The Data Act ( sv, Datalagen) is the world's first national data protection law and was enacted in

Sweden Sweden, formally the Kingdom of Sweden,The United Nations Group of Experts on Geographical Names states that the country's formal name is the Kingdom of SwedenUNGEGN World Geographical Names, Sweden./ref> is a Nordic country located on ...

on 11 May 1973. It went into effect on 1 July 1974 and required licenses by the

Swedish Data Protection Authority The Swedish Authority for Privacy Protection ( sv, Integritetsskyddsmyndigheten), formerly the Swedish Data Protection Authority ( sv, Datainspektionen), is a Swedish government agency, organized under the Ministry of Justice, tasked to protect ...

for information systems handling personal data.

History

Information and communications technologies Information and communications technology (ICT) is an extensional term for information technology (IT) that stresses the role of unified communications and the integration of telecommunications (telephone lines and wireless signals) and computers, ...

(ICTs) were far developed in Sweden due to multiple circumstances and the use of computers in public administration was introduced relatively early. Furthermore, the concepts of transparency, public access and

openness Openness is an overarching concept or philosophy that is characterized by an emphasis on transparency (behavior), transparency and decentralized decision-making, collaboration. That is, openness refers to "accessibility of knowledge, technology a ...

were traditionally widely present in Swedish society. Widespread public concern was raised in 1969 due to the year's public census. In 1969, the Royal Commission on Publicity and Secrecy was set up to investigate problems associated with the increasing use of computers to store and process personal data. They provided the initial analysis, recommendations and drafts that addressed these problems. In July 1972, they published their report ''Computers and Privacy'' (Sw. ''Data och integritet''). The Data Inspection Board (DIB), proposed in the report, was set up in July 1973. In April 1973, the

Riksdag The Riksdag (, ; also sv, riksdagen or ''Sveriges riksdag'' ) is the legislature and the supreme decision-making body of Sweden. Since 1971, the Riksdag has been a unicameral legislature with 349 members (), elected proportionally and se ...

uncontentiously passed the Data Act, also proposed in the report, which only slightly modified the commission's draft. It then came into force in July 1973. An associated amendment to the Freedom of the Press Act was adopted in February 1974 − around the same time as the Credit Information Act and the Debt Recovery Acts which regulated computerized credit information.

Problems and succession

As the law's data registration and transborder data flow requirements were considered cumbersome and confusing by private and public organizations and the DIB was soon overcome by the magnitude of registrations the law was amended in 1982 which made the private sector and the government more self-sufficient in terms of registration. After several more amendments in 1989 a Commission on Data Protection was set up to make a total revision of the act. The commission submitted its final report in 1993 recommending a new Data Protection Act based largely on the then current second proposal from the European Commission for an EC Directive. In 1995 Sweden joined the European Union which had adopted the

Data Protection Directive The Data Protection Directive, officially Directive 95/46/EC, enacted in October 1995, is a European Union directive which regulates the processing of personal data within the European Union (EU) and the free movement of such data. The Data Pr ...

in the same year and a new committee was entrusted with making recommendations on the implementation of the directive and a new total revision of the Data Act. In 1997 it presented a report on the implementation containing a proposal for a new Personal Data Act. The law was then superseded on 24 October 1998 by the Personal Data Act (Sw. ''Personuppgiftslagen'') that implemented the 1995 EU directive. The 1973 law mainly focused on automated computer processing systems containing assignable information of living persons and not data processing in general and was considered to be outdated in many respects for many years.

The law

The act required a prior permit from the DIB for each computerised personal data register. When a permit was given, the Board issued tailor-made conditions for that register. It did not contain many provisions on when and how the data should be processed, or general data protection principles. Those who were subject of data contents were guaranteed freedom of access to their records. Exporting data on Swedish citizens outside the country required a license as well which wasn't granted when it was discovered that this was done to evade the regulatory requirements of the law. In 1979 the Swedish government issued a report which also raised concerns over critical data exported to other countries potentially becoming a target of terrorist organizations. It also requires responsible persons to pay compensations when individuals suffer damage due to incorrect information about them. The law also criminalized data intrusion but only intended to penalize persons physically breaking into offices to change data and did not consider Internet-based hacking at the time.

Earlier data protection laws

In October 1970 a data protection law went into effect in the West German state of

Hesse Hesse (, , ) or Hessia (, ; german: Hessen ), officially the State of Hessen (german: links=no, Land Hessen), is a States of Germany, state in Germany. Its capital city is Wiesbaden, and the largest urban area is Frankfurt. Two other major histor ...

− the ''Hessisches Datenschutzgesetz''.

References

{{reflist, 30em Law of Sweden Privacy in Sweden Privacy law Data laws of Europe Freedom of information legislation 1973 in law 1973 in Sweden Information privacy May 1973 events in Europe

History

Problems and succession

The law

Earlier data protection laws

See also

References