SWEDEN Trends and Developments Contributed by: Niclas Rockborn, Astrid Svensson and August Hansson, Gernandt & Danielsson
ration between technicians and legal profession - als is crucial for ensuring that new AI technol - ogy is safe from a data protection perspective. IMY has been actively involved in addressing the emerging challenges of new AI technol - ogy through regulatory sandboxes. Uncertainty generally stifles innovation; therefore, the IMY offers comprehensive guidance through its regu - latory sandboxes, which emphasise the use of AI in relation to data protection regulations, as described further below. IMY’s regulatory sandboxes The main objective of IMY’s regulatory sandbox initiative is to enable collaboration between inno - vators and regulators. Together, the innovators and regulators interpret how regulations can work in practice with innovative products and services. The purpose of the regulatory sandbox is for IMY to provide guidance through work - shops and thereafter make the results public. The first regulatory sandbox pilot (Pilot) included two healthcare providers aiming to evaluate the possibilities of joint training and an exchange of the machine learning method models. AI Swe - den - the Swedish centre for applied AI - also supported the work. The results from the Pilot include IMY’s reasoning behind the appropri - ate legal basis for such processing activities, the data processing roles and other relevant information from an AI and data protection per - spective. The results of the pilot report IMY’s reflections on AI and other new technologies while ensuring compliance with the GDPR. IMY highlights the special need for cross-functional collaboration regarding the use of AI. Both the regulatory and technical aspects are highly com - plex, especially when put into practice. Close collaborations between technicians and legal professionals are crucial for success. Therefore, technicians will need to educate legal profes -
sionals on how the technology functions and legal professionals will need to develop good pedagogical skills to explain the fundamental principles of data protection and how the tech - nicians should apply them. Since the first regulatory sandbox, IMY has pub - lished the results from two other sandboxes, which addressed measuring safety in public environments using IoT technology and hand - ing out public documents with the help of AI. An interesting regulatory sandbox to keep an eye out for during 2025 is IMY’s sandbox together with the four major Swedish banks SEB, Nor - dea, Swedbank and Handelsbanken concerning the possibilities for increased information shar - ing between banks to strengthen the ability to prevent fraud and money laundering while still complying with the GDPR. Personal Data Relating to Criminal Convictions and Offences Article 10 of the GDPR in general Article 10 of the GDPR concerns the process - ing of personal data relating to criminal convic - tions and offences. In Sweden, the general rule is that only the public authorities can process personal data related to criminal convictions and offences. The legal bases for organisations (oth - er than public authorities) to process personal data of this nature are limited to when permit - ted under the Swedish constitution, applicable law, or when necessary to establish legal claims or fulfil legal obligations. In addition, IMY has the authority to permit organisations to process personal data related to criminal offences. This chapter will highlight important developments led by IMY that are relevant to personal data relating to criminal convictions and offences in Sweden.
411 CHAMBERS.COM
Powered by FlippingBook