Rules Navigator

The GDPR needs to be reviewed, states Swedish Privacy Protection Authority

Eric Leijonram, director general at IMY.
Eric Leijonram, Director General at IMY. Photo: Thron Ullberg

Martina Lindberg

 Click to share on Facebook (Opens in new window/tab) Click to share on Twitter (Opens in new window/tab) Click to share on LinkedIn (Opens in new window/tab) Click to share on WhatsApp (Opens in new window/tab)

IMY argues that the regulation risks losing legitimacy if it is not refined.

It is time for a review of GDPR, IMY – the Swedish Privacy Protection Authority – claims in a new report. The EU data protection regulation commenced on May 25, 2018, and it has since then been a “record-breaking technological development.” But Eric Leijonram, general manager at IMY, says that there’s a widespread perception in Sweden that it’s difficult to apply the regulation, and that it “creates a large administrative burden even when the privacy risks are low.”

Many also believe that regulation inhibits competitiveness and innovation, and the authority says it’s time to listen to this criticism. “We believe that it can be done without impairing privacy protection,” says Leijonram.

Review regulation to avoid barriers

To be able to ensure effective privacy protection, Leijonram adds that the regulation needs to be reviewed so it can provide robust privacy protection where the biggest risks are, and that it “does not set up unnecessary barriers to innovation and the use of new technology.”

Otherwise, Leijonram says, “the rules run the risk of being circumvented and losing legitimacy, which in the long run can result in poorer privacy protection.”

The authority recognises that reviewing this regulation is complicated and resource-intensive, yet that dismissing the criticism could harm the ability to use new technology for the good of the society, and therefore the country’s competitiveness and economic development.

“We believe that it can be done without impairing privacy protection.”

Eric Leijonram, general manager, IMY

In the new report on privacy and new technology, which was delivered to the government and to Attorney General Gunnar Strömmer, the authority states that:

  • Sweden should invest in research into privacy-friendly techniques;
  • the government should review the effects new legislation in the field of law enforcement and surveillance in working life has had on privacy protection; and
  • that GDPR should be reviewed.

Besides a review of GDPR, IMY also sees a need to evaluate the so-called register statutes, which is the Swedish supplementary regulation of the authorities’ processing of personal data. One change could be to have some parts included in the regulation instead of in law, which would speed up constitutional work and to easier adapt to emerging needs, as a regulation can be changed quicker than laws.

, , , , ,

You may also like