Data Protection in Sweden

From GDPRhub
Data Protection in Sweden
Se.png
Data Protection Authority: Datainspektionen (Sweden)
National Implementation Law (Original): Lag (2018:218)
English Translation of National Implementation Law: n/a
Official Language(s): Swedish
National Legislation Database(s): Link
English Legislation Database(s): n/a
National Decision Database(s): Link

Legislation

History

Sweden introduced one of the first data protection laws in the world in 1973 with the introduction of the Data Act (Datalagen). The supervisory authority Datainspektion was founded the same year.

National constitutional protections

The Swedish Basic Laws are four fundamental laws, regulating the political system and acting in the same role as constitutions in most other countries. The four Basic Laws are The Instrument of Government; The Freedom of the Press Act; The Fundamental Law on Freedom of Expression, and the Act of Succession.

The Basic Law protects the right to privacy in Chapter 2 § 6 in the Instrument of Government.

The right to free speech is secured in Chapter 2 § 1 in the Instrument of Government and Chapter 2 § 1 of The Fundamental Law on Freedom of Expression, and Chapter 1 § 1 in the Fundamental Law on Freedom of Expression.

Freedom of information follows from Chapter 2 § 1 in the Instrument of Government.

The right of public access follows from Chapter 2 § 1 The Fundamental Law on Freedom of Expression.

It is unsure if the GDPR is compatible to the constitutional protection. The stance of the Swedish government is that Article 85 and 86 allows the constitutional protections found in the Basic Laws.

National GDPR implementation law

In Sweden the GDPR is implemented by Lag (2018:218).

You can help us fill this section!

Age of consent

The age of consent in Sweden is 13 years following § 4 of the Data Protection Act.

Freedom of Speech

Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.

Employment context

Chapter 3 § 2 further that processing special categories of personal data in the context of employment and social security may be done in accordance with Article 9 for purposes of excercising rights, or fulfilling obligations under labour law.

Research

Under Chapter 3 § 3 number 3 there is a general provision opening up for processing personal data that represent an important public interest based on a balancing of interest with the fundamental rights and interests of the data subject. It follows from § 4 that the government may issue further regulations on processing of special categories of personal data that is necessary in view of an important public interest.

Archival and statistical purposes

Special categories of personal data may be processed if it is necessary for the controller to comply with regulations on archives pursuant to Chapter 3 § 6.

For processing of special categories of personal data for statistical purposes, the benefit must be necessary for statistical purposes and the public interests in the processing must clearly weigh in the favor of such processing without an undue intrusion into the privacy of the individual, pursuant to Chapter 3 § 7.

Health sector

According to Chapter 3 § 5 of the Data Protection Act, special categories of personal data may be used if the processing is necessary for one of six applicable purposes:

(1) preventive health care and occupational medicine; (2) the assessment of an employee's work capacity; (3) medical diagnoses; (4) provision of health care or treatment; (5) social care, or (6) management of health care services, social care and their systems

Other relevant national provisions and laws

Datainspektionen can impose sanctions on government breaches pursuant to Chapter 6 § 1(1) in accordance with Article 83

You can help us fill this section!

National ePrivacy Law

The ePrivacy Directive is implemented through several laws, the most important being the Electronic Communications Act (Lag 2003:389 in SE) which regulates the placement of cookies in § 18. The supervisory authority is Post- och telestyrelsen, PTS.

Data Protection Authority

The Swedish Data Protection Authority (Datainspektionen) is the national data protection authority for Sweden.

→ Details see Datainspektionen (Sweden)

Judicial protection

The Courts in Sweden are divided into two distinct tracks: The General Courts and The Administrative Courts. Both tracks have three tiers. The General Courts mainly deal with criminal cases, in addition to some select civil law disputes.

Complaints regarding Datainspektionen's administration of a case can be lodged as a complaint with the Parliamentary Ombudsmen.

General Courts

While most of the cases related to data protection will be handled by the Administrative Courts if brought into the court system, requests for damages will be handled by the General Courts. Claims of damages can also be handled by Datainspektionen.

Administrative Courts

Appeals from Datainspektionen can be brought before the Administrative Courts.