CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
Fourth, the applicant considered that seeking compensation from the
Chancellor of Justice was not an effective remedy because: (i) the individual
bears the burden to prove that there had been unlawful surveillance; (ii)
compensation without erasing the unlawfully processed data could not be
regarded as an effective remedy; (iii) to date the Chancellor, who enjoys
discretion as to which complaints to review, had dismissed all complaints
concerning the FRA’s activities; (iv) the Government had not shown the
effectiveness of this remedy, seeing that it is unclear what action must be
undertaken by the Chancellor upon receipt of a report from the Inspectorate
informing about actions of the FRA that may give rise to a claim of
damages: in particular, if the Chancellor were to provide the individual with
an opportunity to claim damages, that would require advising him or her of
the unlawful conduct of the FRA which could be precluded by secrecy.
Fifth, in the absence of notification or access to documents it is virtually
impossible for an individual to discharge the burden of proof in a civil
action for damages.
Sixth, the Ombudsmen could not order any redress and no examples of
the effectiveness of this remedy have been shown.
Seventh, the procedure according to which the FRA could correct or
destroy unlawfully processed personal data was dependent on the
individual’s knowledge that data had been processed and was ineffective
due to the secrecy requirement. Also, the Administrative Court has never
received applications form the Data Protection Authority seeking the
erasure of unlawfully processed data.
Finally, the possibility to seek prosecution was also dependent on the
individual knowing of relevant wrongdoing and thus ineffective.
200. On the issue of transfers of intercepted data to foreign third parties,
the applicant submitted that the deficiencies in the Swedish legal regime and
practice were glaring. The legal limitations on such transfers consisted of
nothing more than a vague and broadly defined obligation to act in the
national interest. There was no requirement that possible harm to the
individual is to be taken into account or that the recipient is to be required to
protect the data with similar safeguards as those applicable in Sweden.
201. The applicant disagreed with the finding of the Chamber that the
above shortcomings were counterbalanced by the supervisory mechanisms
of the Swedish system. It considered that this supervision was inadequate
and in any event did not cover the transfer of intercepted data to foreign
parties. The FRA was merely required to inform the Inspectorate of the
principles governing its cooperation with foreign parties, identify the
countries or international organisations to which data was transferred and
provide general details of operations. As the Inspectorate monitors the
FRA’s activities for compliance with existing legal requirements and the
law allows excessive discretion to the FRA in this area, even the most
stringent policing by the Inspectorate could do little to provide safeguards