EU Court Rules Against Swedish Criminal Records Databases
The European Court of Justice has ruled that Swedish companies selling criminal court judgments, such as Lexbase, Krimfup, and MrKoll, violate GDPR regulations. The court determined that these companies do not qualify for exemptions related to journalistic activities. Goled Raabi, whose legal action prompted the case to be heard by the EU court, expressed satisfaction with the ruling. Raabi stated that the judgment confirms personal data is not for sale. This decision has significant implications for businesses that compile and sell access to public records containing personal information, particularly criminal records.
The EU Court of Justice's ruling clarifies the application of GDPR to companies aggregating and selling public criminal records, emphasizing that such data processing does not inherently fall under journalistic exemptions. This decision reinforces the principle of data minimization and purpose limitation within personal data protection frameworks. It highlights a potential systemic tension between the public's right to information and individuals' right to privacy, particularly concerning historical data. Future market dynamics may see a shift towards anonymized data or stricter consent mechanisms for companies operating in this data-brokering sector, potentially impacting business models reliant on broad access to sensitive personal information.
AI-generated to prompt reflection — not editorial opinion, not advice, not a statement of fact. How this works.