Why community protocols
on the net are an offense

This is the story about Gällivare Community in northern Sweden, where the Community board decided to put out its protocols on the net. But the Swedish Data inspection and the local prosecutor considerd the Gällivare experiment on local democracy to be an offense.

By CHRISTOPH ANDERSSON
written in February 1998

The black cab is driving to the small town of Malmberget, in English The
Iron Mountain. The snow is sparking in the bright sun. It is minus 28 degrees
Celsius outside. Next to the driver sits a man, properly dressed for the arctic
climate in Northern Sweden. His name: Lars Erik Johansson.
Occupation: Chief officer at the local board on Culture and leisure at
Gällivare Community.
"I want to show you the place where all the criminal activities are taking
place, according the authorities", Johansson laughs.
He is the man behind the idea using internet as a channel directly to the
citizens. An idea that is causing Gällivare much trouble.

" You have to be aware of that our Community is 100 kilometers
broad, 3000 kilometers long. That's as big as Belgium. Therefore
our citizens very seldom are able to check out what's going on by
visiting the Municipal office. But on internet they can easily
follow.
They can also directly influence the decisions by protesting or
coming with suggestions via e-mail".


Crime scene: The local library

The Cab stops outside the library of Malmberget. Two floors up the
community internetstaff is located. Sysop Stefan Vesterlund is sitting by his
PC and places disputed protocols on the homepage of Gällivare
"In case the minutes are not revised We´ll write some short newstories
about the most important decisions", he says.
Some desks away a women scans in old Photographs for the Electronic
Picture Archives of Gällivare. The Community picture archive contains over
30.000 pictures, a majority of them are showing people. The photographs
shall all be made available on the internet, but so far the lady only scanned
4000. All can be searched on the internet.
"Until now the public prosecutor and the Data inspection only responded to
our board protocols, containing names and other personal information. They
have not yet discovered the Picture archive. But I guess it's all just a matter
of time", Lars Erik Johansson says.

The fight started in August

Gällivares fight with government authorities started in August last year. At
that time Gällivares mayor Märit Palo and fellow politicians decided, on the
idea of Lars Erik Johansson, that the Swedish law on public access to
governmental documents, going back to 1766, also should apply on
Community board protocols and documents published on the internet.
Immediately after the politicians decision the IT-department started to put
out the protocols from Community board meetings as well as protocols from
the social board, culture and leisure board, technical board and the
environment board.
Later in August the alarm bell rang at the
Data inspection in Stockholm, a
authority that keeps of track of any misuses on storing personal information
in big computer systems. General director Anitha Bondestams claims that
the Data inspection's most important task is "to bring back anonymity".

"Immediately I started to look at the Community homepage on the net",
Bondestams special officer on internet issues, Katarina Blomberg, says.
"It is perfectly all right to print names in Community protocols
and give people access to the documents according the public
access act from 1766, but it is not all right to do the same on the net".


She found many examples of what was considered to be a breach of the
Swedish data law and the regulations from the Data inspection:
  • Breach NR 1:
    On the Community web site names where listed of all the people in
    Gällivare who requested the local community scholarship, handed
    out by the board of
    Culture.
    Breach NR 2:
    On the site also the name was listed on the person who finally got the
    scholarship.
    Breach NR 3:
    On Gällivares site the names of community officers were made public,
    as well as the names of citizens who have been writing complaints to
    the Community. For example headmasters wanting more money
    for their schools or a girl who requested a special ride on the school bus.
  • Neighbors fighting in Purnaavara

    "We also found a protocol from the environment office. Those papers did in
    detail describe how two neighbors in the village of Purnuvaara fighted about
    a drain system. All inwolwed did get their names published on the site,
    which made us deeply concerned about the peoples right to integrity,
    although none of them complained to us or to the Community", data officer
    Blomberg says.
    She points out the Inspection regulations DIFS 1996:3, § 6, based on the
    Data law:

    "All information as names, personal security number's or addresses
    should be removed from all protocols, from other local board than
    the community board or the regional board, made available to
    the public via a terminal, the internet or similar open networks".


