Skip to content

Administrative fines against two companies in the SL Group

Published: 3 July 2025
The Swedish Authority for Privacy Protection (IMY) has fined Aktiebolaget Storstockholms Lokaltrafik (SL) and Waxholms Ångfartygs AB (WÅAB) for processing personal data relating to sobriety tests conducted by employees in breach fo the GDPR. IMY issues an administrative fine of SEK 75, 000 against each companies.

IMY has reviewed two complaints from employees that has conducted sobriety tests during their employments as ship captains of public transports. An employer could have a legitimate interest of letting their employees do sobriety tests to ensure security in, for example, public transports.

– Our review shows that it is not necessary to collect and store employee’s sobriety tests to the extent SL and WÅAB have done. Due to insufficient routines the data has been stored for months even though that was not necessary to achieve the purpose of the processing, says Maja Welander, department lawyer at IMY.

IMY concludes that it is important to take into account an employee’s position of dependency. The employer must ensure that the processing of personal data is lawful under the GDPR and that it does not interfere with the individuals privacy more than necessary. An employer who considers sobriety tests for their employees must also be aware that the results from the tests can indicate that a person is alcohol dependent. Such information is classified as health data which is subject to a strong legal protection under the GDPR.

IMY concludes that SL and WÅAB has violated the GDPR. IMY issues an administrative fine of SEK 75, 000 against each of the companies.

For further information, contact

Maja Welander, avdelningsjurist, 08-515 154 39
Presstjänsten, 08-515 154 15

Latest update: 3 July 2025
Page labels Data protection
Latest update: 3 July 2025
Page labels Data protection