Data Protection in Sweden: Difference between revisions

From GDPRhub
No edit summary
(Added info on the National GDPR implementation law)
Line 5: Line 5:
|dpa=Datainspektionen (Sweden)
|dpa=Datainspektionen (Sweden)
|national implementation law=[https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/lag-2018218-med-kompletterande-bestammelser_sfs-2018-218 Lag (2018:218)]
|national implementation law=[https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/lag-2018218-med-kompletterande-bestammelser_sfs-2018-218 Lag (2018:218)]
|english translation=n/a
|english translation=[https://www.government.se/government-policy/the-constitution-of-sweden-and-personal-privacy/act-containing-supplementary-provisions-to-the-eu-sfs-2018218-general-data-protection-regulation/ Act containing supplementary provisions to the EU General Data Protection Regulation]
|official language = Swedish
|official language = Swedish
|national legislation database=[https://lagrummet.se/ Link]
|national legislation database=[https://lagrummet.se/ Link]
Line 30: Line 30:


===National GDPR implementation law===
===National GDPR implementation law===
In Sweden the GDPR is implemented by ''[https://lagen.nu/2018:218 Lag (2018:218])''.
In Sweden the GDPR is implemented by [https://lagen.nu/2018:218 Lagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning]. The inofficial English name for this statute is the [https://www.government.se/government-policy/the-constitution-of-sweden-and-personal-privacy/act-containing-supplementary-provisions-to-the-eu-sfs-2018218-general-data-protection-regulation/ Act containing supplementary provisions to the EU General Data Protection Regulation]. This law is commonly refered to as "The Data Protection Act" (Dataskyddslagen).<ref>https://www.datainspektionen.se/lagar--regler/dataskyddslagen/</ref>


''You can help us fill this section!''
====Age of consent====
 
==== Age of consent ====
The age of consent in Sweden is 13 years following § 4 of the Data Protection Act.
The age of consent in Sweden is 13 years following § 4 of the Data Protection Act.


==== Freedom of Speech ====
====Freedom of Speech====
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.  
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.  


==== Employment context ====
====Employment context====
Chapter 3 § 2 further that processing special categories of personal data in the context of employment and social security may be done in accordance with [[Article 9 GDPR|Article 9]] for purposes of excercising rights, or fulfilling obligations under labour law.
Chapter 3 § 2 further that processing special categories of personal data in the context of employment and social security may be done in accordance with [[Article 9 GDPR|Article 9]] for purposes of excercising rights, or fulfilling obligations under labour law.


==== Research ====
====Research====
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.  
Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.  


==== Archival and statistical purposes ====
====Archival and statistical purposes====
Special categories of personal data may be processed if it is necessary for the controller to comply with regulations on archives pursuant to Chapter 3 § 6.
Special categories of personal data may be processed if it is necessary for the controller to comply with regulations on archives pursuant to Chapter 3 § 6.


For processing of special categories of personal data for statistical purposes, the benefit must be necessary for statistical purposes and the public interests in the processing must clearly weigh in the favor of such processing without an undue intrusion into the privacy of the individual, pursuant to Chapter 3 § 7.  
For processing of special categories of personal data for statistical purposes, the benefit must be necessary for statistical purposes and the public interests in the processing must clearly weigh in the favor of such processing without an undue intrusion into the privacy of the individual, pursuant to Chapter 3 § 7.  


==== Health sector ====
====Health sector====
According to Chapter 3 § 5 of the Data Protection Act, special categories of personal data may be used if the processing is necessary for one of six applicable purposes:
According to Chapter 3 § 5 of the Data Protection Act, special categories of personal data may be used if the processing is necessary for one of six applicable purposes:



Revision as of 16:08, 22 December 2020

Data Protection in Sweden
Se.png
Data Protection Authority: Datainspektionen (Sweden)
National Implementation Law (Original): Lag (2018:218)
English Translation of National Implementation Law: Act containing supplementary provisions to the EU General Data Protection Regulation
Official Language(s): Swedish
National Legislation Database(s): Link
English Legislation Database(s): n/a
National Decision Database(s): Link

Legislation

History

Sweden introduced one of the first data protection laws in the world in 1973 with the introduction of the Data Act (Datalagen). The supervisory authority Datainspektion was founded the same year.

National constitutional protections

The Swedish Basic Laws are four fundamental laws, regulating the political system and acting in the same role as constitutions in most other countries. The four Basic Laws are The Instrument of Government; The Freedom of the Press Act; The Fundamental Law on Freedom of Expression, and the Act of Succession.

The Basic Law protects the right to privacy in Chapter 2 § 6 in the Instrument of Government.

The right to free speech is secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental Law on Freedom of Expression.

Freedom of information follows from Chapter 2 § 1 in the Instrument of Government.

The right of public access follows from Chapter 2 § 1 The Fundamental Law on Freedom of Expression.

It is unsure if the GDPR is compatible to the constitutional protection. The stance of the Swedish government is that Article 85 and 86 allows the constitutional protections found in the Basic Laws.

National GDPR implementation law

In Sweden the GDPR is implemented by Lagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning. The inofficial English name for this statute is the Act containing supplementary provisions to the EU General Data Protection Regulation. This law is commonly refered to as "The Data Protection Act" (Dataskyddslagen).[1]

Age of consent

The age of consent in Sweden is 13 years following § 4 of the Data Protection Act.

Freedom of Speech

Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.

Employment context

Chapter 3 § 2 further that processing special categories of personal data in the context of employment and social security may be done in accordance with Article 9 for purposes of excercising rights, or fulfilling obligations under labour law.

Research

Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.

Archival and statistical purposes

Special categories of personal data may be processed if it is necessary for the controller to comply with regulations on archives pursuant to Chapter 3 § 6.

For processing of special categories of personal data for statistical purposes, the benefit must be necessary for statistical purposes and the public interests in the processing must clearly weigh in the favor of such processing without an undue intrusion into the privacy of the individual, pursuant to Chapter 3 § 7.

Health sector

According to Chapter 3 § 5 of the Data Protection Act, special categories of personal data may be used if the processing is necessary for one of six applicable purposes:

(1) preventive health care and occupational medicine; (2) the assessment of an employee's work capacity; (3) medical diagnoses; (4) provision of health care or treatment; (5) social care, or (6) management of health care services, social care and their systems

Other relevant national provisions and laws

Datainspektionen can impose sanctions on government breaches pursuant to Chapter 6 § 1(1) in accordance with Article 83

You can help us fill this section!

National ePrivacy Law

The ePrivacy Directive is implemented through several laws, the most important being the Electronic Communications Act (Lag 2003:389 in SE) which regulates the placement of cookies in § 18. The supervisory authority is Post- och telestyrelsen, PTS.

Data Protection Authority

The Swedish Data Protection Authority (Datainspektionen) is the national data protection authority for Sweden.

→ Details see Datainspektionen (Sweden)

Judicial protection

The Courts in Sweden are divided into two distinct tracks: The General Courts and The Administrative Courts. Both tracks have three tiers. The General Courts mainly deal with criminal cases, in addition to some select civil law disputes.

Complaints regarding Datainspektionen's administration of a case can be lodged as a complaint with the Parliamentary Ombudsmen.

General Courts

While most of the cases related to data protection will be handled by the Administrative Courts if brought into the court system, requests for damages will be handled by the General Courts. Claims of damages can also be handled by Datainspektionen.

Administrative Courts

Appeals from Datainspektionen can be brought before the Administrative Courts.