Data Protection in Sweden: Difference between revisions
No edit summary |
No edit summary |
||
Line 11: | Line 11: | ||
|English Translation of National Implementation Law:||[https://www.government.se/government-policy/the-constitution-of-sweden-and-personal-privacy/act-containing-supplementary-provisions-to-the-eu-sfs-2018218-general-data-protection-regulation / Act containing supplementary provisions to the EU General Data Protection Regulation] | |English Translation of National Implementation Law:||[https://www.government.se/government-policy/the-constitution-of-sweden-and-personal-privacy/act-containing-supplementary-provisions-to-the-eu-sfs-2018218-general-data-protection-regulation / Act containing supplementary provisions to the EU General Data Protection Regulation] | ||
|- | |- | ||
|Official Language(s):|| | |Official Language(s):||Swedish | ||
|- | |- | ||
|National Legislation Database(s):||[http://www.lagrummet.se/ Link] | |National Legislation Database(s):||[http://www.lagrummet.se/ Link] |
Latest revision as of 14:08, 1 October 2021
Data Protection in Sweden | |
---|---|
Data Protection Authority: | IMY (Sweden) |
National Implementation Law (Original): | Lag (2018:218) |
English Translation of National Implementation Law: | / Act containing supplementary provisions to the EU General Data Protection Regulation |
Official Language(s): | Swedish |
National Legislation Database(s): | Link |
National Decision Database(s): | RIS.bka.gv.at |
Legislation
History
Sweden introduced one of the first data protection laws in the world in 1973 with the introduction of the Data Act (Datalagen). The supervisory authority Datainspektionen was founded the same year. On 1 January 2021, the name was changed to Integritetsskyddsmyndigheten ("IMY").
National constitutional protections
The Swedish Basic Laws are four fundamental laws, regulating the political system and acting in the same role as constitutions in most other countries. The four Basic Laws are The Instrument of Government; The Freedom of the Press Act; The Fundamental Law on Freedom of Expression, and the Act of Succession.
The Basic Law protects the right to privacy in Chapter 2 § 6 in the Instrument of Government.
The right to free speech is secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental Law on Freedom of Expression.
Freedom of information follows from Chapter 2 § 1 in the Instrument of Government.
The right of public access follows from Chapter 2 § 1 The Fundamental Law on Freedom of Expression.
It is unsure if the GDPR is compatible to the constitutional protection. The stance of the Swedish government is that Article 85 and 86 allows the constitutional protections found in the Basic Laws.
National GDPR implementation law
In Sweden the GDPR is implemented by Lagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning. The unofficial English name for this statute is the Act containing supplementary provisions to the EU General Data Protection Regulation. This law is commonly refered to as "The Data Protection Act" (Dataskyddslagen).[1]
Age of consent
The age of consent in Sweden is 13 years following § 4 of the Data Protection Act.
Freedom of Speech
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.
Employment context
Chapter 3 § 2 further that processing special categories of personal data in the context of employment and social security may be done in accordance with Article 9 for purposes of excercising rights, or fulfilling obligations under labour law.
Research
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.
Archival and statistical purposes
Special categories of personal data may be processed if it is necessary for the controller to comply with regulations on archives pursuant to Chapter 3 § 6.
For processing of special categories of personal data for statistical purposes, the benefit must be necessary for statistical purposes and the public interests in the processing must clearly weigh in the favor of such processing without an undue intrusion into the privacy of the individual, pursuant to Chapter 3 § 7.
Health sector
According to Chapter 3 § 5 of the Data Protection Act, special categories of personal data may be used if the processing is necessary for one of six applicable purposes:
(1) preventive health care and occupational medicine; (2) the assessment of an employee's work capacity; (3) medical diagnoses; (4) provision of health care or treatment; (5) social care, or (6) management of health care services, social care and their systems
Other relevant national provisions and laws
IMY can impose sanctions on government breaches pursuant to Chapter 6 § 1(1) in accordance with Article 83
National ePrivacy Law
The ePrivacy Directive is implemented through several laws, the most important being the Electronic Communications Act (Lag 2003:389 in SE) which regulates the placement of cookies in § 18. The supervisory authority is Post- och telestyrelsen, PTS.
Data Protection Authority
The Swedish Data Protection Authority (Integritetsskyddsmyndigheten, "IMY") is the national data protection authority for Sweden.
→ Details see IMY_(Sweden)
Judicial protection
The Courts in Sweden are divided into two distinct tracks: The General Courts and The Administrative Courts. Both tracks have three tiers. The General Courts mainly deal with criminal cases, in addition to some select civil law disputes.
Complaints regarding IMY's administration of a case can be lodged as a complaint with the Parliamentary Ombudsmen.
General Courts
While most of the cases related to data protection will be handled by the Administrative Courts if brought into the court system, requests for damages will be handled by the General Courts. Claims of damages can also be handled by IMY.
Administrative Courts
Appeals from IMY can be brought before the Administrative Courts.