Austria-based privacy campaigner NOYB (styled “noyb”) – European Center for Digital Rights – has announced a legal case against Sweden’s Tax Agency, Skatteverket, over its handling of data collected from all residents of Sweden, available via the state personal address register.
Namely, instead of using personal data such as date of birth, social security number (personal identity number in Sweden), information about income, property value, etc., for administrative purposes – the tax authority shares it with data brokers.
Among the third parties who publish this data online (for “transparency” reasons, according to the agency) is MrKoll, and Dun and Bradstreet, the Intelligence Company, and Kalenderforlaget all have access to all the tax data harvested in Sweden. NOYB singles out MrKoll as having access to and selling on people’s data – “without a single safeguard or restriction.”
Dun and Bradstreet, meanwhile, have a database fed with information from the state’s address register, which other companies can also use to create their databases.
Kalenderforlaget’s taxation calendar has income data of everyone in Sweden, while the Intelligence Company’s access to data of all residents of Sweden older than 15, in the company’s own words, originates from the tax authority.
One of the “data subjects” recently demanded that Skatteverket stop handing his data over to be sold, which led to the Supreme Court ruling saying that should the third party be likely to use the data in violation of the GDPR, it then has to be marked as confidential.
But the tax authority stuck to its guns about “transparency” (such as allowing access to information to journalists, etc.) – which Skatteverket said is a constitutional principle in Sweden, and therefore trumps the court’s ruling to adopt a “balanced” approach to the issue.
However, NOYB believes that this type of “transparency” in reality ends up giving “full access by purely commercial data brokers to government data.”
The privacy group is asking the Stockholm Administrative Court to order Skatteverket to restrict personal data sharing with third parties – as they believe these companies’ processing of the information is inevitably not in compliance with the GDPR.
“It doesn’t make sense that companies like Dun and Bradstreet, the Intelligence Company, and Kalenderforlaget should have access to the tax data of all Swedes,” commented NOYB’s data protection lawyer Joakim Soderberg.
“Sweden prides itself as being a country where human rights are high on the agenda, but apparently the government does not respect the fundamental right to privacy or data protection,” Soderberg remarked.