SWEDEN Trends and Developments Contributed by: Niclas Rockborn, Astrid Svensson and August Hansson, Gernandt & Danielsson
ism financing regulations, as well as for certain organisations involved in the export of dual-use goods or military equipment to process person - al data for checks against sanction lists under certain conditions. The conditions require that the sanction list must be established democrati - cally and made publicly available on official web - sites. Additionally, organisations are required to implement protective measures to differentiate between genuine matches and false matches. The scope of personal data processing will be limited to specific categories of individuals con - nected to the organisations. The Swedish entities affected by the new regu - lations are companies in the financial sector under the supervision of the Swedish Financial Supervisory Authority, companies in the secu - rity and defence market under the supervision of the Swedish Inspectorate for Strategic Prod - ucts ( Inspektionen för strategiska produkter ), and certain companies in the security and defence market under the supervision of the Swedish Radiation Safety Authority ( Strålsäkerhetsmyn - digheten ). GDPR and the constitutionally protected right to publish For non-Swedish persons, it may come as a surprise how easily the personal data of most Swedish individuals can be found in online data - bases, including name, family, address, size of home, car details, company engagements, criminal records, etc. Under the Swedish Free - dom of the Press Act ( Tryckfrihetsförordningen (1949:105)) and the Swedish Fundamental Law on Freedom of Expression ( Yttrandefrihets - grundlagen (1991:1469)), holders of a certificate of no legal impediment to publication (ie, a pub - lishing license) have constitutional protection for their publication of personal data.
The compatibility of personal data publishing and the GDPR has been the subject of several governmental investigations and national public debate due to the widespread publication and dissemination of personal data, including per - sonal data relating to criminal convictions and offences. Each year, IMY receives several com - plaints against holders of publication licences. The complaints often concern companies pro - viding online search services with personal data such as names, addresses and personal data relating to criminal convictions and offences. Previously, the general opinion was that IMY is prevented from investigating complaints from individuals against search services because of the protection under the Swedish Freedom of the Press Act and the Swedish Fundamental Law on Freedom of Expression. However, throughout 2024, several significant developments have emerged concerning enti - ties with voluntary publisher licenses’ rights to publish personal data under the Swedish con - stitution regarding personal data protected by the GDPR. In IMY’s recent legal position, the authority considers that it is authorised to initiate supervision of and enforcement against search services with a publishing licence following com - plaints from individuals under the GDPR. The main reasons why IMY has reconsidered its previous position are outlined below. • Developments in the EU and Swedish case law that have strengthened the legal positions of individuals who complain to IMY and IMY’s obligations to investigate and act on their complaints. • Case law, which has clarified that a balance needs to be struck between the right to pro - tection of personal data under the GDPR and
413 CHAMBERS.COM
Powered by FlippingBook