The European Union General Data Protection Regulation (GDPR) provides a comprehensive framework for data protection that applies to all EU Member States. Denmark implemented the GDPR through Act No. 502 of 23 May 2018, on Supplementary Provisions to the Regulation on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data.

Under the EU Directive on Data Retention, operators were required to retain certain categories of traffic and location data (excluding the content of those communications) for a period between six months and two years and to make them available, on request, to law enforcement authorities for the purposes of investigating, detecting and prosecuting serious crime and terrorism. On 8 April 2014, the Court of Justice of the European Union declared the Directive invalid. However, not all national laws that implemented the Directive have been overturned.
Sections 5.1 and 5.2 of the Data Retention order require network operators or service providers to retain the following data about a user's access to the internet for one year:
- the assigned user identity;
- the telephone number assigned to communications as part of the public electronic communications network;
- the name and address of the subscriber or registered user to whom an IP address, user identity or telephone number was assigned at the time of communication; and
- the time of the beginning and the end of a communication.
Providers of electronic communications networks or service providers that offer wireless access to the Internet shall also record information on the precise geographical or physical location of the local network and the identity of the communications equipment used (Section 5.2).
This is reiterated in Section 786, paragraph 4, of the Administration of Justice Act, which states that providers of telecommunications networks or services shall be obliged to record and retain for one-year information on telecommunications traffic for the purpose of investigating and prosecuting criminal offences.

The Center for Cybersecurity may initiate lawful interception without a court order under Act No. 713 of 26 June 2014 on the Center of Cybersecurity. According to Chapter 4 of the Act, the Cybersecurity Centre's network security service may process traffic data, packet data and stationary data originating from authorities and enterprises that are connected to the Network Security Service without a court order, with a view to supporting a high level of information security in society. This includes the processing of personal data.
The Centre for Cybersecurity may only process, without a warrant, stationary data from an authority or undertaking that is connected to the Network Security Service when (1) the authority or undertaking has requested the assistance of the Cyber Security Centre, made the stationary data available to the network security service and given its written consent to the processing; and (2) the processing is deemed to contribute to supporting a high level of information security in society.
It is reported that a large number of public and private bodies can be requested to become part of the Network Security Service. The highest state bodies and state authorities may be connected to the network security service upon request. Additionally, the Centre for Cyber Security may require enterprises of a particularly public nature and regions and municipalities to be connected to the network security service for the purpose of monitoring network communications. The order may only cover those parts of the company, region or municipality that are of significant importance to Denmark's critical infrastructure. At least every six months, the Centre for Cyber Security must assess whether an injunction should be maintained.
The Center for Cybersecurity is exempted from the Danish Data Protection Act and Regulation 2016/679/EU on the protection of personal data, as well as parts of the Administrative Procedure Act and the Openness of Government Act.

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Danish E-Commerce Act implemented the E-Commerce Directive's specific rules on liability for intermediaries. Internet intermediaries generally do not need to monitor the content of a website they host, according to the Danish E-commerce Act. However, an internet intermediary must remove illicit information as soon as it becomes aware of it (section 16).

The Directive 2000/31/EC (E-Commerce Directive) is the legal basis governing the liability of Internet Services Providers (ISPs) in the EU Member States and includes a conditional safe harbour. Not all Member States have transposed the relevant articles consistently, leading to divergent national case law that could cause legal insecurity on an EU level.
The Danish E-Commerce Act implemented the E-Commerce Directive's specific rules on liability for intermediaries. Internet intermediaries generally do not need to monitor the content of a website they host, according to the Danish E-commerce Act. However, an internet intermediary must remove illicit information as soon as it becomes aware of it (section 16).

Art. 17 of Directive 2019/790 on Copyright in the Digital Single Market (DSM Directive) mandates that providers of content-sharing services seek authorisation from rights holders and implement technical solutions to remove and prevent unauthorised uploads by their users (so-called upload filters) under penalty of losing their liability safe harbour. Further arrangements are envisaged for complaints and dispute resolution mechanisms. Such upload filters are reported to be a significant cost for online platforms. Graduated exemptions are expected to be put in place for new providers active in the EU for less than three years with a turnover under EUR 10 million and with fewer than five million users. The provision is subject to a challenge in the Court of Justice by Poland (C-401/19).
To implement Arts. 15-17 of the Directive 2019/790, Denmark has adopted the Law amending the Copyright Act (L 205), therefore making online content-sharing service providers partially liable for copyright violations on their platforms.

