On Friday, the Swedish Data Protection Authority published a plan for prioritized areas of supervision during 2019 and 2020. According to the plan, the authority will focus on prioritized legal aspects, specific business sectors and certain types of new technology.
The prioritized legal aspects will be the concepts of data controller and data processor, consent as a legal basis and the application of the GDPR in relation to the laws on payment services and credit reports.
The business sectors chosen to be targeted are healthcare, education, the Swedish judicial system, retail, mobile operating systems, payment services, debt collection and the Visa Information System. In addition, the authority will handle employers’ processing of their employees’ personal data, mainly focusing on employee surveillance.
With regard to new technology, the authority will look into facial recognition. Other uses of technology that might be subject to supervision is machine learning, automated decision-making, profiling and blockchains.
Time Advokatbyrå continuously provides advice within the field of data protection. If you would like to know more or need legal assistance with data protection issues, please reach out to Alexander Berger, partner and Head of Data Privacy.