Protected personal data in Sweden

Protected personal data in Sweden

Swedish population registration has three escalating protections for a person exposed to threats, violence, persecution, or similarly serious harm. They are safety measures, not a general right to be absent from public directories.

Protection Effect
Confidentiality marking Alerts authorities to conduct a strong secrecy assessment before releasing data.
Protected population registration Registers the person at an address other than the place where they live and gives stronger protection to the real location.
Fictitious personal data In exceptional danger, replaces identity details with a new name and personnummer.

A refusal is not always the end

A decision refusing protected population registration can be appealed to an administrative court. Under sections 38 and 40 of the Population Registration Act, an individual’s appeal concerning sections 3–17 must reach Skatteverket within three weeks from the day the person received the decision.

A confidentiality marking is different. It is an administrative warning rather than a statutory protection decision, so a refusal cannot be appealed in the same way. New threats, police reports, or a better documented connection between public address disclosure and danger can nevertheless support a renewed assessment.

The evidence should show more than unwanted online visibility. Useful material includes identifiable threats, police report numbers, a documented route from a public address to attempted locating, prior moves, and professional risk assessments. Section 17 a requires Skatteverket to request Police assistance in protected-population-registration investigations unless that assistance is unnecessary.

Fictitious personal data are decided by the Police and are reserved for exceptional danger where protected population registration cannot provide enough protection.

Skatteverket states that not wanting to appear online or having experienced identity theft is not by itself enough. The ordinary resident therefore lacks a comparable opt-out based only on privacy preference, data minimization, or fear that exposure may later become dangerous.

Protection creates an administrative burden

Att leva med skyddade personuppgifter reports that 37 percent of 875 respondents said protected information had been disclosed at least once. The figure was 42 percent among those protected because of relationship violence. The survey is not a representative administrative leak rate, but it shows that formal protection can fail through knowledge gaps, carelessness, or system design.

Respondents described consequences including moving, disrupted healthcare and employment, delayed post, fees, and difficulty using ordinary digital and commercial services. Protection can therefore impose a continuing privacy tax: the threatened person must repeatedly manage exceptions to systems built around shared address and identity data.

Structural implication

The existence of a high-threshold safety remedy does not answer the general privacy question. It shows that Sweden can restrict identity and address dissemination when risk is already acute, while leaving most people in an exposure-by-default system.

A preventive privacy regime would reduce unnecessary public indexing before a person can prove a threat. It would also ensure that authorities and private services can function without forcing protected people to disclose or repeatedly explain their exceptional status.

The remedy’s role and limits are synthesized in Swedish public-record privacy.

Sources

  1. skatteverket.se
  2. jamstalldhetsmyndigheten.se
  3. riksdagen.se
  4. riksdagen.se
  5. polisen.se