By CHRISTOPH ANDERSSON
written in February 1998
Iron Mountain. The snow is sparking in the bright sun. It is minus 28 degrees
Celsius outside. Next to the driver sits a man, properly dressed for the arctic
climate in Northern Sweden. His name: Lars Erik Johansson.
Occupation: Chief officer at the local board on Culture and leisure at
Gällivare Community.
"I want to show you the place where all the criminal activities are taking
place, according the authorities", Johansson laughs.
He is the man behind the idea using internet as a channel directly to the
citizens. An idea that is causing Gällivare much trouble.
" You have to be aware of that our Community is 100 kilometers
broad, 3000 kilometers long. That's as big as Belgium. Therefore
our citizens very seldom are able to check out what's going on by
visiting the Municipal office. But on internet they can easily
follow.
They can also directly influence the decisions by protesting or
coming with suggestions via e-mail".
The Cab stops outside the library of Malmberget. Two floors up the
community internetstaff is located. Sysop Stefan Vesterlund is sitting by his
PC and places disputed protocols on the homepage of Gällivare
"In case the minutes are not revised We´ll write some short newstories
about the most important decisions", he says.
Some desks away a women scans in old Photographs for the Electronic
Picture Archives of Gällivare. The Community picture archive contains over
30.000 pictures, a majority of them are showing people. The photographs
shall all be made available on the internet, but so far the lady only scanned
4000. All can be searched on the internet.
"Until now the public prosecutor and the Data inspection only responded to
our board protocols, containing names and other personal information. They
have not yet discovered the Picture archive. But I guess it's all just a matter
of time", Lars Erik Johansson says.
The fight started in August
Gällivares fight with government authorities started in August last year. At
that time Gällivares mayor Märit Palo and fellow politicians decided, on the
idea of Lars Erik Johansson, that the Swedish law on public access to
governmental documents, going back to 1766, also should apply on
Community board protocols and documents published on the internet.
Immediately after the politicians decision the IT-department started to put
out the protocols from Community board meetings as well as protocols from
the social board, culture and leisure board, technical board and the
environment board.
Later in August the alarm bell rang at the Data inspection in Stockholm, a
authority that keeps of track of any misuses on storing personal information
in big computer systems. General director Anitha Bondestams claims that
the Data inspection's most important task is "to bring back anonymity".
"Immediately I started to look at the Community homepage on the net",
Bondestams special officer on internet issues, Katarina Blomberg, says.
"It is perfectly all right to print names in Community protocols
and give people access to the documents according the public
access act from 1766, but it is not all right to do the same on the net".
She found many examples of what was considered to be a breach of the
Swedish data law and the regulations from the Data inspection:
On the Community web site names where listed of all the people in
Gällivare who requested the local community scholarship, handed
out by the board of
Culture.
Breach NR 2:
On the site also the name was listed on the person who finally got the
scholarship.
Breach NR 3:
On Gällivares site the names of community officers were made public,
as well as the names of citizens who have been writing complaints to
the Community. For example headmasters wanting more money
for their schools or a girl who requested a special ride on the school bus.
Neighbors fighting in
Purnaavara
"We also found a protocol from the environment office. Those papers did in
detail describe how two neighbors in the village of Purnuvaara fighted about
a drain system. All inwolwed did get their names published on the site,
which made us deeply concerned about the peoples right to integrity,
although none of them complained to us or to the Community", data officer
Blomberg says.
She points out the Inspection regulations DIFS 1996:3, § 6, based on the
Data law:
"All information as names, personal security number's or addresses
should be removed from all protocols, from other local board than
the community board or the regional board, made available to
the public via a terminal, the internet or similar open networks".
The only names allowed are the names of the politicians making the decisions.
This means that all Gällivares protocol
from the board of social welfare, leisure and culture, technical department
and environment are in breach of Swedish data law - if they contain names.
On the contrary its is allowed to publish names of people, but only in
protocols from the communal council or from the community board
meetings, as long as the mentioned persons "agreed to the registration and
handing out on the internet" (DIFS 1997:7).
"This is absolutely crazy", Lars-Erik Johansson says. "We can
not allow anyone to censor the community board protocols just
because they shall be put out on the internet. And why shall
we make a difference between the protocols from Community
board meetings and the board of culture and
leisure?"
The Data inspection gives no answer, just demands that Gällivare has to
anonymize all names in the protocols from the board of culture,
environment, technical board etc. In the case with the local scholarship
there should only be information saying "the following people requested the
scholarship: Name 1, Name 2, Name 3, Name 4".
"This is outrageous", Lars Erik Johansson protests. "Finally we have got a
new media, that could be used to deepen local democracy. But the
authorities in Stockholm say no. To be honest I must give them right at one
point. By mistake we also put out the register of the technical board, where
persons mentioned should become evicted from Community owned houses.
Although it was very wrong of us, its remarkable that we didn't get very
criticized. This was definitely a breach of the Swedish law on secrecy. Instead
the Data inspection wants to stop us putting out any names, regardless if it
applies under laws of secrecy or not".
The public
prosecutor reacts
In November public prosecutor Michael Lundquist in Luleå started an
investigation against Märit Palo and her fellow politicians in the Community
board. All where suspected for "Crime against the data law". Punishment:
Paying a fine or go to prison for up to one year.
"The police came here to interrogate us", Märit Palo says. "But we
find ourselves innocent. We think that the law on public access to
governmental documents from 1766, a vital part of the Swedish
constitution, is more worth than an old data protection law from
1973 and inaccurate Data inspection
regulations".
