Specific data protection law and official guidelines in Sweden

General laws

The new Swedish Data Protection Act (DPA) (Lag (2018:218) med kompletterande bestämmelser till EU:s dataskyddsförordning) was passed on 18 May 2018 and entered into force on 25 May 2018. The Swedish DPA includes complementary provisions to the GDPR.

Sectoral laws

Various sectoral laws govern the use of personal data, including the:

  • Camera Surveillance Act (Kamerabevakningslag (2018:1200)) including rules on processing of personal data relating to closed-circuit television (CCTV) monitoring: The new rules entered into force on 1 August 2018.
  • Credit Information Act (Kreditupplysningslagen (1973:1173))protecting data subjects’ personal privacy and the provision of credit information.
  • The Debt Recovery Act (Inkassolagen (1974:182)) contains provisions applying to persons and entities who recover debts.
  • The Fundamental Law on Freedom of Expression (Yttrandefrihetsgrundlag (1991:1469)) provides national rules regarding freedom of expression and freedom of information.
  • The Marketing Act (Marknadsföringslag (2008:486)) (unofficial English translation: regulates the use of personal data and advertising and marketing activities.
  • The Patient Data Act (Patientdatalag (2008:355)) governs processing of personal data in health care.
  • The Electronic Communications Act (Lag (2003:389) om elektronisk kommunikation) (unofficial English translation: implements provisions of the Privacy and Electronic Communications Directive regarding unsolicited direct marketing. The Act also regulates the use of cookies.

Official guidelines

Guidelines and templates of the Swedish Data Protection Agency (Datainspektionen) are available on the official website (in Swedish):

Guidance from the IAB Sweden (Interactive Advertising Bureau), regarding the use of cookies, can be found here: (in Swedish).

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: