Law Library Stacks

Back to Foreign Intelligence Gathering Laws

Summary

Signal surveillance is regulated by Swedish law.  Only the National Defense Radio Establishment may carry out surveillance and only on cross-border communications. Information may be requested by the government, the military, and the police.  Sweden’s surveillance legislation has received widespread criticism, including from the European Parliament, on the grounds that it fails to adequately protect privacy and may violate the European Convention on Human Rights.  Specific privacy protection regulations that pertain to surveillance information are in place.

I.  Legislative Framework

Collection of intelligence data by signal surveillance is carried out by Försvarets Radioanstalt (FRA) (the National Defense Radio Establishment)[1] and is governed by the Act on Signal Surveillance for Defense Intelligence Activities, commonly referred to as the FRA legislation.[2]  Surveillance is also limited by the more general Act on Defense Intelligence Activity.[3]

A.  Requirements

Collection of intelligence data by signal surveillance can be requested only by the government, government offices, the Swedish Armed Forces, the Swedish Security Service (Police), and the National Operative Department of the Police.[4]  Such collection requires prior authorization from the Defense Intelligence Court[5] and can only be carried out to determine

  1. external military threats against the country,
  2. conditions for Swedish involvement in peace promotion and humanitarian international missions or threats against the security of Swedish interests during such missions,
  3. strategic relationships regarding international terrorism and other significant transborder crimes that can threaten important national interests,
  4. the development and spread of weapons of mass destruction, military material and products covered in the law (SFS 2000:1064) on control of products with dual uses and technical assistance,
  5. serious external threats against the society’s infrastructure,
  6. conflicts abroad with consequences to international security,
  7. foreign intelligence activity against Swedish interests, or
  8. the conduct or intentions of foreign government powers that are of considerable importance to Swedish foreign, security or defense policy.[6]

If necessary for security defense intelligence operations, signals in electronic form may also be collected to

  1. follow changes in the signal environment abroad, technical developments and signal protection and
  2. continuously develop the technology and methods needed to carry out its activity in accordance with this law (2009:967).[7]

The court may grant an application for surveillance only if it conforms to the purposes of the surveillance legislation and the Act on Defense Intelligence Activity, the intelligence need cannot be met in a less invasive manner, and the value of the surveillance clearly outweighs the violations against integrity (human rights).[8]  In addition, the application cannot be limited to one specific, physical individual.[9]  The Swedish Defense may cooperate with foreign governments in the collection of the abovementioned information.[10]

B.  Limitations

The Act on Signal Surveillance limits the scope, duration, and subjects of signal surveillance.  The main limitation is that signal surveillance may cover only cross-border communications.[11]  Thus, communications that take place solely within the borders of Sweden cannot be legally collected through signal surveillance.  However, these limits do not apply to “senders and receivers on foreign state ships, foreign state aircrafts or military vehicles.”[12]  Domestic surveillance is instead covered by the Swedish law implementing the European Union Data Retention Directive.[13]  Moreover, surveillance cannot be targeted against one specific individual alone,[14] and may be approved only for a period of six months at a time.[15]

Once collected, stored information must be destroyed by the FRA under certain circumstances—for example, if information on an individual lacks importance to the investigation[16] or the “information was communicated during religious confession or private care of the soul, unless there are exceptional reasons to collect the information.”[17]

Back to Top

II.  Privacy

Specific privacy legislation deals with the treatment of personal data collected by the FRA.[18]  Individuals have the right to inquire whether they are included in the material collected by the FRA.[19]  Requests for such information may be made once a year and must be answered within four months.[20]  Information may be withheld if secrecy requires it.[21]

Stored data can be shared only with foreign or multinational entities if the information is not protected by secrecy and sharing it is required for the FRA to fulfill its international commitments.[22]  However, the government has the right to issue regulations that allow secret information to be transferred if considered necessary for the operations of the FRA.[23]  The FRA must employ security measures to safeguard personal information.[24]

Only decisions on correction requests and communications of information to third parties may be appealed.[25]  Under certain circumstances, such as when information collection constitutes a violation of personal integrity, the state can be held liable for damages to an individual whose information was illegally obtained.[26]

Sweden has been criticized by the European Parliament for its legislation on signal surveillance, especially as it pertains to privacy protections and its oversight, on the ground that it may violate the European Convention on Human Rights.[27]

Back to Top

III.  Oversight Authorities

Sweden has two different oversight authorities for signal intelligence gathering.  The oversight authority that oversees the FRA’s compliance with the Signal Surveillance Act is Statens inspektion för försvarsunderrättelseverksamheten (Siun),[28] whereas the Swedish Data Inspection Board is responsible for the oversight of privacy issues, specifically how information is stored and shared between agencies.[29]  In this capacity the Data Inspection Board has the right to access personal information that has been stored, obtain information about the storage and protection of the collection, and access facilities containing the information.[30]  The Board is also responsible for trying to ensure the correction of possible violations.[31]  The oversight authority may initiate court proceedings before the district administrative court to have illegally collected information erased.[32]  However, the information may not be erased if erasing it is deemed unreasonable.[33]

All government activity is also overseen by the Riksrevisionen (Swedish National Audit Office).[34]  In 2015 the Riksrevisionen published a report on FRA surveillance,[35] and has issued a number of recommendations on how FRA surveillance is handed, specifically focusing on the need for Siun to improve its practices for documenting and justifying its activities.[36]

Back to Top

Prepared by Elin Hofverberg
Foreign Law Research Consultant
June 2016


[1] In English, FRA, http://www.fra.se/snabblankar/english.10.html (last visited June 8, 2016), archived at https://perma.cc/HHG7-MYLA.  

