Privacy laws and constitutional protection
Greetings
Earlier today I asked a question regarding removal of my private information (date of birth, financial records, address, etc.) from companies such as Ratsit. I believe the response I was given to be a "template response". Yes, I am aware that in Sweden this information is available from Skattemyndigheten, Kronofogdemyndigheten, Bolagsverket and SCB, but Ratsit are neither of those. They are a *private business*. If someone wants my information they can indeed ask for it from Skattemyndigheten, Kronofogdemyndigheten, Bolagsverket or SCB. But Ratsit are neither of those, they are a private company and I do not wish THEM providing access to my information nor do I wish THEM consolidating information from various governmental sources into one easily searchable unit which they then sell. There is a significant difference between a governmental agency providing this information as opposed to a private company selling it.
I refuse to believe that such a forward country would have such appallingly backwards laws regarding protection of basic personal information, such as one's address or financial data.
Please advise what legal course of action one can take when a private company refuses to cease dispersing information that only governmental agencies should be able to dismiss.
Sincerely
Lawline svarar
Hi and thank you for your response to the earlier question that I answered.
Yes, exactly as you write, the private information is legally available from Swedish governmental agencies. This legal right of access to information is derived from the Swedish constitution, also called "The openness principle" ("Offentlighetsprincipen") which is regulated by The Swedish Freedom of the Press Act (Tryckfrihetsförordningen and Yttrandefrihetsgrundlagen). This "openness principle" represents fundamental values in the Swedish society.
How come that this information can, legally, be distributed by private companies? There are laws governing privacy information, such as the Personal Information Act (Personuppgiftslagen), which controls how private information can be stored. These laws contain several restrictions of how this information can be sorted, categorized and used in commercial settings. Under normal circumstances these laws would apply to the business that a company, such as RatSit, conducts.
These companies have applied, and been granted, publication authorization certificates (utgivningsbevis). These certificates, of which rules can be found in the 9th paragraph of the second chapter in the YGL, set aside the above mentioned Personal Information Act (see the 7th paragraph in PUL for the rule). This means that these private companies no longer are controlled by these laws. Since these companies, with the certificates, enjoy the same protection as journalistic medias, no government controlled agency can stop publications of private information nor can this information be censored by governmental agencies.
This means that these companies have legal right to publish this information. This is, compared to other countries, an anomaly.
There is one case from the Court of European Union concerning the publishing of private information (C-131/12 Google Spain). In this case, Google had searchable information about a spanish man with information about a foreclosure of a property. The Court ruled that there is a right to be forgotten, if the information published is neither adequate, relevant or redundant. In other words, apart from this, there is not a "right to be forgotten" against companies that have relevant protection under journalistic rules (such as these certificates).
Apart from this case, there are no relevant court decisions concerning your question. From a Swedish legal viewpoint, public authorities cannot stop the publishing of this information. However, the Court of European Union might have other ways of reasoning.
To give this legal question an ultimate test against the law of the European Union, one must first seek (notably: sue) the Swedish government (notably: DataInspektionen) for not stopping the private companies from publishing this information. And after, when the Swedish courts rule in the favor the companies, appeal the court's decision to the Court of the European Union.
So, the legal course of action is suing the Swedish Information Agency (Datainspektionen) for not stopping the publishing the information, and then appealing the decision of the Swedish court to the Court of European Union for a trial in this matter.
I hope I fully answered your question this time and I wish you a pleasant day.
Sincerely,
