Panoptes Sweden AB – Court Ruling (Sweden, 2025)

Panoptes Sweden AB ("Panoptes") is a news agency, which engages engages in the collection, processing, analysis and presentation of information, including personal data. Panoptes sells the personal data to its customers (e.g. newspapers, magazines and broadcasters). In the course of its business, Panoptes requested the Swedish Court of Appeal to disclose to them a large number of documents related to different people's criminal convictions, to then use them in their capacity as a news agency. In response to this request, the Court of Appeal required Panoptes to guarantee that the requested documents would will be used for journalistic purposes and that the personal identity numbers, names and addresses of individuals will not be made available to the public or paying customers. Panoptes filed an appeal against that response of the Court of Appeal to the Supreme Court. The Court established that the question to be answered was whether the information requested by Panoptes was confidential and, if so, whether its disclosure could be subject to reservation. This matter concerns the relationship between [https://www.government.se/contentassets/2ca7601373824c8395fc1f38516e6e03/public-access-to-information-and-secrecy.pdf Chapter 21.7 of the Swedish Public Access to Information and Secrecy Act] (hereinafter: the Act) and the GDPR. Background considerations [https://www.government.se/contentassets/467ef1335aac404c8840c29f9d02305a/act-containing-supplementary-provisions-to-the-eu-general-data-protection-regulation-sfs-2018218/ Section 7(1) of Chapter 1 of the Swedish Data Protection Act] provides that, in data disclosures covered by the Act, there is no need to comply with the GDPR. In fact, requiring GDPR compliance would restrict the authorities' obligations to disclose personal data. The Court however recognizes that, when applying national law, EU law must be respected. Such an obligation stems from Article 85 GDPR and Article 86 GDPR, requiring to balance freedom o