Description

Drafted IMY Regulations on the processing of personal data relating to criminal offences

On 18 September 2023, the Swedish Authority for Privacy Protection (IMY) published a draft of new regulations on the processing of personal data relating to criminal offences. The regulations set out the conditions under which persons other than the authorities can process personal data referred to in article 10 of EU regulation 2016/679 of 27 April 2016, and apply to companies under the supervision of the Financial Supervisory Authority offering financial services and being obliged to comply with measures against money laundering and the financing of terrorism. Also, the regulations apply to companies exporting munitions or dual-use items. In particular, the mentioned companies may process customers' personal data in order to check them against sanctions lists if two criteria are met. First, the sanctions lists must be democratically established and publicly available, and second, safeguards to distinguish between genuine and false matches must be in place.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
other service provider
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2023-09-18
under deliberation

On 18 September 2023, the Swedish Authority for Privacy Protection (IMY) published a draft of new r…