Jump to content

Data Act (Sweden)

From Wikipedia, the free encyclopedia
Data Act
Sweden
Enacted11 May 1973
Repeals
Personal Data Act of 1998

The Data Act (Swedish: Datalagen) is the world's first national data protection law and was enacted in Sweden on 11 May 1973.[1][2][3] It went into effect on 1 July 1974[4][2] and required licenses by the Swedish Data Protection Authority for information systems handling personal data.[5]

History

[edit]

Information and communications technologies (ICTs) were far developed in Sweden due to multiple circumstances and the use of computers in public administration was introduced relatively early. Furthermore, the concepts of transparency, public access and openness were traditionally widely present in Swedish society.[6][7] Widespread public concern was raised in 1969 due to the year's public census.[7]

In 1969, the Royal Commission on Publicity and Secrecy was set up to investigate problems associated with the increasing use of computers to store and process personal data.[4] They provided the initial analysis, recommendations and drafts that addressed these problems.[2] In July 1972, they published their report Computers and Privacy (Sw. Data och integritet).[2]

The Data Inspection Board (DIB), proposed in the report, was set up in July 1973.[2]

In April 1973, the Riksdag uncontentiously passed the Data Act, also proposed in the report, which only slightly modified the commission's draft.[2] It then came into force in July 1973.[2] An associated amendment to the Freedom of the Press Act was adopted in February 1974 − around the same time as the Credit Information Act and the Debt Recovery Acts which regulated computerized credit information.[2]

Problems and succession

[edit]

As the law's data registration and transborder data flow requirements were considered cumbersome and confusing by private and public organizations and the DIB was soon overcome by the magnitude of registrations the law was amended in 1982 which made the private sector and the government more self-sufficient in terms of registration.[8]

After several more amendments in 1989 a Commission on Data Protection was set up to make a total revision of the act. The commission submitted its final report in 1993 recommending a new Data Protection Act based largely on the then current second proposal from the European Commission for an EC Directive. In 1995 Sweden joined the European Union which had adopted the Data Protection Directive in the same year and a new committee was entrusted with making recommendations on the implementation of the directive and a new total revision of the Data Act. In 1997 it presented a report on the implementation containing a proposal for a new Personal Data Act.[1]

The law was then superseded on 24 October 1998 by the Personal Data Act (Sw. Personuppgiftslagen) that implemented the 1995 EU directive.[9][10][11][12] The 1973 law mainly focused on automated computer processing systems containing assignable information of living[4] persons[2] and not data processing in general and was considered to be outdated in many respects for many years.[13][14][15]

The law

[edit]

The act required a prior permit from the DIB for each computerised personal data register. When a permit was given, the Board issued tailor-made conditions for that register. It did not contain many provisions on when and how the data should be processed, or general data protection principles.[1]

Those who were subject of data contents were guaranteed freedom of access to their records. Exporting data on Swedish citizens outside the country required a license as well which wasn't granted when it was discovered that this was done to evade the regulatory requirements of the law.[8][7] In 1979 the Swedish government issued a report which also raised concerns over critical data exported to other countries potentially becoming a target of terrorist organizations.[8]

It also requires responsible persons to pay compensations when individuals suffer damage due to incorrect information about them.[2]

The law also criminalized data intrusion but only intended to penalize persons physically breaking into offices to change data and did not consider Internet-based hacking at the time.[16]

Earlier data protection laws

[edit]

In October 1970 a data protection law went into effect in the West German state of Hesse − the Hessisches Datenschutzgesetz.[17][18][5][19][6]

See also

[edit]

References

[edit]
  1. ^ a b c Öman, Sören. "Implementing Data Protection in Law" (PDF). Retrieved 10 May 2017.
  2. ^ a b c d e f g h i j Bennett, Colin J. (1992). Regulating Privacy: Data Protection and Public Policy in Europe and the United States. Cornell University Press. p. 63. ISBN 0801480108. Retrieved 10 May 2017.
  3. ^ "Online Privacy Law: Sweden". Law Library of Congress. 10 May 2017. Retrieved 10 May 2017.
  4. ^ a b c Mochmann, Ekkehard; Müller, Paul J. (1979). Data Protection and Social Science Research: Perspectives from Ten Countries. Ardent Media. ISBN 9783593326047. Retrieved 10 May 2017.
  5. ^ a b Madsen, Wayne (7 July 1992). Handbook of Personal Data Protection. Springer. ISBN 9781349128068. Retrieved 10 May 2017.
  6. ^ a b Kosta, Eleni (21 March 2013). Consent in European Data Protection Law. Martinus Nijhoff Publishers. ISBN 978-9004232365. Retrieved 10 May 2017.
  7. ^ a b c Fuster, Gloria González (28 April 2014). The Emergence of Personal Data Protection as a Fundamental Right of the EU. Springer Science & Business. ISBN 9783319050232. Retrieved 10 May 2017.
  8. ^ a b c Madsen, Wayne (7 July 1992). Handbook of Personal Data Protection. Springer. ISBN 9781349128068. Retrieved 10 May 2017.
  9. ^ "Law in Sweden - DLA Piper Global Data Protection Laws of the World". www.dlapiperdataprotection.com. Retrieved 10 May 2017.
  10. ^ "Personal Data Act (1998:204);" (PDF). Retrieved 10 May 2017.
  11. ^ "The Personal Data Act - Datainspektionen". www.datainspektionen.se (in Swedish). Archived from the original on 6 May 2017. Retrieved 10 May 2017.
  12. ^ Castro, Catarina (2002). Employment Privacy Law in the European Union: Surveillance and Monitoring. Intersentia nv. ISBN 9789050952392. Retrieved 10 May 2017.
  13. ^ "Personal Data Protection". Retrieved 10 May 2017.
  14. ^ Kirchberger, Christine (2011). Cyber Law in Sweden. Kluwer Law International. ISBN 9789041134523. Retrieved 10 May 2017.[permanent dead link]
  15. ^ "Data Protection Laws of the World Handbook: Second Edition - Sweden - Data Protection - Sweden". www.mondaq.com. Retrieved 10 May 2017.
  16. ^ Kirchberger, Christine (2011). Cyber Law in Sweden. Kluwer Law International. ISBN 9789041134523. Retrieved 10 May 2017.[permanent dead link]
  17. ^ Agre, Philip E.; Rotenberg, Marc (1997). Technology and Privacy: The New Landscape. MIT Press. p. 221. ISBN 9780262511018. Retrieved 10 May 2017.
  18. ^ Nations, United; Publications, United Nations; Assembly, United Nations General (October 2006). Report of the International Law Commission. United Nations Publications. ISBN 9789218102676. Retrieved 10 May 2017.[permanent dead link]
  19. ^ Fuster, Gloria González (28 April 2014). The Emergence of Personal Data Protection as a Fundamental Right of the EU. Springer Science & Business. ISBN 9783319050232. Retrieved 10 May 2017.