These companies circumvent the rules that prohibit the publication of personal data without consent, as regulated by the General Data Protection Regulation (GDPR), by relying on the Swedish Freedom of Expression Act (YGL: yttrandefrihetsgrundlagen) and publication permits. The publication permits are issued by the Swedish Broadcasting Authority and are what allow these websites to be covered by the Freedom of Expression Act and publish personal data publicly at present.
This means that the publication is protected in the same way as journalism, as long as it does not violate the Freedom of Expression Act.
Freedom of Expression Act vs. GDPR paradox
The GDPR is intended to protect individuals' personal data, but currently in Sweden the Freedom of Expression Act takes precedence over the GDPR. This allows websites with publication permits to publish data without personal consent, which has been heavily criticized lately.
Read more: How to remove your personal data from searchable registers
Risk of crime and harassment
Since personal data is openly searchable on the internet, it can be exploited for fraud, identity theft, stalking, and domestic violence. The Police Union has published information on its website about how individuals can reduce the visibility of their personal data on the internet.
IMY investigates
The Swedish Authority for Privacy Protection (IMY) has investigated Mrkoll and similar services after complaints, and previously, both IMY and the Data Inspection Board have pointed out the increased vulnerability when large amounts of personal data are made freely available.
Ongoing political discussions
There is a motion 2024/25:293 by Ingemar Kihlström (KD) that deals with limiting the disclosure and sale of personal data from authorities to private actors and search services like Ratsit and Mrkoll. Stricter guidelines are proposed for authorities' disclosure/sale of personal data. The motion includes requirements for full identification for those requesting sensitive information, extra protection for data such as social security numbers (last four digits), car ownership, and property ownership. It also proposes that disclosure in the future should only occur for public-interest purposes, not commercial mass publication.
A question of balance
The core issue is where the line is drawn between freedom of expression and the right to privacy. Proponents argue that the principle of public access and constitutional protection are crucial for transparency in an open society. Critics, on the other hand, see a development where criminals exploit the information to cause harm.
For now, it is still legal for Ratsit and Mrkoll to publish personal data thanks to their publication permits, but 2025 could be a turning point.
Sources: Polisförbundet, Dagens Juridik, IMY, Riksdagen
