10.6.3 General, undifferentiated data retention to protect national security
“Proposal of an Act (2025:000) concerning retention of and access to data related to electronic communication for the purpose of protecting national security.” The act has a counterpart in the Danish rpl. § 786 e.
A data retention order may be issued if there is a “serious threat against Swedish security that is real and present or foreseeable.” Pursuant to § 3, an order may be issued only if deemed “strictly necessary” (“absolut nödvändigt”) to protect national security. The order shall be limited only to concern that which is strictly necessary for the purpose, concerning,
The providers that should retain data,
The duration of the data retention period, and
The data comprised by the order.
The order may be made by the Police Security Service (Säkerhetspolisen). Prior to making the decision the Service shall seek advice from the Military Defence (§ 2).
The order may be issued for 1 year as a maximum (§ 2 second para.) and be prolonged if the threat against Sweden persists. An order must generally not exceed what is necessary for the purpose (§ 3 no. 2) and shall be repealed once the reason for the order ceases to exist (§ 2 second para.).
There is an oversight mechanism provided by a national public authority to be designated by the Government (§§ 4 and 7).
10.6.4 Targeted data retention to combat serious crime
“Proposal of an Act (2025:000) concerning retention of data related to electronic communication for the purpose of combating serious crime.”
Data retention in a specific geographic area. (Danish counterpart in rpl. § 786 c).
Data retention shall be performed in “specific municipalities” (vissa kommuner), where the level of reported crime is on par with or exceeds the aggregate national crime rate (§§ 2 and 3). The Post and Telecom Authority shall determine the municipalities that shall have to retain data, and do this on an annual basis not later than 1 June (§ 4).
Extended targeted data retention. (The provisions do roughly correspond to the Danish rpl. §§ 786 b to 786 d).
Data retention in a specific area may be supplemented with a decision about extended targeted data retention by the Police Authority, the Police Security Service or the Customs Authority. The decision is not subject to complaint (§ 11).
The decision may concern:
A delimited geographical area where offences as mentioned in RB 27:19 third para., is committed, or is likely to be committed; Maximum retention period: 1 year.
A place worthy of protection (Danish counterpart: rpl. § 786 c second para.). Maximum retention period: 3 years.
A person who is or has been subject to (Maximum retention period: 1 year)
secret coercive measures as set out in RB,
secret computer surveillance, as per law (2020:62) about secret computer surveillance
a decision pursuant to EIA (collection of data for intelligence purposes),
a person who has been sentenced or accepted punishment regarding an offence as mentioned in no. 1 (Maximum retention period: 1 year).
Communications equipment or subscriber identity used or likely to be used in the commitment of an offence as mentioned in no, 1, or in criminal activity (brottslig verksamhet) involving such offences. Maximum retention period: 1 year.
The data retention periods are specified in § 8.
The Swedish provisions do not require a court decision to retain data. The Danish rpl. § 786 d stands out in this regard. However, decisions about extended targeted data retention shall be subject to oversight by the Committee for the Protection of Security and Integrity (Säkerhets- och integritetsskyddsnämnden) (Law (2007:980).
10.6.5 Access to data
Retained data may be accessed pursuant § 11, according to a decision about secret interception or secret electronic surveillance pursuant to RB 27:18 and 27:19, or a permission issued pursuant to the EIA. Data retained for the sake of protecting national security may be accessed solely for that purpose (§ 21 second para.).