[2] Lag om signalspaning i försvarsunderrättelseverksamhet [Act on Signal Surveillance for Defense Intelligence Activities] (Svensk författningssamling [SFS] 2008:717), https://www.riksdagen.se/sv/dokument-lagar/dokument/svensk-forfattningssamling/lag-2008717-om-signalspaning-i_sfs-2008-717, archived at https://perma.cc/K66V-B8DY.

[3] Lag om försvarsunderrättelseverksamhet [Act on Defense Intelligence Activities] (SFS 2000:130), https://lagen.nu/2000:130, archived at https://perma.cc/YJP8-YSQW.

[4] 4 § Act on Signal Surveillance.

[5] Id. 4 § 3 para. 

[6] Id. 1 § 2 para. (all translations by author).

[7] 1 § 3 para.

[8] Id. 5 §. 

[9] Id.

[10] Id. 9 §; 3 § Act on Defense Intelligence Activities.

[11] 2a § Act on Signal Surveillance.

[12] Id. 2a § 2 para.

[13] The domestic Lagen om elektronisk kommunikation [Act on Electronic Communication] (SFS 2003:389), https://lagen.nu/2003:389, archived at https://perma.cc/FX2M-P3HB, is still in force following the EU Court of Justice’s invalidation in 2014 of the Data Retention Directive.  Case C-293/12, Digital Rights Ireland Ltd. v. Minister for Communications, Marine & Natural Res., 2014 E.C.R (2014), http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:62012CJ0293&rid=1, archived at https://perma.cc/MS7G-2DP2.  For further discussion, see the EU survey.

[14] 4 § 3 para. Act on Signal Surveillance.

[15] Id. 5a § 5 item.

[16] Id. 7 §.

[17] Id.

[18] Lag om behandling av personuppgifter i Försvarsmaktens försvarsunderrättelseverksamhet och militära säkerhetstjänst (SFS 2007:258) [Act on the Treatment of Personal Information for the Intelligence Activities of the Swedish Defense and Military Security Service], https://www.notisum.se/ rnp/sls/lag/20070258.htm, archived at https://perma.cc/DVL6-Q5XR; Lag om behandling av personuppgifter i Försvarets radioanstalts försvarsunderrättelse- och utvecklingsverksamhet [Act on the Treatment of Personal Information in the FRA’s Intelligence and Development Activities] (SFS 2007:259), https://www.notisum.se/rnp/sls/lag/20070259.htm, archived at https://perma.cc/TR4J-AKWK.

[19] Id. 2 ch. 1 § Act on the Treatment of Personal Information in the FRA’s Intelligence and Development Activities.

[20] Id.

[21] Id. 2 ch. 3 §.

[22] Id. 1 ch. 17 §.

[23] Id.

[24] Id. 3 ch. 2 §.

[25] Id. 3 ch. 3 §.

[26] 2 ch. 5 §.

[27] EU Scrutinizes Sweden’s Surveillance Capacities, Sveriges Radio (Nov. 8, 2013), http://sverigesradio.se/sida/ artikel.aspx?programid=2054&artikel=5698572, archived at https://perma.cc/DNZ8-UPP9; Draft Report on the US NSA Surveillance Programme, Surveillance Bodies in Various Member States and Their Impact on EU Citizens’ Fundamental Rights and on Transatlantic Cooperation in Justice and Home Affairs, Eur. Parl. Doc. (2013/2188(INI)) (Jan. 8, 2014), http://www.europarl.europa.eu/meetdocs/2009_2014/documents/libe/dv/moraes_ 1014703_/moraes_1014703_en.pdf, archived at https://perma.cc/EME7-EW2A.

[28] 2 § Förordning med instruktion för Statens inspektion för försvarsunderrättelseverksamheten [Regulation with Instructions for State Inspection of the Defense Intelligence Activity] (SFS 2009:969), http://www.riksdagen.se/sv/ Dokument-Lagar/Lagar/Svenskforfattningssamling/Forordning-2009969-med-inst_sfs-2009-969, archived at https://perma.cc/83WS-VBPG.

[29] Förordning med instruktion för Datainspektionen [Regulation with Instructions for the Data Inspection Board] (SFS 2007:975), http://www.riksdagen.se/sv/Dokument-Lagar/Lagar/Svenskforfattningssamling/Forordning-2007975-med-inst_sfs-2007-975, archived at https://perma.cc/A5JE-BBJ6.

[30] 5 ch. 2 § Act on the Treatment of Personal Information in the FRA’s Intelligence and Development Activities.

[31] Id. 5 ch. 3 §.

[32] Id. 5 ch. 4 §.

[33] Id. 5 ch. 4 § 2 para.

[34] 2 § Lag om revision av statlig verksamhet m.m. [Act on Audits of Government Activities (SFS 2002:1022), https://www.notisum.se/rnp/sls/lag/20021022.htm, archived at https://perma.cc/CMY2-L5EV.

[35] Riksrevisionen, Kontroll av försvarsunderrättelseverksamheten [Control of Defense Intelligence Activities] (RIR 2015:2), http://www.riksrevisionen.se/PageFiles/21131/RiR_2015_02_Anpassad. pdf, archived at https://perma.cc/J7LF-UXB2.

[36] Id. at 13.