CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT – SEPARATE OPINIONS
there is a reasonable probability that such communications will be
intercepted as a by-catch of the requested interception. Privileged
communications, such as those related to media sources and attorney-client
privilege, are protected only to the extent that they ought to be destroyed if
they have been intercepted. The fact that not even communications in a
religious context of confession or individual counselling are protected, since
they may be intercepted and exceptionally examined, is quite disturbing.
Supervision of the implementation of the interception permit
12. The FIC does not oversee the implementation of the bulk
interception permit, nor even the intended subsequent use of the intercepted
communication, this task being assigned to the Foreign Intelligence
Inspectorate (FII). As with the FIC, the composition of the FII’s board is
dependent on the Government. The Government appoints its members for a
renewable four-year mandate, the president and the vice-president being or
having been permanent judges and the other four lay members chosen from
among former politicians proposed by party groups represented in
Parliament26. The FII works part-time27, assisted by a “small secretariat”28.
13. The FII does not have powers to determine, by means of a legally
binding decision, whether the FIC’s permit is lawful, nor to order a
rectification of the FRA’s practices or a reform of its internal rules, nor to
grant compensation, but it can decide that an operation should cease or that
the intercepted material should be destroyed if it did not comply with the
relevant permit. The FII cannot take any legally binding decisions relating
to breaches of the Convention, the Swedish Constitution or the FRA
Personal Data Processing Act. Instead, it may report the matter to the Data
Protection Authority.
14. The Data Protection Authority has a general supervisory function in
respect of the protection of personal data. In the exercise of its function, it
has access to personal data processed by the FRA and the relevant
documentation as well as to the facilities where they are kept. The Data
Protection Authority cannot itself take any legally binding decisions with
respect to the FRA and is under no obligation to take any action upon
receiving a report from the FII. If it chooses to act, all that the Data
Protection Authority can do is to communicate its views to the FRA, or to
apply to the Administrative Court for the destruction of illegally processed
personal data, but to date it has never used this power29.
The Venice Commission considered the FII a “hybrid body”, just as it did regarding the
FIC (Venice Commission report, cited above, p. 33).
27 As the Government admitted in the Grand Chamber hearing on 10 July 2019.
28 As described by the Venice Commission report, cited above, p. 33.
29 See paragraph 57 of this judgment.
26
103