CENTRUM FÖR RÄTTVISA v. SWEDEN JUDGMENT
requirement limiting the keeping of material containing personal data and
for sanctions for mismanagement of personal data. It guarantees specific
monitoring of personal data treatment and sets out the powers of the Data
Protection Authority in this regard. In other words, the Act in question adds
another layer of protection, tailored to the specificities of personal data, to
the already existing safeguards that are applicable to information concerning
natural and legal persons alike.
315. This approach, which takes into account the special sensitivity of
personal data, does not seem to be problematic and does not mean that the
communications of legal persons are left unprotected by
safeguards. Contrary to the applicant’s claim, there is nothing in the
relevant legislation suggesting that intercept material not containing
personal data can be used for purposes incompatible with the original
purpose of the interception, as approved by the Foreign Intelligence Court.
316. In sum, the Court is satisfied that the legislation on selecting,
examining and using intercepted data provides adequate safeguards against
abuse that may affect Article 8 rights.
(6) The precautions to be taken when communicating the material to other
parties
317. As regards communication of data from the FRA to other Swedish
Government bodies, the Court observes that the very purpose of signals
intelligence is to obtain information that is useful for the mission of relevant
sectors of Government. The circle of domestic authorities that may be given
such information in Sweden is narrow and includes above all the Security
Police and the Armed Forces. The FRA may grant these bodies direct access
to data that constitutes the results of analysis in a data compilation, to
enable them to make assessments of terrorist threats at strategic level. This
is done, in particular, in the framework of a tripartite working group of
analysts from the FRA, the Security Police and the Armed Forces, called the
National Centre for Assessment of Terrorist Threats. The Court considers
that the above regime is clearly circumscribed and does not appear to
generate a particular risk of abuse.
318. The Court further notes that the Chamber expressed concerns as
regards the Swedish arrangements on communicating data to foreign
Governments or international organisations, pointing to three issues: (a) that
the legislation does not require consideration of possible harm to the
individual concerned when making a decision about sharing; (b) that there is
no provision requiring the recipient State or organisation to protect the data
with the same or similar safeguards as those applicable under Swedish law
and; (c) that the possibility to communicate data when necessary for
“international defence and security cooperation” opens up for a rather wide
scope of discretion. The Chamber nevertheless considered that the
81