GDPR + Swedish Data Protection Act (Lag 2018:218)
- The national act complements GDPR where member states can set specifics (public-sector processing, national identifiers, criminal data, access rules).
Criminal Data Act (Lag 2018:1177)
- Implements the Law Enforcement Directive; governs police and crime-related personal data processing, with stricter access logging and oversight.
Camera Surveillance Act (Kamerabevakningslag 2018:1200)
- Rules for video monitoring. Public authorities often need permits or documented legal grounds; transparency and necessity are scrutinized. Private actors must meet GDPR transparency and proportionality; permits are narrower than before 2018.
Electronic Communications Act (LEK; implements ePrivacy)
- Cookie consent and confidentiality of communications; IMY enforces cookie transparency/consent together with the Post and Telecom Authority (PTS) for telecom aspects.
Public Access to Information and Secrecy Act (Offentlighets- och sekretesslag, OSL)
- Plus constitutional openness (offentlighetsprincipen): Strong freedom-of-information traditions create tension with privacy. Public bodies must balance disclosure with secrecy rules protecting personal data. Archival duties can limit GDPR erasure in public records.