Complete GDPR loophole in Sweden for $233!

I’ve been researching the privacy issues of Swedish websites such as Hitta, Eniro, MrKoll, Merinfo and many others that automatically collect personal information on individuals from open and semi-open resources and often use it to make money.

Turns out, that in Sweden, all these resources has applied for an exception from the GDPR as per Freedom of Exception right (YGL) and received a formal letter that grants them immunity to.. well, to anything in GDPR. So, legally, they do not have to delete any of personal data, nor be obliged to secure its storage. And IMY (Swedish Data Protection Agency) accepted its defeat and says it can’t do anything to these websites:

https://www.imy.se/privatperson/dataskydd/vi-guidar-dig/utgivningsbevis/

To me, this looks like a classic legal loophole where the commercial websites use the utgivningsbevis to collect, process and get rich using the private and personal data of Swedish citizens and residents.

And all of it, under the flag of Freedom of Speech – so this means, they can collect all possible data on a person and run around the internet with it, risking to spill it over, leak and do harm – all because they obtained the exception from the privacy rules.

Now, does obtaining utgivningsbevis from the Media agency require the website being a media? Nope.

Is it given to only websites that exercise their Freedom of Speech actively – i.e. publishing original materials, voicing opinions? Nope.

The voluntary utgivningsbevis can be requested by and given to.. basically anyone who agrees to call themselves a “responsible publisher” and costs SEK2000 (using today’s exchange rate, about $233).

Here’s automatic translation of the full criteria list:

So, in the essence, you can collect personal data, do whatever with it – as long as it is connected to Sweden. And it precedes GDPR because of the realization of the constitutional act.

As of today, there 1561 of granted utgivningsbevis: https://www.mprt.se/tillstandsregister/?q=&search-type=14

And many of them are just poorly designed commercial websites that found a loophole and used it – according to my opinion, exercised under the same Freedom of Speech right as their utgivningsbevis.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s