Swedish IMY, formerly Datainspektionen, fines the Swedish Police Authority administrative sanction fee of €250 000 for violations of the Criminal Data Act. For the Swedish public sector, the maximum fine is €1M, so this constitutes as much as 25% of the theoretical maximum fine.

A few employees have used the Clearview AI software for facial recognition, even though the app was not provided by the Police Authority.

– There are clearly defined rules and regulations on how the Police Authority may process personal data, especially for law enforcement purposes. It is the responsibility of the Police to ensure that employees are aware of those rules, says Elena Mazzotti Pallard, legal advisor at IMY.

Data protection legislation demands that both organizational and technical measures are taken to ensure personal integrity, where continuous improvements are a central part.

Data protection is therefore largely reminiscent of systematic working environment frameworks, which can only be realized if staff are included and involved.

IMY therefore also instructs the police to train their staff, almost 33,000 employees, to ensure that they do not handle personal data in violation of current data protection legislation and internal routines.

In Aigine Inventory, inclusion is a vital part of the process of securing, documentation, management, and governance of personal data. It is often only the individual employee who can know if there is a purpose to the processing and to develop the same “spinal reflex” as in the work environment area, the staff must be allowed to reflect on their own behavior and actions.

This is achieved by continuously involving individuals in the process of reviewing AI’s automatic classification and at the same time providing them with contextual training in data protection linked to the specific information and its processing.