fbpx

Download free GDPR compliance checklist!

Tag Archives for " Sweden "

Italy tops GDPR penalty list with €46m worth of fines this year

Businesses operating within the European Union have been hit with a total of €68 million in fines relating to GDPR breaches so far in 2020.

Over €45 million of that came from Italian-owned companies, as result of 13 separate investigations. Sweden came in second, with €7.3 million in fines from 4 cases, while the Netherlands were ranked third with €2.8 million worth of penalties.

Source: Italy tops GDPR penalty list with €46m worth of fines this year | IT PRO

The Swedish DPA issues 18,700 euro fine against the National Government Service Centre

The Swedish Data Protection Authority imposes an administrative fine of 200,000 Swedish kronor (approximately 18,700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time.

The DPA noted that it took almost five months for the NGSC to notify the concerned parties and close to three months before the DPA received a data breach notification.

Source: The Swedish Data Protection Authority issues fine against the National Government Service Centre

Swedish Data Protection Authority imposes €7 million administrative fine on Google

The Swedish Data Protection Authority imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.

Swedish Data Protection Authority criticised Google for not having removed two of the search results, as instructed in 2017. Specifically, Google was criticised for having made too narrow an assessment of which URLs ought to actually be removed from search results, and, on another occasion, had not removed a search result in a timely manner.

Furthermore, when Google removes a search result listing and notifies the website owner of which webpage link was removed and who was behind the delisting request, it was in fact doing so without a legal basis. Therefore, Swedish Data Protection Authority ordered Google to cease such practice.

Source: The Swedish Data Protection Authority imposes administrative fine on Google – Datainspektionen

Swedish Data Inspectorate investigates Clearview AI

Swedish supervisory authority – Datainspektionen – is conducting an investigation on possible use of facial recognition technology provided by US company Clearview AI by Swedish authorities.

Datainspektionen sent a number of questions to the Police, the Security Police, the Coast Guard, the Customs Administration, the Migration Agency and a number of other Swedish authorities. They want to know if any of the authorities are using Clearview AI and in such cases what legal basis they rely on.

Source: The Data Inspectorate initiates supervision on the basis of the Clearview AI – Data Inspection

Sweden authorises the use of facial recognition technology by the police

Sweden’s data protection authority has approved the use of facial recognition technology by the police, to help identify criminal suspects.

According to the Swedish authority, the processing and storage measures comply with Sweden’s Crime Data Act and the EU’s Data Protection Law Enforcement Directive (GDPR).

The decision is controversial following successive bans of this technology in US cities. The technology is widely used in China.

Source: Sweden authorises the use of facial recognition technology by the police | New Europe

How to interpret Sweden’s first GDPR fine on facial recognition in school

The school used facial-recognition software via camera to capture and register 22 students’ participation in class. The school board claimed that automizing taking the class register would save 17,280 hours of work each year at the school.

However, neither a risk assessment nor prior consultation with the Swedish DPA was executed. August 20, the Swedish DPA fined the school SEK 200,000, its first fine under the EU General Data Protection Regulation, and issued a warning against further processing.

Full article: How to interpret Sweden’s first GDPR fine on facial recognition in school

Facial recognition in school renders Sweden’s first GDPR fine

The Swedish DPA has fined a municipality 200 000 SEK (approximately 20 000 euros) for using facial recognition technology to monitor the attendance of students in school.

A school in northern Sweden has conducted a pilot using facial recognition to keep track of students’ attendance in school.

Source: Facial recognition in school renders Sweden’s first GDPR fine

EU working group to harmonize sanctions

Sweden is entering as one of the chairmen of the EU working group to work for harmonization of sanctions according to the Data Protection Regulation, GDPR.

The guidelines for harmonized penalties within the EU are expected to be completed next year. The national inspection guidelines will be revised when the common EU guidelines have been adopted.

Source: The Data Inspectorate leads the EU working group on sanctions – the Data Inspectorate

Swedish DPA digs into Spotify’s responses to SARs

The Swedish data protection authority – Datainspektionen – had initiated a review of Spotify Technology S.A.’s responses to data subject access requests (SARs).

Investigation was initiated following a number of complaints regarding how Spotify manages data subject access requests (SARs). Article 15 of the General Data Protection Regulation (GDPR) provides individuals with right to access their data any company holds about them.

Swedish DPA noted that the information Spotify provided to users in response to a SAR is incomplete and not sufficiently clear. Therefore Datainspektionen asked Spotify to detail how it handles SARs, in particular, what information it provides, what information the copy of personal data includes, and how the information is presented to data subjects.

Source: Datainspektionen granskar rätten till registerutdrag

Data protection authorities in Sweden launch investigation into medical service providers

Sweden’s Data Protection Authority has divulged that it has opened investigations into medical service providers, Voice Integrate Nordic. The organisation is part of Vardguiden, the country’s phone-up medical information service.

Recent news reports allege that a high number of recorded phone calls received by Voice Integrate Nordic were placed in the public domain online and had become open to public access without protection through encryption or passwords.

Source: Data protection authorities in Sweden launch investigation into medical service providers

>