Legal Newsdesk Sweden AB – CJEU Judgment (European Union, 2025)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
= Under Swedish lawYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression). the Swedish Agency for the Media can issue publications certificates which confers constitutional protection to the activities of the holder. Such certificates can also be issued for the publication and maintenance of databases of personal dataYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression), Chapter 4, Paragraph 1.. Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 1:7 (Law (2018:218) laying down supplementary provisions to the EU GDPR, Chapter 1, Article 7). provides for broad GDPR derogations for certain activities covered by the permit, as an implementation of Article 85 GDPR ("Processing and freedom of expression and information"): * The GDPR and the Swedish Law on data protection do not apply when they would conflict with the constitutional protection afforded by a publication certificate. * Additionally, specific Articles of the GDPR and the Law on data protection - including all of Chapter VIII of the GDPR (Remedies, liabilities and penalties)- do not apply to the processing of personal data that takes place for journalistic purposes or for academic, artistic or literary creation. As a result of these broad exemption, data subjects have limited remedies available when the processing of their data is covered by a publication certificate. In particular, Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 9:1. provides that in such cases, controllers can only be held liable for damages when the processing of personal data constitutes defamation. = Legal Newdesk Sweden AB, formerly Garrapatica AB (the controller), holds such a certificate. The controller maintained a database (Lexbase) where personal data, including criminal convictions, are stored. The data were made available to third parties for payment. A data subject challenged the process
GDPR Articles Cited
= Under Swedish lawYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression). the Swedish Agency for the Media can issue publications certificates which confers constitutional protection to the activities of the holder. Such certificates can also be issued for the publication and maintenance of databases of personal dataYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression), Chapter 4, Paragraph 1.. Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 1:7 (Law (2018:218) laying down supplementary provisions to the EU GDPR, Chapter 1, Article 7). provides for broad GDPR derogations for certain activities covered by the permit, as an implementation of Article 85 GDPR ("Processing and freedom of expression and information"): * The GDPR and the Swedish Law on data protection do not apply when they would conflict with the constitutional protection afforded by a publication certificate. * Additionally, specific Articles of the GDPR and the Law on data protection - including all of Chapter VIII of the GDPR (Remedies, liabilities and penalties)- do not apply to the processing of personal data that takes place for journalistic purposes or for academic, artistic or literary creation. As a result of these broad exemption, data subjects have limited remedies available when the processing of their data is covered by a publication certificate. In particular, Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 9:1. provides that in such cases, controllers can only be held liable for damages when the processing of personal data constitutes defamation. = Legal Newdesk Sweden AB, formerly Garrapatica AB (the controller), holds such a certificate. The controller maintained a database (Lexbase) where personal data, including criminal convictions, are stored. The data were made available to third parties for payment. A data subject challenged the process
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Legal Newsdesk Sweden AB in EU
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
1 January 2025
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-9483About this data
Cite as: Cookie Fines. Legal Newsdesk Sweden AB - European Union (2025). Retrieved from cookiefines.eu
Last updated: