It seems that many of the utgivningsbevis that were granted in 2004 are due to expire this year in 2014, and in 2014 it is still legal in Sweden for those holding this exemption certificate can share your personal information, if you are a Swedish resident, or/and Swedish citizen….here is information on this.
So how many companies have been granted an utgivningsbevis, and have the right to publish your personal information public? Well 917 is what I found, and you have not a legal leg to stand on to get your personal information removed.
This includes ratsit.se and birthday.se. Here you can type in the name of the target and search, bingo! Happy hunting!
I want to know how much you earn because you are applying for a job with my company and I want to check what your present employer thinks you are worth.
This is easy to do in Sweden, and you as the data subject have no idea that this has happened. It is possible for any person to go online and request anonymously your earnings for 2 completed tax years in Sweden at http://www.extrakoll.se/, and the requester to get the information by SMS.
How do you do this is:
- Visit www.extrakoll.se and search for the name of the individual you are investigating;
- Then you will be requested to send an SMS to number 72323 with word INKOMST+code or/and STORKOLL+code;
- You are given choices of payment methods, 20kr or 40kr, depending on which option you choose;
- The earnings for the targeted person for 2 of the previously reported tax years will be sent to your mobile telephone!
There is no way you can prevent others from requesting this information on yourself.
Nevertheless, it is against the EU Directive on Data Protection because you, the data subject are not informed that this information has been requested, and your Personal Identifying Information (PII) is public domain. I am sure identity thieves find extrakoll.se a useful tool to research their victims. I just hope it’s not you!
There is a great conference coming up in Stockholm on 5th November. Apart from the fact I am speaking there, I will be in the company of a great speaker lineup. Last year was very good!
If you want to go, you can register here (http://www.nordicitsecurity.com).
Look forward to seeing you there. I will probably be posting more on this later!
I love what UK is doing to keep alive the data retention directive that died an untimely death recently with DRIP 😉
Some debate that it ‘extends’ the powers of RIPA. UK government officials claim it is just to cover the loss of the EU data retention requirements temporarily until they think of some new that is more manageable. Read what Panopticon blog is saying and decide for yourself?
Love it… a mad-hatters party and Google invited themselves 😉
The Swedish press is now starting to discuss the problems with the law that gives easy access to the id numbers of Swedish residents. There is documented the background concerning this problem here.
I took this from Panopticon Blog concerning the outcome of the Google order. Now what if the rights of the Swedish citizen was to be escalated to the EU courts, would the outcome be the same?
“The first question for the CJEU was whether Google was a data controller for the purposes of Directive 95/46. Going against the opinion of the Advocate General (see earlier post), the Court held that the collation, retrieval, storage, organisation and disclosure of data undertaken by a search engine when a search is performed amounted to “processing” within the meaning of the Directive; and that as Google determined the purpose and means of that processing, it was indeed the controller. This is so regardless of the fact that such data is already published on the internet and is not altered by Google in any way.
The Court went on to find that the activity of search engines makes it easy for any internet user to obtain a structured overview of the information available about an individual thereby enabling them to establish a detailed profile of that person involving a vast number of aspects of his private life. This entails a significant interference with rights to privacy and to data protection, which could not be justified by the economic interests of the search engine operator. In a further remark that will send shockwaves through many commercial operators providing search services, it was said that as a “general rule” the data subject’s rights in this regard will override “not only the economic interest of the operator of the search engine but also the interest of the general public in finding that information upon a search relating to the data subject’s name” (at paras 81 and 97).”