The Swedish Data Protection Authority (Datainspektionen) – Organization history + the Personal Data Act (1998), the Debt Recovery Act (1974) and the Credit Information Act (1973)

NordenBladet – The Swedish Data Protection Authority (Swedish: Datainspektionen) is a Swedish government agency, organized under the Ministry of Justice, tasked to protect the individual’s privacy in the information society without unnecessarily preventing or complicating the use of new technology.

The agency ensure legislation within this area is complied with and as such supervise different registers and carry out inspections of companies, organizations and other government agencies; led by the agency’s own IT security specialists and legal advisors. The most important legislation is the Personal Data Act of 1998, the Debt Recovery Act of 1974 and the Credit Information Act of 1973. The agency also has an expert advisory role when the Government prepares new statutory provisions.

History:
The Swedish Data Protection Authority (DPA) was established in 1973, as a result of public concern about personal data and abuse of government power related to mass surveillance and the enactment of the world’s first national data protection law: the Data Act.

The Data Protection Authority supervises that authorities, companies, organizations and individuals follow:

1) the Personal Data Act (1998)
On the 24th of October 1998 the Personal Data Act (1998:204) came into force and replaced the out-dated Swedish Data Act from 1973. The Personal Data Act is based on Directive 95/46/EC which aims to prevent the violation of personal integrity in the processing of personal data.

Personal Data Protection fact brochure provided by the Ministry of Justice in 1998.

Data Protection Authority Statute Book
DIFS 1998:3
DIFS 2001:1

2) the Debt Recovery Act (1974)
A person who collects debts on behalf of another person, or collects debts which have been taken over for collection, normally requires a permit from the Data Inspection Board.

Before permission is granted, the company must have in it’s employment a person with professional legal experience of debt collection.

The Data Protection Authority determines whether the conditions are met. Debt collecting must be conducted in a professional and judicious manner. The Data Protection Authority ensures that these rules are adhered to. This is achieved by inspections.

Practise and custom dictate that files of personal data used in debt collection operations may not contain value judgements about people.

The Data Protection Authority Statute Book
DIFS 2005:1

3) the Credit Information Act (1973)
Credit-rating agencies collect information regarding the financial position of companies and the financial and personal circumstances of individuals.

Everyone over the age of 15 is on the computer files of Sweden’s largest credit-rating agencies.

Anyone planning to conduct credit-rating operations normally requires a permit from The Data Protection Authority. The Data Inspection Board carries out inspections to ensure that the operations are being conducted in a proper manner.

Particulars concerning a private person may only be provided to a third party if there is a legitimate reason, for example an investigation into creditworthiness. The person concerned must always receive a copy of the information that has been supplied.

Negligence on the part of a credit-rating agency can result in a liability to pay damages and those responsible may be fined or imprisoned.

International co-operation:
The board is tasked to supervise the Schengen Information System, and is involved in a number of international groups that work on privacy and personal data issues; for instance EU’s data protection group and the supervisory function of Europol’s data system.

Organization:
The agency is based in Stockholm and is led by Director-general Kristina Svahn Starrsjö. It has approximately 40 employees, the majority of whom are lawyers. The agency also has a call center that receive on average 200 calls and 60-70 e-mails per week, mostly relating to topical questions regarding protection of privacy.

Website: datainspektionen.se

Contact:
Address:
Datainspektionen
Box 8114
SE-104 20 Stockholm
Sweden Office address
Drottninggatan 29, 5th floor
Stockholm
Sweden
E-mail:
datainspektionen@datainspektionen.se

Telephone:
+46 8 657 61 00 Telefax
+46 8 652 86 52 Media inquiries
For all media inquiries or to interview an executive, please contact:
Per Lovgren
per.lovgren@datainspektionen.se
Tel: +46-70 736 10 80