CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
Data, regarding supervisory authorities and transborder data flows of
8 November 2001 (CETS No. 181), in force for Sweden since 1 July 2004,
provides as follows, in so far as relevant:
Article 1 – Supervisory authorities
“1. Each Party shall provide for one or more authorities to be responsible for
ensuring compliance with the measures in its domestic law giving effect to the
principles stated in Chapters II and III of the Convention and in this Protocol.
2.
a. To this end, the said authorities shall have, in particular, powers of
investigation and intervention, as well as the power to engage in legal
proceedings or bring to the attention of the competent judicial authorities
violations of provisions of domestic law giving effect to the principles
mentioned in paragraph 1 of Article 1 of this Protocol.
b. Each supervisory authority shall hear claims lodged by any person
concerning the protection of his/her rights and fundamental freedoms with
regard to the processing of personal data within its competence.
3. The supervisory authorities shall exercise their functions in complete
independence.
4. Decisions of the supervisory authorities, which give rise to complaints, may be
appealed against through the courts.
...”
Article 2 – Transborder flows of personal data to a recipient which is not subject to
the jurisdiction of a Party to the Convention
“1. Each Party shall provide for the transfer of personal data to a recipient that is
subject to the jurisdiction of a State or organisation that is not Party to the Convention
only if that State or organisation ensures an adequate level of protection for the
intended data transfer.
2. By way of derogation from paragraph 1 of Article 2 of this Protocol, each Party
may allow for the transfer of personal data:
a. if domestic law provides for it because of:
– specific interests of the data subject, or
– legitimate prevailing interests, especially important public interests, or
b. if safeguards, which can in particular result from contractual clauses, are
provided by the controller responsible for the transfer and are found adequate by
the competent authorities according to domestic law.”
2. Recommendation of the Committee of Ministers of the Council of
Europe on the protection of personal data in the area of
telecommunication services
85. Recommendation No. R (95) 4 of the Committee of Ministers on the
protection of personal data in the area of telecommunication services, with
particular reference to telephone services, adopted on 7 February 1995,
reads, insofar as relevant, as follows:
23