    The only names allowed are the names of the politicians making the decisions.
    This means that all Gällivares protocol
    from the board of social welfare, leisure and culture, technical department
    and environment are in breach of Swedish data law - if they contain names.
    On the contrary its is allowed to publish names of people, but only in
    protocols from the communal council or from the community board
    meetings, as long as the mentioned persons "agreed to the registration and
    handing out on the internet" (DIFS 1997:7).

    "This is absolutely crazy", Lars-Erik Johansson says. "We can
    not allow anyone to censor the community board protocols just
    because they shall be put out on the internet. And why shall
    we make a difference between the protocols from Community
    board meetings and the board of culture and
    leisure?"


    The Data inspection gives no answer, just demands that Gällivare has to
    anonymize all names in the protocols from the board of culture,
    environment, technical board etc. In the case with the local scholarship
    there should only be information saying "the following people requested the
    scholarship: Name 1, Name 2, Name 3, Name 4".
    "This is outrageous", Lars Erik Johansson protests. "Finally we have got a
    new media, that could be used to deepen local democracy. But the
    authorities in Stockholm say no. To be honest I must give them right at one
    point. By mistake we also put out the register of the technical board, where
    persons mentioned should become evicted from Community owned houses.
    Although it was very wrong of us, its remarkable that we didn't get very
    criticized. This was definitely a breach of the Swedish law on secrecy. Instead
    the Data inspection wants to stop us putting out any names, regardless if it
    applies under laws of secrecy or not".

    The public prosecutor reacts

    In November public prosecutor Michael Lundquist in Luleå started an
    investigation against Märit Palo and her fellow politicians in the Community
    board. All where suspected for "Crime against the data law". Punishment:
    Paying a fine or go to prison for up to one year.

    "The police came here to interrogate us", Märit Palo says. "But we
    find ourselves innocent. We think that the law on public access to
    governmental documents from 1766, a vital part of the Swedish
    constitution, is more worth than an old data protection law from
    1973 and inaccurate Data inspection
    regulations".


    Prosecutor Lundquist has another opinion. It might be that the data law
    from 1973 is to old an inaccurate. But still it is the law, and still general
    director Bondestam, and internetofficer Blomberg have the right to make
    sure that the law is followed. Furthermore it is forbidden to export personal
    information to countries outside Sweden.
    "That is also stated in a government proposal to a new law on personal files",
    Michael Lundquist explains. "Sweden is not allowed to hand this kind of
    information over to a third country. But this might be the case in Gällivare.
    On the internet it is possible to get linked from other parts of the world to
    Gällivare and read the community protocols, containing personal
    information".

    A short brake for the politicians

    Prosecutor Lundquist has given Märit Palo and fellow politicians a short
    brake. His investigation is waiting for a Parliament decision on adapting the
    use of personal information to the Data directive of the European Union,
    which also forbids personal information within EU to get outside the union.
    Irrespective of the law will be changed or not Märtit Palo and her fellow
    colleagues will still get some kind of punishment. One the one hand the
    governmental proposal states that publishing personal information on the
    net no longer should be criminalized and a case for prosecution. On the
    other the government wants special data officers as Kristina Blomberg to
    take care of the problem by charging a high fine (Märit Palo: "What's the
    difference for me as individual, really?")

    "Of course there are several clever ways to go around this", Lars Erik
    Johansson says. "One way is to give out a printed community paper,
    with an internet issue as an complement. Another is to change the
    community organization, where the environment board and the
    culture board no longer exists. They are all a part of a huge
    Community board. But why should we have to mess with all this.
    Why doesn't Stockholm use common sense, that's
    all we want".


