Objections in Principle to new government data law
The Data Inspection Board has objections in principle to the proposed new “myndighetsdatalag” (Government data law) and believes that the investigation does not sufficiently take into account the requirement for privacy protection as is available in both EU legislation that the Swedish Constitution.
A study has been commissioned by the government revising the legislation governing the state and municipal authorities processing of personal data. The report proposes a new government data law that apply generally to most authorities’ handling of personal data.
The Data Inspection Board has fundamental objections to how the law is designed. ECHR, the EU Charter of Fundamental Rights, the Data Protection Directive and the form of government gives citizens a right to protection of privacy and personal data concerning him or her. The Data Inspection Board believes that the inquiry does not take the requirements for protection sufficiently into account.
– Of course, the ambition must be to the public business should be conducted as efficiently and effectively as possible. It may not happen in a way that sets basic privacy mechanisms sidelined, says Data Inspectorate General of Kristina Svahn Starrsjö.
Within the EU, work is now ongoing to develop new legislation on data protection. The Data Inspection Board believes that it is therefore important for a Swedish government data law to wait until it is known the final EU legislation will be crafted. It is only then that it is clear whether it is at all possible for Sweden to introduce a new government data law.
The commission set up by the Swedish government has proposed a law that will include provisions concerning data processing in all state and municipal authorities. In response the Swedish DPA has produced a report on the proposals.
The data inspection board’s full report expressed concerns on both practical and principled grounds. The proposed official information act will largely replace the Swedish Personal Data Act , the primarily implementation of the Data Protection Directive (95/46 / EC). The comments also stated that the investigation did not have a mandate to include any proposals for any significant changes to if and how authorities may treat personal information, but that the commission’s proposal includes several significant deviations from the rules and principles currently governing authorities processing of personal data. The board also expressed concerns that the combined set of requirements between the new law and existing requirements would not create a clear regulatory regime.
The statement and the associated report represent an intervention by the Swedish data protection authority in the national legislative (legitimate given their role and expertise) which draws upon both the existing national laws as well as the existing EU data protection frameworks. It also clearly highlights the problem with revising national laws on data protection issues when the General Data Protection Regulation reform effort has not yet been completed. Waiting until this is completed will reveal what legal and administrative space there remains at the national level. The investigation has also found that a comprehensive settlement is more appropriate to meet the change that will occur by EU Data Protection Regulation.