Swedish DPA Sends Questionnaire to 20 Organisations About the Right to Erasure
The Swedish Authority for Privacy Protection (IMY) is sending a questionnaire to 20 large organizations in both the public and private sectors to examine how they handle personal data deletion requests. This is part of a Europe-wide initiative led by the European Data Protection Board, involving 32 data protection supervisory authorities. IMY has deliberately selected […]
The Swedish Consumer Agency initiates audits against over 50 influencers and advertisers
The Swedish Consumer Agency (Sw. Konsumentverket) has announced that it has initiated audits against over 50 influencers and advertisers. According to the agency, many influencers fail to clearly label promotional content, thereby violating marketing laws and placing young audiences—who are particularly vulnerable to subtle advertising—at risk. Advertisers who engage these influencers are also under review. […]
EDPB Publishes Draft Guidelines on Blockchains
The European Data Protection Board (EDPB) has published its draft Guidelines 02/2025 on the processing of personal data through blockchain technologies. The guidelines aim to clarify how GDPR applies to blockchain-based data processing. The document is currently open for public consultation and may be subject to change before final adoption. Key excerpts from the draft […]
Swedish DPA Initiates Audits on Providers of Online Criminal Offence Databases Following Supreme Court Ruling
The Swedish Authority for Privacy Protection (IMY) has announced that it has initiated audits against Legal Newsdesk Sweden AB (Lexbase.se) and Fuplex AB (krimfup.se) – two Swedish companies with publication certificates that provide searchable databases with information on criminal offences. Following complaints to IMY about certain services that publish personal data, in particular about criminal […]
Swedish Ruling Clarifies the Applicability of Swedish Law in Cross-Border Marketing
The Swedish Patent and Market Court of Appeal recently issued a ruling regarding the possibility to intervene against marketing on a website operated by an EU-based company in Sweden. The case concerned a German company’s marketing of, i.e., cosmetic products. In particular, questions arose regarding i) unfair marketing claims on the company’s website, and ii) […]
Legitimate Interest: Are Common Practices and Social Conventions Still Relevant?
Following the ruling in C-394/23 (“Mousse”), should common practices and social conventions be entirely disregarded when assessing legitimate interest under GDPR? In this article, I briefly explain why I believe such aspects can still be considered. Legitimate interest is arguably the most widely used legal basis to process personal data for commercial purposes. As a […]
Swedish DPA Outlines 2025 Priorities for Supervision and Regulatory Guidance
Following the Swedish DPA’s (IMY) announcement in its 2024 annual report to adopt a more risk-based approach to supervision, IMY has now identified five key areas for 2025. These priorities aim to provide clearer regulatory guidance and strengthen enforcement efforts. These five focus areas include: You can find the full report here (in Swedish only).
New Swedish Camera Surveillance Rules Take Effect on 1 April 2025
As of 1 April 2025, new rules will apply for the Swedish Camera Surveillance Act (2018:1200). The new rules will simplify camera surveillance procedures for businesses and organizations in Sweden. The most significant change is the removal of the requirement to obtain a permit from the Swedish Authority for Privacy Protection (IMY) for camera surveillance […]
Third Draft of the EU Code of Practice for GPAI-models Has Been Released
Today, the third draft of the EU Code of Practice for general-purpose AI models (GPAI models) was released. The code of practice aims to assist providers of GPAI models in aligning with the upcoming obligations in the AI Act. The latest version introduces a streamlined structure, featuring two commitments on transparency and copyright for all […]
EU Updates Model Clauses on AI Procurement to Align with the AI Act
The EU released on 5 March 2025 updated model clauses on AI procurement to align with the AI Act. The model clauses were developed within the Community of Practice on Public Procurement of AI, which is supported by the European Commission. It should be noted however that the model clauses state that they are working […]