Under the EU's General Data Protection Regulation (EU/2016/679), each member state must designate an agency to be responsible for supervising the application of the regulation. This supervisory authority is to be fully independent in the performance of its duties and exercise of its authority. A corresponding authority is also to be designated in accordance with the EU's directive concerning data protection for law enforcement agencies (EU/2016/680).
The Swedish government has designated Swedish Authority for Privacy Protection to be the supervisory authority under the General Data Protection Regulation and the data protection directive. Swedish Authority for Privacy Protection is also the supervisory authority under the Swedish law that is to supplement the General Data Protection Regulation, the Data Protection Act (2018:218).
Swedish Authority for Privacy Protection is also Sweden's national supervisory authority regarding processing of personal data under the Schengen Convention, that is to say the convention on the EU's customs information systems, the decision of the Council on the establishment of the EU agency for law enforcement cooperation (Europol), the VIS Regulation, and the Eurodac Regulation.
Swedish Authority for Privacy Protection's tasks as a supervisory authority are stated in the Ordinance (2007:975) on Instructions for Swedish Authority for Privacy Protection.
According to these instructions, Swedish Authority for Privacy Protection is to "work to ensure that people's fundamental rights and freedoms are protected in connection with processing of personal data, to facilitate the free movement of such data within the European Union and to work to ensure that good practice is observed in credit rating and debt recovery activities".
Swedish Authority for Privacy Protection is also to monitor and describe developments In IT regarding issues concerning privacy and technology.
If the information in other languages are different from the Swedish version, it is the Swedish version that applies.