News
News in english
Deficiencies in how healthcare providers control staff access to patient journal data
2020-12-03
Swedish Authority for Privacy Protection has audited eight health care providers in how they govern and restrict personnel’s access to the main systems for electronic health records. The DPA has discovered insufficiencies that in seven of the eight cases lead to administrative fines of up to SEK 30 million.
Press release: Deficiencies in how healthcare providers control staff access to patient journal data
GDPR fine for unlawful video surveillance in an LSS housing
2020-11-25
Swedish Authority for Privacy Protection issues an administrative fine of SEK 200,000 against Gnosjö Municipality for unlawful video surveillance in an LSS housing.
Press release: GDPR fine for unlawful video surveillance in an LSS housing
Serious deficiencies in the Stockholm online School Platform
2020-11-24
Swedish Authority for Privacy Protection has reviewed the so-called School Platform, the IT system used for, among other things, student administration of schools in the City of Stockholm. The review shows an insufficient level of security of such grave nature that the authority issues an administrative fine of four million SEK against the Board of Education in the City of Stockholm.
Press release: Serious deficiencies in the Stockholm online School Platform
Co-operative housing association banned from using video surveillance in entrance and stairwell
2020-06-16
Swedish Authority for Privacy Protection (DPA) has investigated a co-operative housing association’s use of video surveillance on its property. The DPA concludes that the association has gone too far when using video surveillance in the main entrance and the stairwell and when recording audio.
Wrongful to publish sensitive personal data on Region Örebro County’s website
2020-05-12
Swedish Authority for Privacy Protection’s investigation shows that the Healthcare Committee in Region Örebro County made a mistake when publishing on the region’s website sensitive personal data about a patient admitted to a forensic psychiatric clinic. Swedish Authority for Privacy Protection orders the Committee to bring its personal data handling into compliance and furthermore issues an administrative fine of 120 000 Swedish kronor (approx. 11 000 euro) against the Committee.
Press release: Wrongful to publish sensitive personal data on Region Örebro County’s website
Swedish Authority for Privacy Protection issues fine against the National Government Service Centre
2020-04-29
Swedish Authority for Privacy Protection imposes an administrative fine of 200 000 Swedish kronor (approximately 18 700 euro) on the National Government Service Centre for failing to notify affected parties as well as the Data Protection Authority about a personal data breach in due time.
Swedish Authority for Privacy Protection imposes administrative fine on Google
2020-03-11
Swedish Authority for Privacy Protection imposes a fine of 75 million Swedish kronor (approximately 7 million euro) on Google for failure to comply with the GDPR. Google as a search engine operator has not fulfilled its obligations in respect of the right to request delisting.
Press release: Swedish Authority for Privacy Protection imposes administrative fine on Google
Administrative fine of 35 000 EUR imposed on the Swedish website Mrkoll.se
2019-12-16
The Swedish DPA has issued an administrative fine of 35 000 EUR against Mrkoll.se – a website that publishes personal data of all Swedes above the age of 16 – for infringement of the Credit Information Act and the GDPR. The website has carried out credit information activity in a way that is not in compliance with the law.
Press release: Administrative fine of 35 000 EUR imposed on the Swedish website Mrkoll.se
Facial recognition in school renders Sweden's first GDPR fine
2019-08-21
The Swedish DPA has fined a municipality 200 000 SEK (approximately 20 000 euros) for using facial recognition technology to monitor the attendance of students in school.
Press release: Facial recognition in school renders Sweden’s first GDPR fine