Prosecutor Lundquist has another opinion. It might be that the data law
from 1973 is to old an inaccurate. But still it is the law, and still general
director Bondestam, and internetofficer Blomberg have the right to make
sure that the law is followed. Furthermore it is forbidden to export personal
information to countries outside Sweden.
"That is also stated in a government proposal to a new law on personal files",
Michael Lundquist explains. "Sweden is not allowed to hand this kind of
information over to a third country. But this might be the case in Gällivare.
On the internet it is possible to get linked from other parts of the world to
Gällivare and read the community protocols, containing personal
information".
A short brake for
the politicians
Prosecutor Lundquist has given Märit Palo and fellow politicians a short
brake. His investigation is waiting for a Parliament decision on adapting the
use of personal information to the Data directive of the European Union,
which also forbids personal information within EU to get outside the union.
Irrespective of the law will be changed or not Märtit Palo and her fellow
colleagues will still get some kind of punishment. One the one hand the
governmental proposal states that publishing personal information on the
net no longer should be criminalized and a case for prosecution. On the
other the government wants special data officers as Kristina Blomberg to
take care of the problem by charging a high fine (Märit Palo: "What's the
difference for me as individual, really?")
"Of course there are several clever ways to go around this", Lars Erik
Johansson says. "One way is to give out a printed community paper,
with an internet issue as an complement. Another is to change the
community organization, where the environment board and the
culture board no longer exists. They are all a part of a huge
Community board. But why should we have to mess with all this.
Why doesn't Stockholm use common sense, that's
all we want".
Others also want to
be on the net
The Gällivare Case makes other Swedish communities afraid. Many of them
want to use internet the same way Gällivare does, but feel threatened by the
Data inspection and what the public prosecutors office might do. Yet some
Communities are carefully experimenting:
* In the Community of Helsingborg, close to Denmark, community officers
and politicians make a decision on what documents or protocols might "be
proper to hand out electronically". Than only these documents are placed in
a database, which can be reached through the net. But many documents
and protocols are missing.
* In the Community of Sundsvall the Data department wants to send out
protocols to the public by e-mail. People have to mail a listserver, which
automatically sends out the documents - with names and other personal
information. In that case no personal information has to be removed from
the documents and there will be no trouble with the Data inspection.
* In The Community of Uppsala there will soon be protocols on the net. But
the Community stresses all officials only to make "from our viewpoint
wanted" parts of the protocols public. That means that protocols on the net
will differ from the very same protocols at the Community office.
"Other ways on
writing protocols"
Also Gällivare has become more careful today than in the last year. The
Community has made it impossible for the search engines of the net to
register any information and any names from the Community protocols
(searching Altavista trying to find Märit Palos decisions in Community
protocols will give zero hits). The Community has also become more
restrictive showing the correspondence with data inspector Kristina
Blomberg on the Community web site. Her name has been removed from all
documents and replaced with "Name Nameson", but accidentally her direct
phone number has not been removed.
Mayor Märit Palo also wants protocols be written "in another way than
before".
"We should not give out so detailed information about people,
mentioned with their names" Palo says. "Neither on the net or
in the printed protocols.
Unfortunately this might decrease the quality of the content, but that is a
risk that we maybe have to take".
The Gällivare sysop Stefan Vesterlund already investigates how Gällivare can
make it impossible for site visitors to make serach requests on names. It is
possible to create a special database, containing all Swedish and foreign
names, especially Finnish and Samic. If anyone wants to make a search on a
person the system first asks the database if the question contains a name. If
the base answers yes all searches will result in no hits. Instead a visitor will
have to search all community protocols or the picture archive manually.
"It doesn't matter how hard Gällivare tries to handle the matter", Kristina
Blomberg at the Data inspection says. "The names are still presented on the
Gällivare site. Making it impossible to search does not solve the problem".
a threat to integrity?
second they will spread personal facts and information about Swedes all over
the world. The name Anitha Bondestam gives 29 hits, Kristina Blomberg 10,
Michael Lundquist 29, Lars Erik Johansson 33 and Märit Palo 11 (not
necessarily hits on the very same people mentioned in this article, but still
hits on people with the same names).
"That is a integrity problem", Kristina Blomberg states.
The Data inspection can´t do anything about the engines outside Sweden,
but they have jurisdiction to start investigations on engines located in the
Kingdom of Sweden. They have also jurisdiction to react against all swedish
sites; businesses, organizations, schools, trade unions and others. For
example is it a breach of law to give an account from a Union Congress or a
meeting, where Union representatives or Employer representatives are
criticized by name.
"As a principle we demand that all people mentioned in those kinds
of accounts or articles first should give their permission", Kristina
Blomberg says. "In other case it is not allowed to put their
names on the net. But I have also to admit that it is a very
difficult question. The law is very much behind the rapid
technical development. Therefore we are very excited on
how the prosecutor will handle the case of Gällivare community.
It will become a precedent case".
CHRISTOPH ANDERSSON
Since this article was written in Febuary 1998 the Data inspection has
decided to permit Gällivare to put out protocols containing names on
the net, but only with mentioned people's permission. But nor Gällivare
or other Communities are allowed to put out registers or other
public documents with names, only protocols.
________________________________________________
©
Christoph Andersson, all rights reserved
Box 49 053 S-100 28 Stockholm Sweden Tele/Fax
0046-8-190907
E-mail: eurorep@algonet.se
This page is a part of the site "Personuppgiftslagen
och yttrandefriheten"
produced by Christoph Andersson and Susanne Bertman in June 1998 as a final
project for the course "Global electronic journalism", JMK, Stockholm university
http://www.jmk.su.se/global/global98/private/christop/finalpro/pul.htm