What you need to know
In March 2012 Sweden passed its own local Data Retention Directive, which forces all Swedish ISPs to record user information – such as login times, email logs and websites visited – and store the data for at least six months.
In according with the EU’s wider Data Retention Directive, ISPs in Sweden are required to archive your personal information so that the “data can be transmitted upon request to the competent authorities without undue delay.”1
Sweden’s data retention law was introduced following pressure from the European Union to comply with the European Data Retention Directive, which the Swedish government had initially resisted due to privacy concerns2.
IMPORTANT UPDATE – 10/04/2014
The European Court of Justice has declared the European data retention directive (Directive 2006/24/EC) invalid. The Court found that the set of obligation laid down by current directive is disproportionate and contrary to some fundamental rights protected by the Charter of Fundamental Rights, in particular to the principle of privacy, because “the wide ranging and particularly serious interference of the directive with the fundamental rights at issue is not sufficiently circumscribed to ensure that that interference is actually limited to what is strictly necessary” – for more info see http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-04/cp140054en.pdf
In 2008 the Swedish parliament passed a highly controversial law that allows the Swedish state to monitor all internet traffic, without any warrant or judicial oversight.
The FRA law was set-up ostensibly to prevent terrorist communications across Sweden’s borders. The initiative involves the installation of 20 monitoring hubs across the country that process and analyse emails and web-traffic coming into and out of Sweden3.
In 2009, due to pressure from privacy activists, the FRA was amended to subject monitoring to political scrutiny. In 2010 technical difficulties slowed down the law’s implementation. It’s unclear whether or not the secret agency that was set-up to implement the FRA law is currently in operation.
In 2009 Sweden passed the anti-copyright theft directive IPRED into law.
IPRED allows copyright holders to force Swedish ISPs, through a court order, to reveal the personal information of users under suspicion of sharing copyrighted files4.
While IPRED has led to an increase in file sharers being taken to court by copyright lawyers, it has also resulted in a big spike in VPN usage amongst Swedes5.