CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
personal data in connection with strategic circumstances relating to
international terrorism and other serious cross-border crime threatening
significant national interests. The inspection did not give rise to any opinion
or suggestion. However, during that year, one opinion was submitted to the
Government following an inspection of whether the FRA’s intelligence
activities complied with the tasking directives given. During the years 20092017 the Inspectorate found reason to make a report to another authority –
the Data Protection Authority – on one occasion, concerning the
interpretation of a legal provision. In its annual reports, the Inspectorate has
noted that it has been given access to all the information necessary for its
inspections.
54. The supervisory activities of the Foreign Intelligence Inspectorate
have been audited by the National Audit Office (Riksrevisionen), a body
answerable to Parliament. In a report published in 2015 the Office noted
that the FRA had routines in place for handling the Inspectorate’s opinions
and that the supervision helped develop the activities of the FRA.
Suggestions were dealt with in a serious manner and, when called for, gave
rise to reforms. With the exception of one case when the FRA referred the
matter to the Government, the FRA took the action decided by Inspectorate.
At the same time the Office criticised the Inspectorate’s lack of
documentation of inspections and the fact that there were no clearly
specified goals for the inspections.
55. Within the FRA there is a Privacy Protection Council tasked with
continuously monitoring measures taken to ensure protection of personal
integrity. The members are appointed by the Government. The Council
reports its observations to the FRA management or, if the Council finds
reasons for it, to the Inspectorate (section 11 of the Signals Intelligence
Act).
56. Further provisions on supervision are found in the FRA Personal
Data Processing Act. The FRA shall appoint one or several data protection
officers and report the appointment to the Data Protection Authority
(Chapter 4, section 1). The data protection officer is tasked with
independently monitoring that the FRA treats personal data in a legal and
correct manner and point out any deficiencies. If deficiencies are suspected
and no correction is made, a report shall be submitted to the Data Protection
Authority (Chapter 4, section 2).
57. The Data Protection Authority, which is an authority under the
Government, has, on request, access to the personal data that is processed
by the FRA and to documentation on the treatment of personal data along
with the security measures taken in this regard as well as access to the
facilities where personal data is processed (Chapter 5, section 2). If the
Authority finds that personal data is or could be processed illegally, it shall
try to remedy the situation by communicating its observations to the FRA
(Chapter 5, section 3). It may also apply to the Administrative Court