How the Security Service processes personal data

There are different regulations governing how our Service may process personal data for either law enforcement or administrative purposes.

The Swedish Security Service is a national government agency and, as such, any messages sent to us are regarded as official documents we must keep a record of. Under the principle of public access to official records, data may be disclosed upon request unless it is subject to secrecy under the Public Access to Information and Secrecy Act.

Our Service processes personal data associated with our law-enforcement activities in accordance with the provisions stipulated in the Police Data Act and in the Personal Data Act. We process personal data associated with our administrative tasks (e.g. in connection with our recruitment procedures and personnel administration) in accordance with the General Data Protection Regulation (EU) and the Data Protection Act.

Our Service is the controller of any personal data it processes.

Processing of personal data in accordance with the Police Data Act

Under the Police Data Act, our Service may process personal data if this is required in order to prevent, avert or detect criminal activities associated with offences against national security, terrorist offences, or offences against the Freedom of the Press Act or the Fundamental Law on Freedom of Expression (when driven by racism or xenophobia). Our Service may also investigate and prosecute such offences.

The Security Service may also process personal data if this is required in order to protect members of the central government, and when the Service carries out international commitments or provides technical assistance to other government agencies.

In addition, our Service may process personal data in order to carry out tasks as described in the Protective Security Act. For example, a records check is carried out as part of the security screening procedure whenever someone applies for a post requiring security clearance. The records check includes checks against the Criminal Records Registry and against data processed by the Service under the Police Data Act. The Swedish Commission on Security and Integrity Protection (SIN) makes the final decision as to whether the information resulting from each records check will be provided to the government agency responsible for the security screening.

The Security Service does not store personal data longer than required for any of the said purposes. Data may be stored for longer periods when it is processed solely for archiving purposes in the public interest.

The Security Service may not process personal data based solely on what is known about a person's race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, health or sexual orientation (special categories of personal data).

Oversight and inspection of our registers

The Swedish Commission on Security and Integrity Protection supervises the processing of personal data conducted by our Service. The Commission exercises its supervision through inspections at its own initiative. At the request of an individual, the Commission is obliged to check whether he or she has been subject to processing of personal data and whether the processing of personal data was in accordance with laws and other regulations.
Swedish Commission on Security and Integrity Protection websiteexternal link

You may request access to any data about yourself that may have been registered with the Security Service.

Processing of personal data under the General Data Protection Regulation (EU)

In its administrative tasks, our Service processes personal data for various reasons, e.g. for recruiting purposes, for personnel administration and in order to inform about our activities on our website. The processing of personal data shall be lawful in accordance with the General Data Protection Regulation (EU). Our Service processes personal data when necessary in order to perform tasks stipulated in other regulations. In certain cases, personal data may only be processed when the data subject has given his or her consent.

We do not store personal data longer than necessary for our purposes. Data may be stored for longer periods when it is processed solely for archiving purposes in the public interest.

As a general rule processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic or biometric data, data concerning health, a person's sex life or sexual orientation is prohibited. Such data may however be processed under certain circumstances, e.g. if an individual has given their consent or clearly made the information public.

In some cases, our Service may provide personal data to other government agencies, municipalities, the public, or legal or natural persons. What data may or must be provided, as well as when and how this is to occur, is stipulated in various legislative provisions governing public access, secrecy, labour, taxation, etc.

You may submit a request to the Security Service if you wish to obtain confirmation as to whether we are processing personal data about you in our administrative work. Access to this data may be restricted if it is subject to secrecy. If you find that the data we are processing is inaccurate, you may request that it be rectified. If you find that your personal data was unlawfully processed or that the processing is no longer necessary in relation to the purpose for which this data was collected, you may request that it be erased. If our use of the data was conditional on your consent, you may withdraw this consent at any time. In certain cases, you have the right to receive and transmit your personal data to another controller; this is known as data portability.

If you have questions regarding our Service’s processing of personal data, you are welcome to contact our data protection officer.
Contact the Swedish Security Service

If you believe that the Security Service is processing data about you counter to the General Data Protection Regulation (EU), you are entitled to submit a complaint to the Data Inspection Board.
Data Inspection Board websiteexternal link