Bodil Lindqvist – CJEU Judgment (Sweden, 2003)
CJEU precedent (Directive 95/46/EC, pre-GDPR)
This is a Court of Justice judgment predating the GDPR. It interprets Directive 95/46/EC (the Data Protection Directive). It is not a cookie or ePrivacy case and is excluded from cookie statistics and the Risk Calculator.
Bodil Lindqvist, working in a Swedish parish, shared personal details about her colleagues on a personal website without asking them first. The European court ruled that this was data processing and needed their consent. This case shows that even personal websites must follow privacy rules.
What happened
Bodil Lindqvist shared personal data about her colleagues on her personal website without their consent.
Who was affected
Colleagues of Bodil Lindqvist whose personal details were published online without their consent.
What the authority found
The court ruled that sharing personal data online is a form of data processing that requires consent from the individuals concerned.
Why this matters
This ruling highlights that personal websites are not exempt from data protection laws. It stresses the importance of obtaining consent before posting personal information about others online.
National Law Articles
The case is about Mrs. Lindqvist who worked as a catechist in the Alseda Parish (Sweden). At the end of 1998, she set up internet pages on her personal computer in order to allow parishioners preparing for their confirmation to obtain any information they needed. She requested the administrator of the Swedish Church’s website to set up a link between those pages and the website. The pages she had set up contained information about Mrs. Lindqvist and 18 of her colleagues in the parish. The pages contained information including their full names, first names, jobs held, hobbies, telephone numbers and medical information on one of her colleagues. She had not informed her colleagues of those pages, obtain their consent or sought approval from the supervisory authority to process the personal data and sensitive personal data. The public prosecutor brought a proceeding against her, that she was in breach of the PUL on grounds that she processed personal data automatically without giving prior written notice to the Supervisory Authority (Datainspektionen). In addition, she processed sensitive personal data and transferred personal data to a third country without authorization or consent from the data subjects. The Royal Court (Göta hovrätt) stayed the national proceedings and referred some question of law to the CJEU. The questions brought before the CJEU were: # Whether a self-made list, with personal data of others, published on the internet constitute processing of personal data wholly or partly by automatic means as defined under Article 3(1) Directive 95/46. # Whether the act of setting up internet home pages for 15 people with links between the pages which make it possible to search the pages using the first name be considered processing of personal data which forms part of a filing system within the meaning under Article 3(1) Directive 95/46? # Whether the processing of personal data is covered under the exception to processing under a household activity under Arti
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Bodil Lindqvist in SE
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
6 November 2003
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-2860About this data
Cite as: Cookie Fines. Bodil Lindqvist - Sweden (2003). Retrieved from cookiefines.eu
Last updated: