CW+ Premium Content/CW Europe

Thank you for joining!
Access your Pro+ Content below.
December 2019-February 2020

Sweden’s first GDPR fine sets regulatory tone

Sweden has seen its first fine issued under the General Data Protection Regulation (GDPR), which was imposed on an upper secondary school, according to the country’s Data Protection Authority (DPA). Some fear that the fine, of about SEK200,000 (£16,000), could make organisations more cautious about implementing of digital technologies, but there has been support for the DPA’s stance. The school, Anderstorpsskolan in Skellefteå, used face recognition technology in a time-limited test to identify students attending classes. The school, in northern Sweden, carried out the test for a few weeks, tracking 22 students. The regulator found the school’s board to have violated GDPR law. The DPA based the size of the fine primarily on the fact that the school comes under a local authority, and that the offence occurred while it was testing the tool for a limited period. Under the legislation, a fine, if appropriate, can be up to SEK10m. The DPA ruled that biometrics is sensitive personal data, and it was not enough that the students’ ...

Features in this issue