EU Data Protection Rules and the Lack of Compliance in Sweden

In this short reflection paper, I will set out to explain how and why Sweden breaches EU data protection rules. I will start by providing a brief overview of the EU data protection framework to paint the background picture. Thereafter I will discuss the scope for derogating from the obligations set out in the GDPR and thereby test the Swedish exception and show that it is not proportionate and undermines the purpose of the GDPR. Subsequently, I will discuss why some core fundamental rights of EU law should not be possible to derogate from, when as in the Swedish case it seems to boil down to economic question of who gets to own the data. I will conclude by linking the question of the right to data protection and why licenses should not give companies a carte blanche to publish personal data about people in Sweden to the question of market access. There is an imbalanced relationship here, to use the internal market vocabulary, with Swedish people having all their private data published online while other EU states do not do that. Likewise, there is an external dimension here: the data is available on the internet globally and therefore third countries also access it.