Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


III. Privacy topics

Internet and consumer privacy


The provision on unsolicited e-mail contained in the EU Directive 2002/58/EC was implemented in April 2004 when the Swedish Marketing Act was amended to reflect the Directive in this respect.1 As a result of this amendment, direct marketing by email now requires prior consent. The National Post and Telecom Agency is in charge of supervising compliance with the Electronic Communications Act.2 Monitoring of the Marketing Act, including the provisions on unsolicited email, falls under the scope of the Swedish Consumer Agency.3

The provisions on privacy in publicly available electronic communications services are found in Chapter 6 of the ECA. This includes provisions on security in public communications networks, processing of traffic and location data, cookies, public directories, etc. The PDA applies to processing of personal data in electronic communications networks and services to the extent that the ECA does not stipulate otherwise. The National Post and Telecom Agency emphasises the importance of enhancing the level of user knowledge and awareness about security on the Internet.4 However, Sweden is second from the bottom in the EU when it comes to protecting its citizens' private integrity, according to Privacy International's 2006 privacy ranking.5


No specific information has been provided under this section.

Online behavioural marketing and search engine privacy

No specific information has been provided under this section.

Online social networks and virtual communities

For three consecutive years (2007-2009) the Swedish Data Inspection Board has conducted a survey of young people's attitudes toward privacy in general and privacy on the Internet in particular.6

Online youth safety

For three consecutive years (2007-2009) the Swedish Data Inspection Board has conducted a survey of young people's attitudes toward privacy in general and privacy on the Internet in particular.7 As already mentioned, since 2007 the Swedish Data Inspection Board has conducted a survey of young people's attitudes toward privacy in general and privacy on the Internet in particular.8 The previous studies have shown that young people are very active on the Internet and that they like to remain anonymous. They do, however, engage in unsafe behaviours on the Internet as well as in their everyday lives.9

The 2009 results clearly indicate that young people have a more negative attitude toward surveillance in general.10 One possible explanation might be the debates surrounding the FRA and IPRED legislation during 2008.11 Almost half of the respondents stated that the debate around the FRA legislation made them think more about issues of privacy.

Young people would easily consider revealing information that has traditionally been considered private, including their political and religious views. Issues that young people judged more private include their financial situation or on whom they have a crush.12

The police are the most trusted of all the various government agencies and authorities. Young people trust private businesses the least and generally believe that the worst violation of privacy consists of businesses searching for information about them. On the Internet, however, the government searching for information is considered the worst violation of privacy.13

Young people continue their extensive use of IT, and primarily the Internet. One major change since the first survey about young people's attitudes toward privacy is the sharp increase in the number of respondents who are most likely to surf the Internet on their own computer.14

Many young people have experienced various kinds of cyber bullying. Boys are most likely to be the victims of cyber bullying with one exception: girls are much more likely to have been the victims of sexual harassment. While only a fourth of the young people have used the abuse function on a community, individuals who have used it reported that it had been effective.15

While surveillance is becoming less acceptable, a considerable majority of respondents will tolerate it if it would prevent serious crimes. Video surveillance is the most accepted form of technological surveillance. Personal presence (police, security guard, or break monitor) is preferred over technological surveillance and is considered the most effective for crime prevention.16

While respondents continue to be quite knowledgeable about privacy on the Internet, many are less familiar with the world outside the computer. They are least informed about personal identity numbers. Although most respondents know that one of the missions of the Swedish Data Inspection Board is to inform people about risks on the Internet, almost half believe that it also controls spam.17

Workplace privacy

In 1999, the Swedish government established a Committee to study workplace privacy issues. In March 2002, the Committee issued a proposal recommending specific legislation to protect the personal information of current and former employees, and employment applicants in both the private and public sectors.18 The proposal has not led to legislation. In 2005, the DIB issued a report about workplace privacy and found that few employers monitored email, used camera surveillance, or used biometrics. The study also found that few employers had procedures for deleting data in accordance with the PDA.19

Health and genetic privacy

Medical records

With regard to privacy in the health and medical sector, the use of information technology has increased. While information technology can facilitate documentation of health and medical care and contribute to using resources more efficiently, it also involves new challenges in terms of privacy and data protection. The National Board of Health and Welfare has proposed in a report that the Act on Patients' records should explicitly allow that one comprehensive record is kept for each patient.20 The Board has said that using one record covering all occasions when a patient has sought medical care at different care providers would even further reduce the time spent on documentation of medical treatment. Moreover, the Board has said that this requires that there are no obstacles in terms of secrecy and that jointly processing personal data is allowed. The DIB has pointed to several problems that this proposal poses from both a secrecy perspective and a privacy point of view.21

Personal data processing in the health and medical sector was until 2008 regulated by the Health Care Register Act of 1998 and the Patients' Records Act of 1985. In 2005, the DIB issued a report about accessibility to patient data that found that there was a lack of working routines to check that unauthorised users do not gain access to patient's data. The report created a list of guidelines that the medical community needs to review and implement to protect sensitive information.22 As a result, new rules on patients' records and health care were introduced in 2008.23 The new legislation means both threats to and regulation of patient privacy: it introduces Internet journals that can be accessed by several specialists at the same time, thus reducing the patient's control over her/his records. This "cohesive journal" (Chapter 6) is, however, subject to strict regulations by means of "internal secrecy" (Chapter 4) and is based on consent of the patient.24 The Swedish DPA oversees the act's implementation.

Sweden has signed, but not ratified, the Council of Europe Convention on Human Rights and Biomedicine, which mandates confidentiality of personal data, its Additional Protocol on the Prohibition of Cloning Human Beings, and its Additional Protocol concerning Biomedical Research.25


According to current legislation, DNA samples fall under the rules in Chapter 28 of the Code of Judicial Procedure and rules in the Police Data Act of 1998.26

Financial privacy

No specific information has been provided under this section.