The ever-increasing uptake of the use of social media such as blogs, Facebook and similar services has naturally attracted the attention of Swedish public sector institutions. Against this background, this article discusses a number of proposed and already published guidelines from various Swedish public sector organisations on the use of social media websites by government.
Sweden recently topped the 2010 global digital economy rankings, which were published on June 29, 2010, by the Economist Intelligence Unit (EIU) and IBM’s Institute for Business Value.
A quick search on Facebook shows that over 100 of Sweden’s 290 municipalities and nine of the 20 regional administrative units (landsting) have "Community" pages on the website. YouTube abounds with promotional material uploaded on behalf of Swedish municipalities. Blogs on municipal websites and online video broadcasts of municipal assembly meetings are also commonplace. A leader in this area is the municipality of Katrineholm, where the site maintained by the Kommunchef, the head civil servant of the municipal administration, lists its various offices as maintaining some 30 social media outlets.
Sweden regards itself as an orderly, well-regulated country, and public officials have expressed some uncertainty over how to apply traditional rules and routines regarding administrative law and communication to the public in a social media context. In response to this uncertainty, the eGovernment Delegation, a central government in-house think tank, has been instructed to develop guidelines for government agencies’ use of social media such as Facebook and Twitter. In this work, the delegation has been asked to pay particular attention to the legal aspects of such use (see http://en.edelegationen.se/).
The social media issue is hot enough, and Swedish public administration is ecentralised enough, that other work is being done on developing public sector direction regarding social media. On April 12, 2010, the Swedish Data Protection Authority (‘‘Datainspektionen’’) announced the launch of an investigation into the application of the Data Protection Act on the communication of personal data within a social media context. Datainspektionen plans to carry out inspections at a municipality and a government authority as well as with private business. It promises to publish guidelines on managing personal data for organisations using social media as a communications channel. At the time of writing, there was no published timeline for atainspektionen to release these guidelines.
Guidelines Already Published
However, one set of guidelines has already been published.
The Swedish Association of Local Authorities and Regions (SALAR) released guidelines directed at the municipalities and regional organisations that make up its membership. SALAR is very influential in organising how its members conduct their affairs, and these guidelines are expected to play an important role.
The SALAR guidelines are not concerned with the operations of independent social media organisations such as Facebook, but focus instead on public sector organisations’concerns, such as the right to access public information, public sector service obligations, archival requirements, maintaining of registries of public documents, secrecy requirements and the privilege of public sector employees to give information to the media under constitutional whistleblowing protection law.
Skirting over more complicated questions — the guidelines comprise 10 pages in all — SALAR takes a factual approach to the subject, neither endorsing nor warning against the use of social media.
The guidelines’ key findings are that:
- All texts and other material published on a social medium within the context of a public authority’s operations should be presumed to be official documents, available to the public under freedom of information law and subject to registry and archival regulations as applicable.
- Documents that do not contain information restricted by secrecy requirements need not be listed in the authority’s official document registry, provided the publishing on the online medium is sufficiently searchable.
- Information subject to secrecy requirements may not be communicated by means of social media.
- Each authority is recommended to maintain a list of which external websites it publishes material on and to establish a document disposal policy governing the destruction of official documents and online files. It is also recommended to periodically record and archive the contents of dynamic platforms such as blogs and comment forums.
The extended scope of the coming guidelines from the eGovernment Delegation and the Datainspektionen will be welcomed by many. A particular concern is the question of the extent to which the restrictions of the Personal Data Act (the Act) apply to social media.
The Act contains an unusual rule for an EU Member State. The greater part of the provisions of the Act need not be applied when processing personal data in what the Act calls ‘‘unstructured material’’, such as a narrative text format or sound or images published on the internet.
In order for the exemption to apply, the material in question may not be included in or be intended to be included in a document or case management system or any other database. Processing of personal data in unstructured material may, however, not entail a violation of the integrity of a data subject.
Datainspektionen has expressed preliminary doubts over whether the typical social media platform, which is often constructed to facilitate searching for personal data and to find common interests to connect people, precludes application of the exemption for unstructured material.
The Katrineholm Kommunchef, for his part, states on his blog, "If Datainspektionen arrives at the conclusion that social media staples such as a Facebook ‘friends list’ constitutes ‘structured material’, then Official Sweden’s presence in social media becomes impossible".
Henrik Nilsson is an Associate with Bird & Bird Advokat KB, Stockholm. He may be contacted at firstname.lastname@example.org