Polismyndigheten – Court Ruling (Sweden, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Swedish court ruled that the Police Authority did not have to provide more detailed personal data to a person who requested it. The court agreed with the Police that sharing more information could harm ongoing investigations. This case highlights the balance between transparency and security in data handling.
What happened
The Police Authority refused to provide detailed personal data to a requester, citing secrecy obligations.
Who was affected
A person who requested access to their personal data processed by the Swedish Police Authority.
What the authority found
The court decided that the Police were justified in withholding detailed information to protect ongoing investigations.
Why this matters
This ruling underscores that authorities can limit data access requests to protect sensitive operations. Businesses and agencies should understand when they can legally restrict data sharing.
GDPR Articles Cited
National Law Articles
The data subject made an access request to the Police Authority (note: the decision does not specify which authority exactly) to receive information on how their personal data was processed by the National Operations Department. In response, the Police provided certain personal data of the data subject (file number, type of investigative task, type of offence, the data subject's role in the case, and the processing unit). Additionally, the Police gave the data subject information about what kind of data are normally processed similar cases. The Police refused to provide any further information with reference to Chapter 4, Section 5, of the Swedish Criminal Data Act (brottsdatalagen, the Swedish law implementing Directive (EU) 2016/680) and Chapter 5, Section 1 of the Swedish Data Protection Act (dataskyddslagen). The Police argued that such further information is covered by secrecy obligations, and that providing such information could jeopardise ongoing investigations, other police actions or future activities. The data subject presented that they only had received a summary of the processing activities, but did not receive access to their personal data. Also, the data subject stated that the Police had not provided information about the purposes of the processing activities for which their personal was processed. The Police viewed that the appeal should be dismissed. The Police argued that, in their view, 1) the GDPR does not give the data subject a right to obtain a copy of the information if the right to information can be ensured by other means. Secondly, the Police stated that 2) they did not have information of the actual recipients of the data subject's personal data in archived criminal investigations. The Police said that it could only provide the data subject with information about the categories of recipients. Additionally, the Police argued that, in their view, 1) the data subject does not have a right to know who has provided information of the data s
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Polismyndigheten in SE
Details
About this data
Cite as: Cookie Fines. Polismyndigheten - Sweden (2023). Retrieved from cookiefines.eu
Last updated: