CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
19
b. protecting the data subject or the rights and freedoms of others.
...”
Article 10 – Sanctions and remedies
“Each Party undertakes to establish appropriate sanctions and remedies for
violations of provisions of domestic law giving effect to the basic principles for data
protection set out in this chapter.”
67. The Additional Protocol to the Convention for the Protection of
Individuals with regard to Automatic Processing of Personal Data,
regarding supervisory authorities and transborder data flows of
8 November 2001 (CETS No. 181), ratified by Sweden on the latter date,
provides as follows:
Article 1 – Supervisory authorities
“1. Each Party shall provide for one or more authorities to be responsible for
ensuring compliance with the measures in its domestic law giving effect to the
principles stated in Chapters II and III of the Convention and in this Protocol.
2.
a. To this end, the said authorities shall have, in particular, powers of
investigation and intervention, as well as the power to engage in legal
proceedings or bring to the attention of the competent judicial authorities
violations of provisions of domestic law giving effect to the principles
mentioned in paragraph 1 of Article 1 of this Protocol.
b. Each supervisory authority shall hear claims lodged by any person
concerning the protection of his/her rights and fundamental freedoms with
regard to the processing of personal data within its competence.
3. The supervisory authorities shall exercise their functions in complete
independence.
4. Decisions of the supervisory authorities, which give rise to complaints, may be
appealed against through the courts.
...”
Article 2 – Transborder flows of personal data to a recipient which is not subject to
the jurisdiction of a Party to the Convention
“1. Each Party shall provide for the transfer of personal data to a recipient that is
subject to the jurisdiction of a State or organisation that is not Party to the Convention
only if that State or organisation ensures an adequate level of protection for the
intended data transfer.
2. By way of derogation from paragraph 1 of Article 2 of this Protocol, each Party
may allow for the transfer of personal data:
a. if domestic law provides for it because of:
– specific interests of the data subject, or
– legitimate prevailing interests, especially important public interests, or