The Swedish Data Protection Authority (IMY) has refused to decide on a GDPR complaint against Spotify, interpreting Article 77 as not granting data subjects party status in enforcement procedures. This enforcement action signals potential divergence in GDPR implementation across EU member states and could impact how companies handle data subject rights complaints. noyb has appealed to challenge this interpretation, highlighting enforcement risks for organizations operating in Sweden.
No articles specifically tagged for Sweden yet. Check our blog for general compliance coverage.
Privacy organization noyb has filed a complaint with the Swedish Data Protection Authority (IMY) against Swedbank for allegedly violating GDPR transparency requirements regarding automated interest rate calculations. The complaint argues that banks cannot claim 'trade secret' protection to avoid disclosing automated decision-making logic under GDPR Article 15(1)(h), which requires meaningful information about the logic involved. This enforcement action signals increased regulatory scrutiny of automated financial calculations and could lead to fines and procedural requirements for financial institutions.
noyb has filed a legal appeal against the Swedish Data Protection Authority (IMY) for allegedly failing to properly investigate GDPR complaints, instead forwarding them to companies and closing cases without due diligence. This case highlights enforcement gaps in GDPR implementation and could lead to stricter oversight of national DPAs' complaint-handling procedures.
The Swedish tax authority is facing a legal challenge from noyb for selling personal data to commercial data brokers, violating GDPR purpose limitation principles. This enforcement action highlights systemic non-compliance with EU data protection standards and could set a precedent for how public authorities balance transparency laws with privacy rights.
Data brokers in Sweden are using 'media licenses' intended for journalism to bypass GDPR obligations, allowing them to collect and sell personal data without consent or deletion options. The non-profit noyb has filed a complaint with the Swedish Data Protection Authority (IMY), highlighting regulatory misalignment and enforcement gaps that could lead to privacy violations and safety risks.
The Swedish data protection authority (IMY) has imposed the first significant financial penalties for GDPR violations related to EU-US data transfers via Google Analytics, fining Tele2 €1 million and CDON €27,000. This enforcement action sets a precedent for DPAs to impose fines rather than just findings of violation, rejecting Google's supplementary measures as insufficient to address US surveillance risks. Companies using Google Analytics or similar US-based services must reassess their data transfer compliance immediately.
The Stockholm administrative court ruled that the Swedish Data Protection Authority (IMY) must investigate GDPR complaints and grant complainants party status, overturning IMY's previous position. This establishes that users in Sweden can request formal decisions after six months of inactivity, enhancing GDPR enforcement and potentially influencing other EU member states.
The Swedish central bank is threatening to impose new regulations to accelerate banks' adoption of instant domestic payments. This regulatory pressure signals potential mandatory requirements that could impact bank operations and compliance frameworks, addressing concerns over slow uptake despite available technology.
The Swedish central bank (Riksbank) has issued guidance recommending households maintain cash reserves of SEK 1,000 per adult as a contingency against digital payment disruptions. This aligns with broader legislative efforts to preserve cash usage and strengthen national payment system resilience, signaling potential future regulatory requirements.