On 11 May 2006 the Swedish parliament voted to amend the Swedish Personal Data Act, making it more focused on preventing misuse of personal data. Complaints have been levelled about the provisions being too rigorous and formalistic to be expected to be observed in everyday data processing. The restrictions were seen as not providing enough effective protection in proportion to the burdens imposed.
Exemption for “Unstructured material”
The most significant change to the Act is to exempt processing of “unstructured materials”, meaning inter alia writings, sounds and images, from the greater part of the handling rules in the Act. The handling provisions should be reserved for processing of material which can be harmful to the personal integrity of individuals, i.e. materials structured with the purpose of specifically facilitating searches for personal data or compilations of such data. Prime examples are personal data registers and personal data-related databases. With unstructured materials, such as those typically made available on the internet, the purpose is generally communicating with others.
Excluded material will be regulated by a simple rule designed to provide protection from the misuse of personal data. Under this rule the processing of personal data is not permitted if it constitutes a violation of the registered person's personal integrity. Guidelines to the legislation warn the data processor NOT:
- to process personal data for improper purposes, such as for harassment or to scandalise;
- to collect large amounts of information about one individual without justifiable reasons;
- to slander or insult someone else.
Data processors SHALL:
- correct personal data demonstrated to be wrong or misleading;
- observe secrecy and non-disclosure regulations.
Anyone found to process personal data in unstructured material breaching personal integrity standards is liable to criminal sanctions and damages.
Decriminalisation of negligent offences
Another important change, aimed at shifting towards a misuse-oriented legislation, is the decriminalisation of breaches committed by “mere” negligence. “Gross” negligence is now required for a breach to be prosecuted as a criminal offence under the Act.
Other proposals in the draft legislation concern the right to appeal certain decisions to the administrative courts and the right for the government to provide exceptions under Art. 13.1 of Directive 95/46/EC.
The amendments to the Act will come into force on 1 January 2007.