Privacy International defends the right to privacy across the world, and fights surveillance and other intrusions into private life by governments and corporations. Read more »


Chapter: 

IV. Governance issues

E-government

Voting is open to those aged 18 and older but is not mandatory.1 National elections are managed by the Swedish Election Authority or Valmyndigheten, which was established in July 2001.2 The Election Authority is responsible for all voting material from voter registration cards to paper ballots, including development of and support for the information technology systems used during the election process. The Election Authority keeps a register with voter registration information for the purpose of producing voter registration cards.3 Voter registration information is also kept in secured files at the Central Bureau of Statistics.4 The Election Authority prepares a list of those who are entitled to vote in the election based on information that, 30 days prior to the election day, is contained in the population registration database in accordance with the Processing of Personal Data in the Swedish Tax Agency's population registration and the Land Registration Act.5 Individuals are sent a voting card with the voter's name and number in the electoral roll, what elections the voter may participate in, and the voter's polling station and its opening hours.6 Voting can take place at a voting booth, by messenger, or by mail.7 Voters who cannot vote at their polling station on election day may vote in advance at any voting place, such as the municipal office, a library, school, or post office.8 Advance voting begins 18 days before election day. Voting secrecy is highly valued. Ballots are cast on paper ballots that are placed in envelopes, which are then given to a poll official to place in the appropriate ballot box.

So far, Swedish citizens have been using non-official electronic ID cards issued by the Swedish Post and software-based electronic IDs like the "BankID" (developed by the largest Swedish banks) and "SteriaeID" to access certain e-Government services. In November 2006, approximately 3 million such eIDs had been issued. A rough estimate of the use of eIDs in Sweden is that more than 1 million users make approximately 2.5 million transactions (including both authentication and signatures) a month using eIDs for e-Government and other services on the market.9

Any physical person with a Swedish personal identity number (a unique identification number for Swedish citizens) can obtain an eID. This number appears on the eID and its microchip. Legal entities can also use an eID. Furthermore, Steria has introduced a new type of eIDs in Sweden: organisational certificates for personal use. This type of certificate contains the organisation's number, the name of the organisation, and the name and role of the person. It is worth noting that none of the organisational eIDs contains the personal identity number, which is considered to be sensitive information.10

EIDs exist as both smart cards and as files stored on the hard disk. Some issuers provide one or the other, whereas some give the option to choose the form of the eID. EIDs are issued in two ways: by ordering and downloading them from the user's Internet bank while logged in (and thus identified by the bank), or by ordering the eID on the Internet. If the eID has been ordered via an Internet bank and is issued on a smart card, the user will need to collect the eID at a bank or post office, showing a physical ID. As eIDs are issued by different suppliers, the authority that provides e-services must be able to authenticate users, verify e-signatures, and apply for revocation checks in different ways and via different eID-suppliers.11

Several e-Government applications and services require the use of such eIDs. These include: income tax declarations and submissions of tax or VAT returns online; parental services delivered by the Swedish Social Insurance Agency; registration of a new company to the Companies Registration Office; application for and renewal of a driver's licence; and registration and de-registration of vehicles. The Swedish eID is becoming more and more well-known and established as the means to authenticate the user and for the user to sign electronically in e-Government applications.12

Open government

Sweden is a country that has traditionally adhered to the Nordic tradition of open access to government files. The world's first freedom of information act was the Riksdag's (Swedish Parliament's) Freedom of the Press Act of 1766. The Act required that official documents should "upon request immediately be made available to anyone making a request" at no charge. The Freedom of the Press Act is now part of the Constitution and provides that "every Swedish citizen shall have free access to official documents." Restrictions in several situations are stipulated in the Secrecy Act.13 Decisions by public authorities to deny access to official documents may be appealed to general administrative courts and, ultimately, to the Supreme Administrative Court. The Parliamentary Ombudsman has some oversight functions for freedom of information.

Other development

A new political party, the Pirate Party, dedicated to "reform of copyright laws, the abolishing of patents and working against installing more regulations, and remove the Data Retention Act, that are seriously threatening citizens' privacy" is "making a bid for representation in the Swedish parliament in the upcoming national elections in September."14 After success in the elections for the European Parliament in 2009, the party now aspires to similar results in the national elections. Based on recent experiences of the difficulty of establishing new parties in the Swedish party system (such as the poor result of the Feminist Initiative in the 2006 elections and the right-wing populist party New Democracy in the 1990s), this ambition may be difficult to achieve.15 Without a doubt, the FRA spectacle and the Pirate Bay trial, as discussed above, contributed massively to the good result of the Pirate Party in the EU election. The Swedish debate has, however, cooled off somewhat and the privacy issue has been pushed off the agenda by the current financial crisis and labour market policy.

Civil society advocacy work

No specific information has been provided under this section.

International obligations

Sweden has signed and ratified the 1966 UN International Covenant on Civil and Political Rights (ICCPR) and to its First Optional Protocol that establishes an individual complaint mechanism.16

Sweden is a member of the Council of Europe and has signed and ratified the European Convention for the Protection of Human Rights and Fundamental Freedoms.17 It has also signed and ratified the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (ETS No. 108)18 and its Additional Protocol regarding supervisory authorities and transborder data flows (ETS No. 181).19 Sweden signed, but has not ratified, the Council of Europe Convention on Cybercrime (ETS No. 185).20 An additional protocol to the Convention concerning the criminalisation of acts of a racist and xenophobic nature committed through computer systems was signed on 28 January 2003.

In 2006, the European Court of Human Rights (ECtHR) examined the power of SÄPO (Säkerhetspolisen, the Security Police) to compile, register, and save information about individuals.21 The applicants -- a journalist, a peace activist, a political activist, and a member of the European Parliament -- requested access to their files but were refused on the grounds of national security. The ECtHR found that maintaining files on the applicants was in violation of Article 8 (the right to respect for private and family life) because the file was not "necessary in a democratic society." The Court held that SÄPO's refusal to grant the applicants full access to their files did not violate Article 8 and accepted the government's reason citing national security. The ECtHR also held that the registration of the applicant's information violated articles 10 (freedom of expression) and 11 (freedom of association and assembly), since the information concerned political opinion, membership in political parties, and political activities. Lastly, the Court found a violation of Article 13 (the right to an effective remedy) since none of the relevant national authorities were able to order the deletion of the files.

Sweden is a member of the Organisation for Economic Cooperation and Development (OECD) and has adopted the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.

Footnotes