I took this from Panopticon Blog concerning the outcome of the Google order. Now what if the rights of the Swedish citizen was to be escalated to the EU courts, would the outcome be the same?
“The first question for the CJEU was whether Google was a data controller for the purposes of Directive 95/46. Going against the opinion of the Advocate General (see earlier post), the Court held that the collation, retrieval, storage, organisation and disclosure of data undertaken by a search engine when a search is performed amounted to “processing” within the meaning of the Directive; and that as Google determined the purpose and means of that processing, it was indeed the controller. This is so regardless of the fact that such data is already published on the internet and is not altered by Google in any way.
The Court went on to find that the activity of search engines makes it easy for any internet user to obtain a structured overview of the information available about an individual thereby enabling them to establish a detailed profile of that person involving a vast number of aspects of his private life. This entails a significant interference with rights to privacy and to data protection, which could not be justified by the economic interests of the search engine operator. In a further remark that will send shockwaves through many commercial operators providing search services, it was said that as a “general rule” the data subject’s rights in this regard will override “not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name” (at paras 81 and 97).”
This makes you vulnerable to identity theft. Swedish residents have no legal right to protect their personal identifying information (PII) which includes the first 6 digits of the 10 digits (AAMMDD-xxxx) of Swedish IDs. Except is if you have a protected identity. Following is the response I received from one of the credit reporting agencies that I contacted.
“We are a credit reporting agency with permission from the Data Inspectorate (Datainspektionen). The data in our database are and should be a reflection of public databases retrieved from authorities such as tax authorities (Skattemyndigheten), payment remarks and debt collecting agencies (Kronofogdemyndigheten), and the bureau of statistics (SCB). Public data means that anyone can contact the respective government authority and get the same information there. We are by the Credit Information Act (Kreditupplysningslagen) required to make changes in our database to correct faults, but you have no right to be omitted from the register. All residents in Sweden who are over the age of 16 are included.
Protected Identity is the only way to hide the address and other personal information with the authorities, and thus also with us, and it may be issued through the tax or police authorities. Once an identity has been protected the data is hidden automatically in our system.”
This was in response to the following request I made.
I would like to kindly request that you do NOT share my personal information with third parties that make money from my personal identifying information, an example is ‘birthday.se”. Due to the sharing of my PII the first 6 digits of my Swedish ID is public, consequences are that it makes me vulnerable to identity fraud.
Can you please confirm that this is done. If not would be be kind enough to give me enough information to understand why not?
I love this, the EU Court has confirmed that we have the right to be forgotten. Google and other internet search engines face a new world where they must remove links to websites containing certain types of personal data when individuals ask them to do so. The European Union says you have “a right to be forgotten” digitally online. This is great news for every citizen of the EU, including our children!
Read more in English and Swedish.
I need a Swedish lawyer that wants to change the world, to find a way to protect Swedish citizens personal identifying information. Someone who feels passionate for the right to ‘personalintegritet’.
I do not have any money, so you need to be driven by this passion 😉
This is the letter from the Swedish Data Inspection Board. They were kind enough to reply in English 🙂
The Swedish Data Inspection Board has received your complaint.
The Swedish Data Inspection Board is supervisory authority according to the Personal Data Act (1998:204). There is a possibility for websites to apply for impediment to publication (utgivningsbevis). If a website is granted impediment to publication (e.g. ratsit.se) the website will be protected according to constitutional law. That means that the Personal Data Act is not applicable on information that is posted at such websites.
The Swedish Data Inspection Board is therefore unable to help you in this matter. It is legal for ratsit.se to publish your personal information. Ratsit.se is not obliged to remove your information.
For more information about utgivningsbevis, see The Swedish Broadcasting Authority’s website: http://www.radioochtv.se/en/Licensing/Internet/.
The Swedish Data Inspection Board notes with regularity the problems with utgivningsbevis to the Ministry of Justice. You can read more about it here:
Are there any Swedish lawyers out there that can help me fix this?