La digitalizzazione dell’amministrazione svedese è stata per decenni al centro dell’attenzione del Governo e del legislatore, con l’esplicito obiettivo di essere il «migliore al mondo» nell’utilizzare le possibilità offerte dalla stessa. Le autorità pubbliche svedesi sono state le prime ad adottare ed utilizzare procedure decisionali automatizzate, sin dal 1970. Gli effetti su due ambiti centrali per il diritto costituzionale e amministrativo svedese sono qui affrontati: il diritto amministrativo generale, con particolare attenzione al processo decisionale amministrativo, e le regole di trasparenza ed accesso ai documenti. Le risposte normative nei due settori differiscono. Mentre le preoccupazioni relative agli effetti negativi della digitalizzazione sull’accesso ai documenti hanno spinto il legislatore svedese a includere le registrazioni digitali tra i documenti che rientrano nel diritto di accesso già negli anni ’70, il diritto amministrativo generale è stato adattato in misura molto limitata. Nel corso degli anni il governo ha commissionato diverse indagini governative sulle sfide tecniche, sociali e legali della digitalizzazione dell’amministrazione, ma le principali conclusioni in merito all’idoneità del processo decisionale automatizzato sono state lasciate all’amministrazione e ai tribunali e se ne possono individuare due ragioni. In primo luogo, l’obiettivo da lungo tempo perseguito è che le norme procedurali amministrative siano neutrali dal punto di vista tecnologico, per non diventare obsolete in futuro. In secondo luogo, le autorità amministrative detengono una posizione forte e parzialmente indipendente nel contesto costituzionale svedese, unita a una tradizione di pragmatismo. Si fa quindi affidamento sul fatto che le autorità amministrative eseguano il loro processo decisionale in conformità con la legge, sia che le procedure vengono eseguite manualmente, sia digitalmente o con mezzi automatizzati. Sicché i tribunali svedesi si sono finora astenuti dall’intervenire. Tuttavia, è chiaro che il panorama del diritto amministrativo svedese per quel che concerne il processo decisionale automatizzato contiene diverse e centrali lacune, che dovrebbero venire colmate al fine di salvaguardare il principio di buona amministrazione e lo Stato di diritto.
Digitalization of the Swedish administration has been the center of attention for the Government and legislator for decades, with the explicit goal of being the «best in the world» at using the possibilities of digitalization. The Swedish public authorities were early adapters and have utilized automated decision-making procedures since the 1970’s. The effects on two areas central to Swedish constitutional and administrative law are addressed here: general administrative law, with a focus on administrative decision-making, and transparency rules and access to documents. The regulatory responses in the two areas differ. While concerns regarding the negative effects of digitalization on access to documents prompted the Swedish legislator to include digital recordings among documents encompassed by the right to access already in the 1970s, general administrative law has been adapted to a very limited extent. The Government has over the years commissioned several governmental enquiries on technical, societal, and legal challenges of digitalization of the administration, but the main conclusions in regard to the suitability of automated decision-making have been left to the administration and the courts. Two reasons can be identified. First, it has been a longstanding aim that administrative procedural rules are to be technology-neutral, in order not to become obsolete through future developments. Second, administrative authorities hold a strong and partially independent position in the Swedish constitutional setting, combined with a tradition of pragmatism. Authorities can thus be trusted to perform their decision-making in accordance with the law, whether the procedures are carried out manually, digitally, or by automated means. Swedish courts have thus far refrained from intervening. Still, it is clear that the Swedish administrative law landscape in automated decision-making contains several central lacunas, which ought to be filled in order to safeguard the principle of good administration and the rule of law.
Summary. 1. Introduction; – 2. Overview of Swedish regulatory choices: legislation, case law, administrative infrastructures and oversight; – 3. National legislation on automation in administrative procedures; – 3.1. The Administrative Procedures Act, APA; – 3.2. Transparency and secrecy; – 4. Case law, non-judicial review, and administrative supervision; – 5. Soft law on automation or sophisticated AI in public decision-making; – 6. Concluding remarks.
