The Swedish
Personal Register Law

A new Swedish law about handling of personal information in computers took effect on 24 October 1998. The law makes much of the publication of information about individual persons on the Internet illegal, such as criticism of named persons, publication of lists of references in scientific papers or the sending of e-mail messages outside of Europe.

This law is based on an EU directive  Rating , and all EU countries are thus obliged to enact similar laws. The critique of the law in Sweden discussed below, has, however, not been voiced in other countries than Sweden (when this is written, July 1999).

The law was changed in November 1999 because of the massive criticism of the law.

In November 2000, the Commission of the European Communities asked member countries for their experience with the directive.

TALKBACK Here you can ask questions about the law, discuss it and state your own opinions.

Summary of the Swedish
Personal Register Law

The object of the law is to protect against invasion of privacy through handling of personal information. The law defines "handling of personal information" as any handling of personal information, automatic or manual, like collection, registering, organizing, storing, treatment or change, retrieval, use or transmission, publication, collating, blocking or deleting. This law, however, only applies to handling of information which is wholly or partly automatic (for example by using computers), or which is contained in a structured collection of personal information available for search or retrieval.
   Personal information is defined as any kind of information, which directly or indirectly refers to a living physical person.
   The law specifies exceptions where the law is not valid: Wholly private registers handled by a single person for his or her personal needs, registers published in newspapers, books or broadcast programs, registers used only by journalists, authors or artists.

The law may not be as dangerous as it sounds

The law may not be as dangerous as it sounds, since there has been a very heated debate about the law in Sweden, and it is possible that the law will not in reality be upheld in ways which endanger freedom of speech. Because of this, many providers of services in Sweden have chosen to continue as before until anyone really is prosecuted according to the new law.

Requirements on treatment
of personal information

Personal information may only be handled for specified and justifiable goals. Collected information may only be used for the purpose, for which it was collected. Personal information must be correct and up-to-date and must not be kept longer time than needed for the purpose of the collection.
   Personal information may only be handled with permission from the person, whose information is handled, or for certain other justified uses.

Sensitive information

It is not permitted to handled personal information which reveals race or ethnic origin, religious or political opinions, membership in trade unions and information about health or sexual behaviour. There are a few exceptions from this, a society may handle information who are its members, even though the organization is connected to a particular religious faith or political view, and medical organizations may handle medical information about their patients, researchers may handle information for research purposes and such information may also be handled or published with permission from the person, whose information is handled.

Transmission to third countries

Personal information may not be transmitted outside of Europe without permission from the person, whose information is handled, except with explicit permission from this person, to fulfill legal obligations or to protect vital interests.

Control and punishment

The upholding of the law is controlled by a special government agency, the Data Inspection Agency, and breaking the law may be punished through damages to the registered person, fines and prison up to two years.

Critique of the act

Publication of information
on the Internet would be illegal

If you interpret the act literally, it would mean that the following acts would be illegal:

  • Writing of an e-mail message to a recipient outside Europe without the prior permission of the recipient.
  • All Internet-based discussion forums (except those run by newspapers, since newspapers are excempt from the law) in which any information about a person is mentioned without the permission of that person.
  • Publication on the Internet of any scientific paper, which contains lists of references, unless each person in the list of reference has given permission in advance.
  • Any criticism of a named person, where that person does not give permission for the criticism. For example, criticism of politicians would not be allowed, a trade union would not be allowed to criticize named employers, etc.

This does not agree very well with the Swedish constitution, which says that society should protect the rights of citizens to communicate with each other, especially communication about political and religious issues. However, the constitution contains a clause saying that the rights to communicate can be restricted in order to protect personal privacy, so the lawmakers claim that the law is not in contradiction to the constitution.

Why are some vocations exempted

The law has also been criticized for the exemption for authors, journalists and artists: Freedom of speech should be a right for everyone, not only for certain vocations.

The law is not needed

Criticism of the law has also said that the law is not needed, since there are other laws, like laws about racial agitation, defamation of character, etc. which are better ways than this law to regulate unwanted communication.

