Access your Pro+ Content below.
Sweden’s first GDPR fine sets regulatory tone
This article is part of the CW Europe issue of December 2019-February 2020
Sweden has seen its first fine issued under the General Data Protection Regulation (GDPR), which was imposed on an upper secondary school, according to the country’s Data Protection Authority (DPA). Some fear that the fine, of about SEK200,000 (£16,000), could make organisations more cautious about implementing of digital technologies, but there has been support for the DPA’s stance. The school, Anderstorpsskolan in Skellefteå, used face recognition technology in a time-limited test to identify students attending classes. The school, in northern Sweden, carried out the test for a few weeks, tracking 22 students. The regulator found the school’s board to have violated GDPR law. The DPA based the size of the fine primarily on the fact that the school comes under a local authority, and that the offence occurred while it was testing the tool for a limited period. Under the legislation, a fine, if appropriate, can be up to SEK10m. The DPA ruled that biometrics is sensitive personal data, and it was not enough that the students’ ...
Access this CW+ Content for Free!
Features in this issue
More details about Deutsche Bank’s new technology division in internal company email
Chinese tech giant seeks to reassure Nordic governments over security concerns in 5G contracts
Secondary school fined for breaching General Data Protection Regulation, signalling the attitude of Sweden’s Data Protection Authority