A long-standing controversial issue in Sweden has been how the country’s fundamental laws on the freedom of speech (the Freedom of Press Act [TF] and the Fundamental Law on Freedom of Expression [YGL]) allow for the existence of privately run databases containing information on individuals and companies that have been the subject of criminal charges. However, the Swedish Supreme Court has recently issued two decisions of note on this issue, altering how the EU’s General Data Protection Regulation (GDPR) will be interpreted in relation to this area of Swedish law moving forward.
To briefly outline the facts: a news agency and a company providing background checks to its customers, both also suppliers of the above-mentioned type of database, had requested access to several official documents from a Swedish court, including decisions in multiple cases concerning criminal charges.
Customarily, official documents—such as a court’s decision in a criminal case—are accessible to the public in Sweden due to the principle of public access to information.
However, in these instances, the courts found that some of the information—specifically the personal data—contained in the requested documents was classified as secret in accordance with the secrecy provision in Chapter 21, Section 7 of the Public Access to Information and Secrecy Act (OSL). This provision specifically states that secrecy applies to personal data if it can be assumed that, after disclosure, the data will be processed in breach of the GDPR or Sweden’s Act with Supplementary Provisions to the GDPR (ASP).
Gathering large amounts of personal data from cases concerning criminal charges could, namely, violate Article 10 of the GDPR, which states that processing personal data relating to criminal convictions can only be carried out under the control of an official authority or under very limited circumstances.
Nevertheless, both the news agency and the background check company appealed the courts’ decisions. They argued that Chapter 21, Section 7 of the OSL should not apply to their activities—i.e., journalism—because journalistic work is exempt from the GDPR under Chapter 1, Section 7 of the ASP. The first part of this section states that the GDPR does not apply where it would conflict with TF or YGL. The second part states that a majority of the GDPR’s provisions (Articles 5–30 and 35–50) do not apply to the processing of personal data for journalistic purposes.
The above-mentioned section of the ASP represents the Swedish legislature’s attempt to implement Article 85 of the GDPR, which states that member states must reconcile the right to protection of personal data in accordance with the GDPR with the right to freedom of expression and information. However, the Swedish legislature’s intention to completely exempt businesses protected by Sweden’s fundamental laws on freedom of speech is perhaps better described as a prioritization of freedom of speech over the right to privacy.
It is precisely this approach that the Swedish Supreme Court has taken issue with. More specifically, the Supreme Court questioned whether the Swedish legislature’s intention could be considered compatible with the requirements of EU law. The Supreme Court reasoned that such an interpretation—where privacy rights are effectively subordinated to freedom of speech—would almost entirely undermine the protection of personal data provided by the GDPR and would not adequately safeguard the rights and freedoms of data subjects. As a result, the Supreme Court upheld the lower courts’ decisions to apply the secrecy provision in Chapter 21, Section 7 of the OSL to the personal data in the requested documents.
Even though the Supreme Court’s decision has received significant attention, it would be inaccurate to say that the Court struck while the iron was hot. A case with similar circumstances is currently pending at Attunda District Court (case no. T 3743-23), awaiting a preliminary ruling from the Court of Justice of the European Union. Furthermore, the Swedish legislature has already appointed a committee to investigate the issues raised in these cases, and the committee has in turn already presented its findings in SOU 2024:75. As the Supreme Court’s decision aligns with these finding, it most likely only preepmts a legislative change on the horizon.
This article was written by associate Elisabeth Hamill-Keays, together with thesis trainee Emmy Bartholdson. Please contact our team should you have any questions regarding the Swedish Supreme Court’s decision or the GDPR in general.
Gulliksson celebrates its 50th anniversary
Take part in glimpses and highlights from our journey from the start in 1975 to today!
-
Associate
+46 73 152 18 57