Will the law really be upheld

The previous Data Act, which the new law replaces, also made most of the Internet illegal. However, this law has only been upheld by the government very irregularly. In one case, an online forum was forbidden to discuss political and religious issues, in another case, an author was forbidden to write his book using a computer. In the second case, however, this decision was revoked on appeal to the government. The new act, however, does not allow appeals to the government, only to courts of law, which can be expected to follow the words of the law. Local governments have been forbidden from publishing notes from their meetings on the Internet. In most cases, however, personal information has been published on the Internet without repressional acts from the government.
   Probably, the new law will also not be upheld, but the risk that the government can apply the law, when something is published, which they do not like, has been said to be an argument against the new law.
   The agency responsible for upholding the law, the Data Inspection Agency, says that it will strictly interpret the letter of the law, but that they may, because of limited time, not have time to act against uncontroversial information, like naming the nobel prize winners on the Internet.

Is Sweden forced by
the European Union
to enact this law?

The law was passed by the Swedish parliament with only the small liberal party and a few stragglers from other parties voting against it. When asked why they passed a law which restricts freedom of speech in this way, they say that they had to pass this law, in order to fulfill a directive (in Swedish  Rating and in English  Rating ) from the European Union.
   However, opponents of the law says that this directive was not meant to be applied to publication of personal information, it was only meant to be applied to structured collections of personal information. Also structured collections would however cause problems, for example a list of references in a scientific paper is obviously a structured collection and would thus be illegal, unless each of the authors of the papers in the reference list gave their permission, and to obtain such permission would often be very difficult.

Will the government amend the law

Because of the criticism, the government has asked the Data Inspection Agency to investigate, whether publication of local government protocols and some other publication might be exempted from the law.

History of the law

Sweden was one of the first European countries to get a law about computers and personal privacy. This law was accepted in its first version by the Swedish parliament in 1973. The law in its initial form required all data bases of personal information to get permission from a special "Data Protection Agency" of the Swedish government, and this agency should not allow data bases which infringe on personal privacy. In particular, data bases containing certain so-called sensitive information, such as about political and religious believs, race and ethnic origin, illnesses and sexual behaviour, were only allowed under very special circumstances.
    I was one of the few people who already during the 1970s raised the issue of the conflict between this act and freedom of speech. In 1978, I applied for permission to run a BBS. I wrote in my application that we intended people to be able to send messages to each other on any topic they needed to communicate about. My application was denied in 1978. After talks to the agency, we wrote a new application where we promised not to allow messages giving information about the senstive areas, and promised to delete all messages after two years.
    I strongly criticized the data protection agency at that time, and said that even though the Swedish constitution specially safeguards the right to communicate on politics and religion, we were forbidden from such communication. We started our BBS, and in fact we did have political and religiuous discussions in it, and the data protection agency never tried to stop us from doing this. So already at that time, the law was not very much implemented in reality in applications where people send messages and documents to each other.
    I also did not delete old messages after two years, again, the data inspection agency did not do anything to enforce its ruling. After that, of course, we got more and more BBSes and e-mail systems and the Internet. The data protection agency very seldom tried to restrict this. Mainly, they said no if you asked for permission, but very few people were silly enough to ask for permission.
    One person was a Swedish author, who asked for permission to use a computer to write a book (containing factual information about people, and thus a "personal information data base" according to the law). The data inspection agency said no! But he appealed to the government, and the government said yes, it said that freedom of speech was more important than the data protection act in this case. After that, the most controversial issues has been that certain local governments in Sweden have put up web pages with notes from their meetings, which often contained names of existing people. The data inspection agency has tried to restrict this.

Recent changes to the law

The Swedish parliament has in November 1999 decided some modifications to the law in reaction to the critics it has received. The changes are that minor violations of the law will not be punished. Damage may however have to be paid also for minor violations of the law. Another change is that personal information can be exported, provided that the recipient upholds reasonable privacy control.
   Many parties in the parliament wanted more changes. The liberal party wanted to specify in the law, that the law should not be used to infringe on the freedom of speech, and also wanted to disallow damages for minor violations of the law.
   Several parties asked the Swedish government to try to get EU to change its data directive, based on the model that the law should specify what is forbidden, and not be valid for so much permitted information.

TALKBACK Here you can ask questions about the law, discuss it and state your own opinions.

Full text of the law:
- In English translation  Rating
- Swedish original  Rating

More about law and the Internet  Rating

More about the personal information law in Swedish  Rating

Give your own rating of the quality of this web page:
(Awful) Awful!    (Mediocre) Mediocre    (Average) OK   (Good) Good    (Great) Superior