A guide to internet privacy in Sweden – how to bypass it with a Swedish VPN

[[post-object type=”article-stats” country=”sweden” provider=”expressvpn” image=”https://cdn.proprivacy.com/storage/images/proprivacy/2020/11/swedenjpg-featured_image-default.png” social=”true” news=”true” /]]

With 94 percent of the population with access to the internet, connection prices far below the European average and the second fastest internet speeds in the world, Sweden is a haven for internet users. Sweden has almost no censorship. It also has a fairly relaxed attitude to copyright infringement, although this is changing.

When it comes to surveillance, however, all communications in and out of the country are monitored by the Swedish Defence Radio Authority (FRA), which has a close working relationship with the NSA.

Political Overview

Sweden is a parliamentary monarchy with a healthy multi-party political system. Its elections are free and fair, and Sweden is a world leader in terms of political rights and civil liberties.

In recent years, however, there has been a disturbing growth of anti-immigrant sentiment and support for right-wing; populist politics.

There have been a number of terrorist incidences, the worst of which was by a self-described ISIS recruit who in 2017 drove a truck into a crowd of shoppers killing five. ISIS never claimed responsibility for the attack, however, and most terrorist incidents have been carried out by Neo-Nazis groups.

Government Surveillance

Even before Sweden passed the FRA law in 2009, Privacy International ranked Sweden’s privacy protection second worst in the EU.

The FRA law, however, gave the National Defence Radio Authority (Försvarets radioanstalt) powers to wiretap all telephone and Internet traffic that crossed Sweden’s borders in order to combat foreign threats. It should be noted that this is something which it has been suspected of doing long beforehand.

Following the public outcry over the legislation being too far-reaching, the FRA law was quickly amended to require a court order on a case-by-case basis.

In a 2018 ruling that surprised many observers, the European Court of Human Rights found that

[[post-object type=”blockquote” author=”European Court of Human Rights”]]Although there were some areas for improvement, overall the Swedish system of bulk interception provided adequate and sufficient guarantees against arbitrariness and the risk of abuse.[[/post-object]]

The EU Data Retention Directive

Sweden was always very reluctant about implementing the 2006 EU Data Retention Directive, which required telecoms providers to store data such as websites visited, a phone call made, emails sent for at least 12 months.

When it had still not been implemented in 2010, the European Court of Justice (ECJ) was forced to make a ruling demanding it be actioned. Even when it eventually implemented the law in 2012, Sweden reduced the minimum retention time to 6 months.

In 2013, the ECJ imposed a €3 million penalty on Sweden for failing to fulfill its obligations under European Law by delaying local implementation of the DRD for so long. However, in April 2014 Sweden declared the DRD invalid quoting:

[[post-object type=”blockquote” author=””]]interfere(ing) in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data.[[/post-object]]

As the reason. In 2019, things remain uncertain, as with most EU countries, and despite the very clear ECJ ruling, Sweden has made no move to remove local implantation of the DRD from its statute books.

Unlike in other EU countries, however, Swedish ISPs have taken matters into their own hands. Following the ruling, Bahnhof, Talia, Tele2, and Three, on their own initiative not only stopped collecting customers’ data but also permanently deleted all old records.

As far as we can determine these ISPs continue to not log their customers’ data, and neither the Swedish Prosecution Authority or the Swedish Post and Telecom Authority (PTS) have shown any interest in pursuing the matter further.

It is also worth noting that when the DRD was transposed into national law, Sweden never applied it to VPN providers. This means that Swedish VPN services are not required in any way by law to keep logs.

For more information about VPN services and for a list of the best VPNs to use when you’re in Sweden, check out our best VPN for Sweden page.

Unsurprisingly, copyright piracy is popular in Sweden, and in the past, the laws have been fairly relaxed in regard to it. In 2009, however, Sweden transposed the EU directive on intellectual property rights enforcement (IPRED) into local law (a legal challenge on human rights grounds was quashed by the European Court of Justice in 2012).

Local implementation of the law allows heavy file sharers to be jailed and compels ISPs to hand over suspects’ details upon a court order. Swedish implementation of IPRED does not, however, cut off offenders’ internet access and Swedish courts have ruled that the right to privacy of suspected occasional file sharers trumps the interests of copyright holders. This has limited the scope of the law to serious cases.

Many Swedish users have started to adopt VPNs in order to carry on P2P downloading as before, and with many Swedish ISPs now refusing to keep logs, enforcement of IPRED is difficult.

This could soon change, responding to a 2018 report which found that penalties in Sweden appear to be low compared to those in other countries, Sweden’s Minister for Justice has proposed tough new laws designed to tackle large-scale copyright infringement and serious trademark infringement. This includes a six months minimal jail sentence. These changes are set to come into force on 1 July 2019.

Censorship

Sweden is a very free country, and internet censorship is minimal. However, service providers must remove information relating to things such as the instigation of rebellion, racial agitation, child pornography, and illegal description of violence.

Other than these obvious exceptions, there are few limits. As an EU member, though, search engines operating in Sweden must comply with valid requests made under the ECJ’s right to be forgotten ruling to remove content about individuals which is no longer deemed to be in the public interest.

Unlike many other European countries, no blocking of websites that promote copyright infringement is performed in Sweden.