Karl-Erik Tallmo,
lectures

This text may not be re-published, printed or copied without the author's permission. Copyright © Karl-Erik Tallmo

A short introductory address before the hearing at the Swedish Parliamentary Standing Committee on the Constitution on December 8, 1998.



The Swedish Personal Data Act
and the Integrity Problem

For foreign readers:

On October 24, 1998, a new data law, based on the EU directive 95/46/EC for personal data protection, went into effect in Sweden. It has been widely criticized, since it bans the usage of almost all personal data, stored in either digital or hard copy formats, if the subjects in question have not given their approval, or if it does not have anything to do with journalism or artistic expression, areas which the law does not define. The law is intended to protect personal integrity, but critics believe that it will rather make the normal handling of data, such as in electronic publishing, more difficult.

One example of the absurd consequences of this law, if it is followed to the letter, is that it would be required to obtain permission from Augusto Pinochet, for example, in order to mention him on a web site containing political texts. Even Amnesty International would have to ask political prisoners for their permission prior to mentioning them on its web site.

Criticism of the law has led to the unusual step being taken of conducting a legal review of it, even prior to its taking full legal effect. As part of this revision, a hearing was held on December 8, 1998, by the Parliament's Standing Committee on the Constitution, which heard from legal scholars, user groups and people who have been critical of the law. Below is Karl-Erik Tallmo's introductory address. Four paragraphs, presumably of less interest to foreign readers, have been omitted in this translation:

[...] Representatives for the Data Inspection Agency and the government have tried to reassure users that they will be generous in approving exemptions, and then, all those who call themselves journalists or artists will also be considered to be such.

But creating a law which is applied in such an ad-hoc fashion, can only pave a road of arbitrariness. In the worst case scenario, the Data Inspection Agency could, in practice, become an authorized censor, deciding on a case by case basis what is allowed to be said. And what happens when the day comes that those in control decide to be less generous? The law will provide no protection.

”In the worst case scenario, the Data Inspection Agency could, in practice, become an authorized censor, deciding on a case by case basis what is allowed to be said. ”

[...]

It is somewhat disconcerting in an age when new forms of media are offering more opportunities for representatives of the so called grass-roots to self-publish, that several recent investigations have sought to create a separate status for journalists and artists. These happen to be the very groups which are traditionally inclined to make a lot of noise and to protest.

[...]

What we now have is a law which primarily hinders the normal and legitimate usage of personal data, but which hardly protects us from illegitimate use of such. A fundamental question is, of course, can the law protect us at all in this incredibly complex world which we are in the process of creating for ourselves, or should matters instead be left up to individuals to take responsibility for controlling what they disseminate about themselves?

No matter how one answers that question, a significant integrity problem does exist in this new digital world of ours.

We leave enormous amounts of electronic traces behind us in this modern world, in places like mobile telephone routers and bank servers, in every contact with government authorities, with credit card companies and at every Web site we visit on the Internet. This occurs against the backdrop of a society where we long ago ceased to worry about security cameras and nosy surveys. Instead, we are now hooking up cameras to our own computers, providing views of a lunch room or, like in some cases, even the bedroom, and uploading diaries onto the Internet. A defining characteristic of today seems to be the desire to be seen and noticed. Over 300,000 Swedes have their own home pages, revealing varying amounts of private things.

Some of this is, of course, what has been called harmless, but even harmless things can cause problems. Numerous celebrities who have been featured in the "home at" stories found in weekly magazines have, for example, been burglarized, the thieves knowing exactly what to take. Last summer, a woman in the U.S. was the victim of obscene letters in which the letter writer had created a sort of erotic novel with her as the main character. He knew many private things about her divorce, which newspapers she read and what kind of soap she used.

”It is not unlikely that we might find ourselves in a situation where publishing and public access become the norm, while the withholding of information will become our active measure rather than as now, where we release information as we choose to. ”

Of course it is always risky to just extrapolate from the present and assume that the future will also be like that, but worse, more, bigger etc. It is, however, not unlikely that we might find ourselves in a situation where publishing and public access become the norm, while the withholding of information will become our active measure rather than as now, where we release information as we choose to. Take, for example, a simple thing such as the ability to pinpoint the location of a mobile telephone. It then becomes possible to map out where a person goes. Once cars start using satellites to assist in navigation, we'll have yet another such indicator. Information like that, along with the information we leave behind us on the Internet, can provide a rather extensive picture of what we do, who we are, what we think, and so forth.

The deceptive reality of this situation is that while we may feel noticeably uncomfortable if a stalker follows us on the street, the concept of someone following us by reading mobile telephone routers seems so abstract that even if we are aware of it we shrug our shoulders.

***

I suppose it is possible that the big problem today is not an encroachment on our integrity by government authorities, but rather the fact that we are exposing ourselves to each and everyone. Especially in the U.S., detective agencies and so-called bounty hunters are focusing more and more of their operations on the Internet. It is simply cheaper than having people sit in a car all night, watching someone's door.

I believe our situation today is somewhat similar to those days when the peasants moved to the cities. Perhaps the farmer was in the habit of leaving his door unlocked in the country, but in town he found that he had to be more careful. In town, double locks and iron gates are now the rule. It is, of course, unfortunate that it needs to be that way, but most modern people have, in any event, gotten used to such a world. In a similar fashion, one should not plunge into the digital realm without being aware of the risks.

These are problems that need to be discussed now, and it is my contention that all of these issues are related - public access, freedom of speech and integrity - they cannot be dealt with separately. Other issues, such as new forms of publication, the role of authors, copyright, and perhaps even patents, also need to be considered. It is unfortunate that so many committees have been formed to evaluate their own little piece of the pie - we have had a CD-ROM committee, a BBS committee, a Data Law Committee, a Media committee, etc.

It is bad enough to endure isolated investigations pertaining to the world we are all familiar with. But it is even worse when they pertain to a world that few yet understand.

I suggest very broad solutions, involving close cooperation between different committees within the IT field. It should also be required that those who are in charge of these investigations, also navigate the Internet. Personal experience of the culture involved is much more valuable than just having another expert write yet another report addendum about the history of the Internet.

The question now, is what can be done to the Personal Data Act, within the framework of current EU directives? Our greatest chance lies, no doubt, in working with the EU towards making the next directive more insightful and up-to-date. The previous directive was issued prior even to the invention of the World Wide Web, perhaps the most radical change since the personal computer revolution at the beginning of the 1980s. Sweden, one of the world's most advanced IT nations, should really be able to act in the forefront regarding computer legislation in the EU.

(Participating in the hearing were, among others, former Supreme Court Justice Staffan Vängby, Senior Jurist Sören Öman, Under-Secretary of State Hans-Erik Holmqvist, General Director of the Data Inspection Agency Ulf Widebäck, Ann-Marie Nilsson of the Swedish IT Companies Association, Professor Jon Bing of the Law and Informatics Research Institute at Oslo University, Professor Peter Seipel who is chair of the IT Legal Observatory, journalist Anders R. Olsson, author and editor Karl-Erik Tallmo, and Chairman Per Unckel.)



Translated from Swedish by Henrik Nordström.


[Back to overview of lectures]
[Back to Karl-Erik Tallmo's start page]