Telecommunications companies in Denmark had access to read thousands of private text messages as part of a government-approved effort to fight SMS fraud in Denmark, raising concerns over privacy and legal boundaries. The government and telecom industry once hailed the SMS filter as a breakthrough in innovation and security, but it soon sparked debate over the legality and ethics of reading private messages.
SMS Filter Gave Unintended Access to Private Messages
For several months, employees at Denmark’s largest telecom providers were able to review the content of regular SMS messages sent to customers. This access was granted under a cooperation approved by the Danish government, aimed at combating the sharp rise in fraudulent text messages. However, it has since emerged that the filtering system provided companies greater access to personal messages than originally intended.
The companies involved, Telenor, TDC, 3, and Norlys, implemented a text message filter built on algorithms and artificial intelligence. The system was designed to analyze incoming text messages, flagging those that were potentially part of mass fraud attempts or contained harmful links. Messages that exhibited suspicious characteristics, such as being sent to thousands of recipients simultaneously or including phishing URLs, were prioritized for review.
Reevaluation of Efforts Against SMS Fraud in Denmark Amid Privacy Concerns
While the government and telecom industry originally promoted the SMS filter as a model of innovation and security, issues soon arose surrounding the legality and ethics of reading private text messages. The government had assured the public that telecom employees would not have access to message content, aligning with Danish constitutional protections and European Union privacy directives. However, in practice, employees were able to view alt-text, links, and message contents flagged by the artificial intelligence system.
Digitalization Minister Caroline Stage has declined direct interviews, but has relayed through her ministry that the SMS filter is currently under review by the Danish Agency for Digitalization. The agency is assessing whether the level of access granted by the filtering technology complies with privacy laws and constitutional protections. Once the review is complete, the findings will be discussed in the Danish Parliament.
Telecom Industry Misjudged the System Capabilities
According to Jakob Willer, director of the Danish telecom industry association, all major providers misunderstood the level of automation the system actually delivered. In effect, they believed the filter could detect and remove fraudulent messages without the need for human intervention. Instead, the process required that employees manually review certain flagged messages, inadvertently granting them access to the contents of thousands of personal texts.
By July 2025, most telecom companies had discontinued the more invasive aspects of the SMS filter. As of now, the system remains active but is significantly less effective because it no longer permits telecom staff to review flagged messages manually.
No Access to Encrypted Messaging
The SMS filtering system only applied to standard, unencrypted text messages. Encrypted messaging services such as iMessage, WhatsApp, and Signal remained untouched, as their end-to-end encryption prevents third parties from accessing message contents. The telecom companies have stated that the filter does not store or log any user data, and the scanning system does not keep permanent records of screened text messages.
Massive Amount of SMS Fraud in Denmark Underscore the Need for Protection
The SMS filtering initiative was introduced following an increasing number of high-profile cases of SMS fraud in Denmark. In August 2024, a 41-year-old man from Frederiksberg was sentenced to six years in prison for participating in a data fraud operation involving the transmission of 2.4 million text messages over a four-month span. The fraud attempts amounted to a potential financial loss of approximately 23.5 million Danish kroner, or nearly $3.3 million.
Inspired by a similar model in Finland, Danish authorities hoped to replicate their success. Finland’s system at times eliminated up to 95 percent of scam messages. Yet to meet Denmark’s strict privacy standards, developers had to ensure the filtering process did not violate citizens’ rights. The government originally argued that the AI-driven filter respected these standards, though the recent revelations have cast doubt on that claim.
Political Response Expected After Evaluation
The controversy has prompted calls for greater transparency and stronger legislative safeguards to prevent misuse of digital surveillance tools. Opposition parties and consumer rights groups are expected to weigh in once the digitalization agency completes its report. Meanwhile, the telecom companies maintain that their intentions were aligned with public safety, not surveillance.
As Denmark continues its digital transformation, the incident has triggered a broader public discussion about how to balance cybersecurity with privacy. Experts say it underlines the need for tighter oversight when deploying AI-based technologies that interact with citizens’ personal communications.
