation, but it is heavily constrained by EU privacy jurisprudence, and courts increasingly scrutinize:

• proportionality of retention
• legality of acquisition
• admissibility of cyber evidence
• scope of surveillance-derived data