Law Library Stacks

Back to Foreign Intelligence Gathering Laws

Summary

Signal surveillance is regulated by Swedish law.  Only the National Defense Radio Establishment may carry out surveillance and only on cross-border communication.  Information may be requested by the government, the military, and the police.  Sweden’s surveillance legislation has received widespread criticism, including from the European Parliament, on the grounds that it fails adequately to protect privacy and may violate the European Convention on Human Rights.  Specific privacy protection regulations that pertain to surveillance information are in place.

I.       Signal Surveillance Legislation

Intelligence collection of data through signal surveillance is carried out by Försvarets Radioanstalt (FRA) (the National Defense Radio Establishment)[1] and is governed by the Act on Signal Surveillance for Defense Intelligence Activities, commonly referred to as the FRA legislation.[2] Surveillance is also limited by the more general Act on Defense Intelligence Activity.[3]

A.    Requirements

Intelligence data collection through signal intelligence can only be requested by the government, government offices, the Swedish Armed Forces, the Swedish Security Service (Police), and the National Operative Department of the Police.[4] Such collection requires prior authorization from the Defense Intelligence Court[5] and can only be carried to determine

1. outer military threats against the country,
2. conditions for Swedish involvement in peace promotion and humanitarian international missions or threats against security for Swedish interests during such missions,
3. strategic relationships regarding international terrorism and other significant transborder crime that can threaten important national interests,
4. development and spread of mass destruction weapons, military material and products covered in the Law (SFS 2000:1064) on control of products with dual uses and technical assistance,
5. serious outer threats against society’s infrastructure,
6. conflicts abroad with consequences to international security,
7. foreign intelligence activity against Swedish interests, or 
8. foreign governments powers conduct or intentions of considerable importance to Swedish foreign, security or defense policy.

If necessary for security defense intelligence operations signals in electronic form may also be collected to 

1. follow changes in the signal environment abroad, technical development and the signal protection as well as
2. continuously develop the technology and methods needed to carry out its activity in accordance with this law (2009:967).[6]

The court may only grant an application for surveillance if it conforms to the purposes of the surveillance legislation and the Act on Defense Intelligence Activity, the need cannot be met in a less invasive manner, and the value of the surveillance clearly outweighs the violations against integrity (human rights).[7] In addition, the application cannot be limited to one specific, physical individual.[8] The Swedish Defense may cooperate with foreign governments in the collection of the abovementioned information.[9]

B.     Limitations

There are limitations on signal surveillance both in terms of scope, duration, and subject.  The main limitation is that signal surveillance must only cover cross-border communications.[10]  Thus, communications that take place solely within the borders of Sweden cannot be legally collected through signal surveillance.  However, these limits do not apply to “senders and receivers on foreign state ships, foreign state aircraft or military vehicles.”[11] Domestic surveillance is instead covered by the Swedish law implementing the European Union Data Retention Directive.[12] Moreover, surveillance cannot be targeted against one specific individual alone[13] and may only be approved for a period of six months at a time.[14]

Once collected, stored information must be destroyed by the FRA under certain circumstances, e.g., if information on an individual lacks importance to the investigation[15] or the “information was communicated during religious confession or private care of the soul, unless there are exceptional reasons to collect the information.”[16]

Back to Top

II.   Privacy

Specific privacy legislation deals with the treatment of personal data collected by the FRA.[17] Individuals have the right to inquire whether they are included in the material collected by the FRA.[18] Such information can be requested once a year and should be provided within four months.[19] Information may be withheld if secrecy requires it.[20] 

Stored data can only be shared with foreign or multinational entities if the information is not protected by secrecy and if sharing it is required for the FRA to fulfill its international commitments.[21] However, the government has the right to issue regulations that allow secret information to be transferred if considered necessary for the operations of the FRA.[22] The FRA must employ security measures to safeguard personal information.[23]

Only decisions on information correction requests and the communication of information to third parties may be appealed.[24] Under certain circumstances, such as when information collection constitutes a violation of personal integrity, the state can be held liable for damages to an individual whose information was illegally obtained.[25]