The European Union and Denmark have adopted the World Intellectual Property Organization (WIPO) Performances and Phonograms Treaty. The treaty was ratified on 14 December 2009 and came into effect on 14 March 2010.

The Directive 2016/943 on the protection of undisclosed know-how and business information (trade secrets) is key in harmonising national laws concerning trade secrets. In 2018, Denmark updated its Trade Secret Legislation. Trade secrets were previously protected in the Marketing Act, and in other laws, but as a consequence of the EU Trade Secrets Directive, the rules have largely been compiled into one law, the Trade Secrets Act. The new Act introduces a definition of trade secrets, legal remedies and compensation.

It is reported that passive sharing is mandated in Denmark, and it is practised in the mobile and fixed sectors based on commercial agreements. In addition, Directive 2014/61/EU (Art. 3.2) establishes that Member States shall ensure that, upon written request of an undertaking providing or authorised to provide public communications networks, any network operator must meet all reasonable requests for access to its physical infrastructure under fair and reasonable terms and conditions, including price, with a view to deploying elements of high-speed electronic communications networks. Such written request shall specify the elements of the project for which the access is requested, including a specific time frame.

The Danish Public Procurement Act (part 1, section 3) states that a contracting authority shall treat economic operators or services from member states of the European Union or the European Economic Area equally to Danish economic operators and services. Economic operators and services from other countries shall also be treated equally to Danish operators, to the extent that this follows from international obligations incumbent on Denmark or the European Union.

Art. 85 of the Utilities Directive (2014/25/EU) contains provisions allowing contracting public entities to reject foreign goods not covered by any EU international commitments from its tender procedures. In these cases, a tender submitted for the award of a supply contract may be rejected where the proportion of the products originating in third countries exceeds 50% of the total value of the products constituting the tender (Art. 85.2). Additionally, in cases of equivalent offers, the provisions provide for a preference for European tenders and tenders covered by EU's international obligations. In practice, this possibility has rarely been used.
Although the Danish Public Procurement Act has not directly included Art. 85 of the Utilities Directive (2014/25/EU), it states that contracting entities shall comply with the provisions of the Utilities Directive.

It is reported that the Danish government actively encourages foreign investment based on the principle of national treatment and that there are no limits on foreign ownership.

The Investment Screening Act covers foreign direct investments in Denmark. According to Art. 5 of the Act, foreign investors must apply for authorisation from the Danish Business Authority if they intend to directly or indirectly acquire at least 10% of the shareholdings or voting rights in a company or entity domiciled in Denmark, and the Danish company or entity belongs to particularly sensitive sectors in relation to national security or public order. Under Art. 6 of the Act, particularly sensitive sectors and activities in relation to national security or public order include companies involved in IT security functions, publicly accessible electronic communications networks and services, central data storage, satellite, radio and television transmission, central public digital identification, common public master data, including geodata, personal registration and central business registration, as well as critical technology, such as artificial intelligence for autonomous vessels and machine learning for biometric identification.
Pursuant to Art. 14, the Danish Business Authority may carry out further investigation if an investment has been made without authorisation in violation of the Act. The Authority can then either order the violation to be brought to an end, i.e. authorisation must be applied for within a specified period, or the investment must be stopped by a given date. Notification is voluntary for investments in other sectors that will achieve at least 25% of the shareholding or voting rights or equivalent controls by other means and where the investment may pose a threat to national security or public order (Art. 10).

Pursuant to Art. 11 of the Consolidate Patents Act (2019), the Patent and Trademark Office may invite the applicant to appoint a patent agent residing in the European Economic Area (EEA) to represent the applicant in all matters relating to the application. Moreover, it is reported that it is strongly recommended that foreign applicants prosecute the patent in Denmark through a local agent, a Danish registered patent attorney.

Denmark is a party to the Patent Cooperation Treaty (PCT).