Regulations governing the Security Service's processing of personal data

The regulations governing how our Service may process personal data differ depending on whether the processing is for law enforcement or for administrative purposes.

The Swedish Security Service is a national government agency and, as such, any messages sent to us are regarded as official documents that we are required to keep a record of. Under the principle of public access to official records, data may be disclosed upon request unless subject to secrecy under the Public Access to Information and Secrecy Act.

Our Service's processing of personal data in a law-enforcement context is governed by the Act (2019:1182) Concerning the Swedish Security Service’s Processing of Personal Data. Our processing of personal data in an administrative context (for example, for recruiting and personnel administration purposes) is governed by the European General Data Protection Regulation and the Data Protection Act.

Our Service is the controller of any personal data it processes.

Processing of personal data in a law-enforcement context

Our Service's processing of personal data in a law-enforcement context is governed by the Act (2019:1182) Concerning the Swedish Security Service’s Processing of Personal Data.

Our Service processes personal data if this is necessary in order to prevent, avert or detect criminal activities connected to offences against national security, terrorist offences, or offences against the Freedom of the Press Act and the Fundamental Law on Freedom of Expression (when driven by racism or xenophobia), and to investigate and prosecute such offences. Personal data is for example processed within our Service’s intelligence work and criminal investigations.

Our Service also processes personal data when necessary to protect the safety and security of e.g. members of the central government, to carry out duties under the Aliens Act or the Citizenship Act (for instance when serving as a referral body for the Swedish Migration Agency) and to carry out our international commitments.

In addition to this, our Service may process personal data in order to carry out duties under the Protective Security Act. For example, a records check is conducted as part of the security screening procedure whenever someone applies for a security-classified position. A records check includes checks against the Criminal Records Registry and against data processed by our Service under the Act Concerning the Swedish Security Service’s Processing of Personal Data. The final decision regarding whether the information resulting from each records check will be provided to the government agency requesting the security screening is made by the Swedish Commission on Security and Integrity Protection.

Our Service does not retain personal data longer than required for the purpose for which it is being processed. Data may however be retained for longer if processed solely for the purpose of archiving in the public interest.

The Security Service may not process personal data based solely on what is known about a person’s race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life (“special categories of personal data”).

Oversight and inspection of our registers

The Swedish Commission on Security and Integrity Protection is an oversight body whose remit includes inspecting the Security Service’s processing of personal data. The Commission exercises its supervision through inspections conducted at its own initiative. The Commission is obliged to check, upon request of an individual, whether that individual has been subject to intrusive measures or the processing of personal data and, if so, if this was carried out in accordance with the law.

The Swedish Commission on Security and Integrity Protection websiteexternal link

Processing of personal data in an administrative context

Our Service’s processing of personal data in an administrative context is governed by the European Union General Data Protection Regulation.

Our Service processes personal data in an administrative context for various reasons, such as for recruiting and personnel administration purposes and in order to inform about our activities on our website. Under the European General Data Protection Regulation, the processing of personal data must have a legal basis. Our Service processes personal data when necessary in order to carry out our duties under other regulations. In certain cases, personal data may be processed only when the data subject has consented to this.

Our Service does not retain personal data longer than required for the purpose for which it is being processed. Data may however be retained for longer if processed solely for the purpose of archiving in the public interest.

Generally, our Service may not process personal data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership; nor may we process genetic and biometric data and data concerning a person's health, sex life or sexual orientation. There are however certain circumstances under which such data may be processed, such as when an individual has given their consent or clearly made the information publicly available.

In some cases, our Service may provide personal data to other government agencies, municipalities, the public, or legal or natural persons. What data may or must be provided, as well as when and how this is to occur, is stipulated in various legislative acts governing public access, secrecy, labour, taxation, etc.

The rights of individuals

You may submit a request to the Security Service if you wish to know whether we are processing your personal data. For more information, please see Public access and official documents (in Swedish). Access to this data may be restricted if it is subject to secrecy. If you find that the data we are processing is inaccurate, you may request that it be corrected. If you find that your personal data has been unlawfully processed or that the purpose for which the processing was necessary no longer exists, you may request the erasure of this data. If our use of the data was conditional on your consent, you are entitled to withdraw this consent at any time. If your personal data is being processed by our Service for administrative purposes, you have the right in certain cases to receive this data and transmit it to another controller; this is known as data portability.

If you have questions regarding our Service’s processing of personal data, you are welcome to contact our data protection officer.

Contact the Swedish Security Service

If you believe that the Security Service is processing data about you counter to the General Data Protection Regulation (EU), you are entitled to submit a complaint to the Data Inspection Board.

Data Inspection Board websiteexternal link