The Data Act () is the world's first national data protection law and was enacted in

Sweden Sweden, formally the Kingdom of Sweden, is a Nordic countries, Nordic country located on the Scandinavian Peninsula in Northern Europe. It borders Norway to the west and north, and Finland to the east. At , Sweden is the largest Nordic count ...

on 11 May 1973. It went into effect on 1 July 1974 and required licenses by the Swedish Data Protection Authority for information systems handling

personal data Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...

History

Information and communications technologies (ICTs) were far developed in Sweden due to multiple circumstances and the use of computers in public administration was introduced relatively early. Furthermore, the concepts of transparency, public access and

openness Openness is an overarching concept that is characterized by an emphasis on transparency and collaboration. That is, openness refers to "accessibility of knowledge, technology and other resources; the transparency of action; the permeability of or ...

were traditionally widely present in Swedish society. Widespread public concern was raised in 1969 due to the year's public census. In 1969, the Royal Commission on Publicity and Secrecy was set up to investigate problems associated with the increasing use of computers to store and process personal data. They provided the initial analysis, recommendations and drafts that addressed these problems. In July 1972, they published their report ''Computers and Privacy'' (Sw. ''Data och integritet''). The Data Inspection Board (DIB), proposed in the report, was set up in July 1973. In April 1973, the

Riksdag The Riksdag ( , ; also or , ) is the parliament and the parliamentary sovereignty, supreme decision-making body of the Kingdom of Sweden. Since 1971, the Riksdag has been a unicameral parliament with 349 members (), elected proportional rep ...

uncontentiously passed the Data Act, also proposed in the report, which only slightly modified the commission's draft. It then came into force in July 1973. An associated amendment to the Freedom of the Press Act was adopted in February 1974 − around the same time as the Credit Information Act and the Debt Recovery Acts which regulated computerized credit information.

Problems and succession

As the law's data registration and transborder data flow requirements were considered cumbersome and confusing by private and public organizations and the DIB was soon overcome by the magnitude of registrations the law was amended in 1982 which made the private sector and the government more self-sufficient in terms of registration. After several more amendments in 1989 a Commission on Data Protection was set up to make a total revision of the act. The commission submitted its final report in 1993 recommending a new Data Protection Act based largely on the then current second proposal from the European Commission for an EC Directive. In 1995 Sweden joined the European Union which had adopted the

Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, was a European Union directive which regulated the processing of personal data within the European Union (EU) and the free movement of such data. The Data ...

in the same year and a new committee was entrusted with making recommendations on the implementation of the directive and a new total revision of the Data Act. In 1997 it presented a report on the implementation containing a proposal for a new Personal Data Act. The law was then superseded on 24 October 1998 by the Personal Data Act (Sw. ''Personuppgiftslagen'') that implemented the 1995 EU directive. The 1973 law mainly focused on automated computer processing systems containing assignable information of living persons and not data processing in general and was considered to be outdated in many respects for many years.

The law

The act required a prior permit from the DIB for each computerised personal data register. When a permit was given, the Board issued tailor-made conditions for that register. It did not contain many provisions on when and how the data should be processed, or general data protection principles. Those who were subject of data contents were guaranteed freedom of access to their records. Exporting data on Swedish citizens outside the country required a license as well which wasn't granted when it was discovered that this was done to evade the regulatory requirements of the law. In 1979 the Swedish government issued a report which also raised concerns over critical data exported to other countries potentially becoming a target of terrorist organizations. It also requires responsible persons to pay compensations when individuals suffer damage due to incorrect information about them. The law also criminalized data intrusion but only intended to penalize persons physically breaking into offices to change data and did not consider Internet-based hacking at the time.

Earlier data protection laws

In October 1970 a data protection law went into effect in the West German state of

Hesse Hesse or Hessen ( ), officially the State of Hesse (), is a States of Germany, state in Germany. Its capital city is Wiesbaden, and the largest urban area is Frankfurt, which is also the country's principal financial centre. Two other major hist ...

− the ''Hessisches Datenschutzgesetz''.

References

{{reflist, 30em Law of Sweden Privacy in Sweden Privacy law Data laws of Europe Freedom of information legislation 1973 in law 1973 in Sweden Information privacy May 1973 in Europe

History

Problems and succession

The law

Earlier data protection laws

See also

References