Legal Newsdesk Sweden AB – CJEU Judgment (European Union, 2025)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice ruled that Swedish law allows certain exemptions from GDPR for journalistic activities. This is significant because it means that companies involved in journalism can process personal data without the same restrictions as others. It encourages freedom of expression while balancing data protection.
What happened
The Court held that Swedish law provides broad exemptions from GDPR for activities covered by a publication certificate.
Who was affected
Individuals whose personal data is included in databases maintained by companies holding publication certificates, like Legal Newsdesk Sweden AB.
What the authority found
The Court decided that GDPR does not apply when it conflicts with constitutional protections for journalistic activities.
Why this matters
This ruling reinforces the balance between freedom of expression and data protection, allowing media companies to operate more freely while still being mindful of defamation laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
= Under Swedish lawYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression). the Swedish Agency for the Media can issue publications certificates which confers constitutional protection to the activities of the holder. Such certificates can also be issued for the publication and maintenance of databases of personal dataYttrandefrihetsgrundlagen (1991:1469) (Constitutional Law on freedom of expression), Chapter 4, Paragraph 1.. Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 1:7 (Law (2018:218) laying down supplementary provisions to the EU GDPR, Chapter 1, Article 7). provides for broad GDPR derogations for certain activities covered by the permit, as an implementation of Article 85 GDPR ("Processing and freedom of expression and information"): * The GDPR and the Swedish Law on data protection do not apply when they would conflict with the constitutional protection afforded by a publication certificate. * Additionally, specific Articles of the GDPR and the Law on data protection - including all of Chapter VIII of the GDPR (Remedies, liabilities and penalties)- do not apply to the processing of personal data that takes place for journalistic purposes or for academic, artistic or literary creation. As a result of these broad exemption, data subjects have limited remedies available when the processing of their data is covered by a publication certificate. In particular, Swedish lawLagen (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning, 9:1. provides that in such cases, controllers can only be held liable for damages when the processing of personal data constitutes defamation. = Legal Newdesk Sweden AB, formerly Garrapatica AB (the controller), holds such a certificate. The controller maintained a database (Lexbase) where personal data, including criminal convictions, are stored. The data were made available to third parties for payment. A data subject challenged the process
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Legal Newsdesk Sweden AB in EU
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
1 January 2025
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-9483About this data
Cite as: Cookie Fines. Legal Newsdesk Sweden AB - European Union (2025). Retrieved from cookiefines.eu
Last updated: