The Swedish Authority for Privacy Protection (IMY) has published their annual report for 2024.
IMY reported an increase in both the number of audits initiated and completed in 2024 compared to the previous year. The majority of these audits were triggered by individual complaints. Six administrative sanctions totalling approximately 60.5 million SEK were issued by the authority in 2024 – less than in 2023 – since (according to IMY) complaint-based audits rarely lead to administrative sanctions.
Shift to risk-based supervision
Of particular note is that the report states that strengthening regulatory oversight will be a top priority for IMY in the coming year to improve compliance. The authority highlights concerns about the declining effectiveness of its supervisory activities, stating that enforcement efforts have deteriorated and are not meeting acceptable standards. While the number of audits in 2024 has risen significantly compared to the previous year, most have been complaint-driven, focusing on specific grievances rather than broader systemic risks. IMY stresses the urgent need to allocate resources for proactive, risk-based audits to better address critical areas of concern.
Click here to read the full report (in Swedish only).