    Others also want to be on the net

    The Gällivare Case makes other Swedish communities afraid. Many of them
    want to use internet the same way Gällivare does, but feel threatened by the
    Data inspection and what the public prosecutors office might do. Yet some
    Communities are carefully experimenting:
    * In the
    Community of Helsingborg, close to Denmark, community officers
    and politicians make a decision on what documents or protocols might "be
    proper to hand out electronically". Than only these documents are placed in
    a database, which can be reached through the net. But many documents
    and protocols are missing.
    * In the Community of
    Sundsvall the Data department wants to send out
    protocols to the public by e-mail. People have to mail a listserver, which
    automatically sends out the documents - with names and other personal
    information. In that case no personal information has to be removed from
    the documents and there will be no trouble with the Data inspection.
    * In The Community of
    Uppsala there will soon be protocols on the net. But
    the Community stresses all officials only to make "from our viewpoint
    wanted" parts of the protocols public. That means that protocols on the net
    will differ from the very same protocols at the Community office.

    "Other ways on writing protocols"

    Also Gällivare has become more careful today than in the last year. The
    Community has made it impossible for the search engines of the net to
    register any information and any names from the Community protocols
    (searching Altavista trying to find Märit Palos decisions in Community
    protocols will give zero hits). The Community has also become more
    restrictive showing the correspondence with data inspector Kristina
    Blomberg on the Community web site. Her name has been removed from all
    documents and replaced with "Name Nameson", but accidentally her direct
    phone number has not been removed.
    Mayor Märit Palo also wants protocols be written "in another way than
    before".

    "We should not give out so detailed information about people,
    mentioned with their names" Palo says. "Neither on the net or
    in the printed protocols.
    Unfortunately this might decrease the quality of the content, but that is a
    risk that we maybe have to take".


    The Gällivare sysop Stefan Vesterlund already investigates how Gällivare can
    make it impossible for site visitors to make serach requests on names. It is
    possible to create a special database, containing all Swedish and foreign
    names, especially Finnish and Samic. If anyone wants to make a search on a
    person the system first asks the database if the question contains a name. If
    the base answers yes all searches will result in no hits. Instead a visitor will
    have to search all community protocols or the picture archive manually.
    "It doesn't matter how hard Gällivare tries to handle the matter", Kristina
    Blomberg at the Data inspection says. "The names are still presented on the
    Gällivare site. Making it impossible to search does not solve the problem".


    Search engines -
    a threat to integrity?

    Anyhow the Data inspection is not fond of search engines either. In a short
    second they will spread personal facts and information about Swedes all over
    the world. The name Anitha Bondestam gives 29 hits, Kristina Blomberg 10,
    Michael Lundquist 29, Lars Erik Johansson 33 and Märit Palo 11 (not
    necessarily hits on the very same people mentioned in this article, but still
    hits on people with the same names).

    "That is a integrity problem", Kristina Blomberg states.

    The Data inspection can´t do anything about the engines outside Sweden,
    but they have jurisdiction to start investigations on engines located in the
    Kingdom of Sweden. They have also jurisdiction to react against all swedish
    sites; businesses, organizations, schools, trade unions and others. For
    example is it a breach of law to give an account from a Union Congress or a
    meeting, where Union representatives or Employer representatives are
    criticized by name.

    "As a principle we demand that all people mentioned in those kinds
    of accounts or articles first should give their permission", Kristina
    Blomberg says. "In other case it is not allowed to put their
    names on the net. But I have also to admit that it is a very
    difficult question. The law is very much behind the rapid
    technical development. Therefore we are very excited on
    how the prosecutor will handle the case of Gällivare community.
    It will become a precedent case".


    CHRISTOPH ANDERSSON

    Since this article was written in Febuary 1998 the Data inspection has
    decided to permit Gällivare to put out protocols containing names on
    the net, but only with mentioned people's permission. But nor Gällivare
    or other Communities are allowed to put out registers or other
    public documents with names, only protocols.

    ________________________________________________

      © Christoph Andersson, all rights reserved
    Box 49 053 S-100 28 Stockholm Sweden Tele/Fax 0046-8-190907

    E-mail:
    eurorep@algonet.se

    This page is a part of the site "Personuppgiftslagen och yttrandefriheten"
    produced by Christoph Andersson and Susanne Bertman in June 1998 as a final
    project for the course "Global electronic journalism", JMK, Stockholm university
    http://www.jmk.su.se/global/global98/private/christop/finalpro/pul.htm