Sweden has been criticized by the European Parliament for its legislation on signal surveillance, especially as it pertains to privacy protections and its oversight, on the ground that it may violate the European Convention on Human Rights.[26]

Back to Top

III.      Oversight Authorities

Sweden has two different oversight authorities for signal intelligence gathering.  The oversight authority that oversees FRA’s compliance with the Signal Surveillance Act is Statens inspektion för försvarsunderrättelseverksamheten (Siun),[27] whereas the Swedish Data Inspection Board is responsible for the oversight of privacy issues, specifically how information is stored and shared between agencies.[28] In this capacity the Data Inspection Board has the right to access personal information that has been stored, obtain information about the storage and protection of the collection, and access facilities containing the information.[29] It is also responsible for trying to ensure the correction of possible violations.[30] The oversight authority may initiate court proceedings before the district administrative court to have illegal information erased.[31]  However, information may not be erased if doing so is deemed unreasonable.[32]

Back to Top

Prepared by Elin Hofverberg
Foreign Law Consultant
December 2014
 


[1] In English, FRA, http://www.fra.se/snabblankar/english.10.html (last visited Dec. 2, 2014).

[2] Lag om signalspaning i försvarsunderrättelseverksamhet [Act on Signal Surveillance for Defense Intelligence Activities] (Svensk författningssamling [SFS] 2008:717), http://www.notisum.se/rnp/sls/lag/ 20080717.htm.

[3] Lag om försvarsunderrättelseverksamhet [Act on Defense Intelligence Activities] (SFS 2000:130), https://lagen.nu/2000:130.

[4] 4 § Act on Signal Surveillance. 

[5] Id. 4 § para. 3.

[6] Id. 1 § paras. 2 & 3 (translation by author).

[7] Id. 5 §. 

[8] Id.

[9] Id. 9 §; 3 § Lag om försvarsunderrättelseverksamhet (SFS 2000:130).

[10] 2a § Act on Signal Surveillance.

[11] Id. 2a § para. 2.

[12] The domestic Act, Lagen om elektronisk kommunikation (SFS 2003:389), is still in force following the EU Court’s invalidation of the Data Retention Directive as a violation of human rights earlier this year.  For a discussion of the EU Directive, see EU survey, supra.

[13] 4 § para 3 Act on Signal Surveillance.

[14] Id. 5a § item 5.

[15] Id. 7 §.

[16] Id. (translation by author).

[17] Lag om behandling av personuppgifter i Försvarsmaktens försvarsunderrättelseverksamhet och militära säkerhetstjänst (SFS 2007:258); Lag om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet(SFS 2007:259).

[18] Ch. 2:1 § Lag om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet.

[19] Id.

[20] Id. ch. 2: 3 §.

[21] Id. ch. 1:17 §.

[22] Id.

[23] Id. ch. 3:2 §.

[24] Id. ch. 3:3 §.

[25] Ch. 2:5 § Lag om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet.

[26] EU Scrutinizes Sweden’s Surveillance Capacities, Sveriges Radio (Nov. 8, 2013), http://sverigesradio.se/sida/ artikel.aspx?programid=2054&artikel=5698572; European Parliament, Draft Report, 2013/2188(INI) (Jan. 8, 2014), http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/moraes_1014703_/moraes_ 1014703_en.pdf.

[27] 2 § Förordning med instruktion för Statens inspektion för försvarsunderrättelseverksamheten (2009:969) [Regulation with Instruction for the State Inspection of Defense Intelligence Activity], http://www.riksdagen. se/sv/Dokument-Lagar/Lagar/Svenskforfattningssamling/Forordning-2009969-med-inst_sfs-2009-969/.

[28] Förordning med instruktion för Datainspektionen [Regulation with Instruction for the Datainspektionen] (SFS 2007:975), http://www.riksdagen.se/sv/Dokument-Lagar/Lagar/Svenskforfattningssamling/Forordning-2007975-med-inst_sfs-2007-975/.

[29] Ch. 5:2 § Lag om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet.

[30] Id. ch. 5:3 §.

[31] Id. ch. 5:4 §.

[32] Id. ch. 5: 4 § para. 2.

Back to Top

Last Updated: 06/09/2015