For 50 years, the Swedish Data Protection Agency has been called the Data Inspectorate. But in early 2021, they changed their name to Swedish Authority for Privacy Protection (IMY). In this way, the supervisory authority emphasises that they focus on the individual’s need for integrity protection rather than on data at a time of digitisation. This represent an important step towards putting humans at the centre.
On the name change, the IMY Director General Lena Lindgren says it is closely linked to the GDPR and the new era that the regulation represents: “GDPR strengthens the rights of individuals while increasing the requirements of companies, authorities and others who process personal data. Our name change signals more clearly the authority’s primary task is to safeguard and protect personal integrity.”
Increased Focus on Personal Integrity
The enhanced focus on integrity protection is well followed by IMY’s Integrity Protection Report for 2020. The report focuses on technologies that have a major impact on people’s personal integrity. It includes new technologies for collecting data, for example through sensors and voice control, and for analysing large amounts of data using artificial intelligence. The use of cloud solutions for data storage and 5G for data transmission is also analysed from an integrity protection approach.
Key questions in the report are therefore how developments in the IT field can be understood in relation to privacy and new technologies? By taking stock of what has affected privacy the most in recent years and how good privacy protections are today, it also asks the question of what will matter most when we look forward a few years from now?
High Risk With AI, IoT and Biometrics
IMY’s assessment is that the Internet of Things, IoT, is one of the development areas that will have the greatest impact on personal integrity in the coming years. The reason for this is that the technology means that the typical online tracking options we see today will move into cities and homes, recording sounds, movements, and behaviour. Another high-risk area that IMY points to is the increased collection of biometric data such as fingerprints and facial recognition.
For AI, IoT and biometrics, IMY makes a recommendation to focus in particular on the integrity risks posed by these technologies.
The report also contains a clear recommendation to Swedish politicians for a clearer integrity policy that defines a clear policy area with concrete objectives and measures to strengthen the rights and opportunities for individuals to control how their personal data is handled by authorities and companies. The need for a policy is underlined by the fact that the ongoing digitisation requires measures that guarantee peoples’ right to privacy and self-determination in relation to the processing of their personal data.
As a necessary complement to policy and practical measures, the report recommends a commitment to research and development of technology that protects peoples’ right to personal integrity.