Digitalization of the Swedish administration has been a politically significant topic since the 1960s, and remains so to this day. In an initiative from the mid-1990s, the Swedish Parliament, the Riksdag, identified an objective to make use of the capacity of technology to streamline administration and develop efficient channels for interaction between public administration, the public, and companies. In 2011, the Parliament stated that Sweden should strive to become the «best in the world» at using the possibilities of digitalization. The administration should, in so far as possible and whenever relevant, choose digital services in its contacts with citizens, organizations, and companies. In regards to the need to adapt the administrative framework for decision-making, the response from the legislator has as of yet been limited, with very few rules enacted to regulate automated decision-making, and no specific rules on artificial intelligence. Within another area of law affected by digitalization of the administration, namely the constitutionally protected right to transparency and access to official documents, the legislator adapted the relevant legal acts to include digital documents already in the 1970’s.
The focus for this article is thus on the responses of Swedish law to the effects of digitalization, automation and artificial intelligence (AI) in two areas: general administrative law, especially administrative decision-making, and transparency rules and access to documents. In order to cover the overall developments, automation and automated decision-making has been given a broad understanding, also encompassing effects of digitalization of administrative decision-making in a wider sense. Various forms of handling of administrative activities via digital means are included, namely digital procedures for enacting administrative decisions, guidance and other outcomes based on different ratios of human intervention and automation based on algorithms, sophisticated computer software and machine learning.
2. Overview of Swedish regulatory choices: legislation, case law, administrative infrastructures and oversight
Automated decision-making has been used by Swedish authorities since the 1970s, initially by the Swedish Transport Agency, and later by the Board of Student Finance, the Tax Agency, and the Social Insurance Agency. Today, automated administrative procedures are common at both the national, regional, and local level. The immediate reason why the Swedish legislator still has resisted enacting general rules for automated decision-making, can be attributed to the standpoint that administrative law and procedures should be technology-neutral, in order for the procedures not to hinder adaptation to new conditions or to quickly lose their relevance. Accordingly, general administrative law should be applied to automatic decision-making and other digital measures undertaken by authorities. On the other hand, digitalization and automation motivated legislative reforms of the constitutionally protected right of access to public documents and reforms of secrecy rules already in the 1970’s, described below.
Swedish courts have not played a particularly active role in the development of administrative law rules and principles for the digital age. Though automatically enacted decisions have been reviewed by courts for decades, questions relating to the role of administrative procedure in a digital setting or to limitations and restrictions regarding the use of automated decision-making have not been addressed. In the Swedish tradition, questions on efficient and secure preparation of matters are more likely to be addressed by the Parliamentary Ombudsmen, who have made decisions in several cases involving automation, than by the courts. Another constitutional entity, the Supreme Audit Institute, has been more active in monitoring and assessing challenges with digitalization, as have sector-specific supervisory authorities. The Supreme Audit Institute issued a report on automated decision-making in the Swedish administration in 2020, concluding that automation had led to faster and less costly decision-making procedures, but that there was still a need to take measures to ensure that automation was efficient, in line with the rule of law, and resulted in correct decisions. In 2022, the Equality Ombudsman (DO) published a survey on Swedish authorities’ use of AI and automated decision-making and their knowledge regarding the risks of discrimination. The DO concluded that authorities rarely considered grounds for discrimination in their policy documents, risk analyses, or quality follow-ups.
The Government has over the years commissioned several governmental enquiries (SOU) on the technical, societal, and legal challenges of digitalization, among which Automated decisions – fewer rules provide clearer regulation and Law as a tool in the digitalization of administration are the most central. A recurring conclusion is that authorities have a continuous need for legal support. Great emphasis has been placed on establishing administrative infrastructures to support authorities in their digitalization processes. The e-Delegation was established in 2009, followed in 2015 by eSam, a network of 34 authorities cooperating on how to «take advantage of the possibilities of digitalization to make it easier for private individuals and companies, and to use our common resources in an efficient way». For example, a digital service for assessing applications for social benefits was developed in 2014, enabling municipal social services to receive information directly from seven national authorities and organizations. Over 90 percent of Sweden’s 290 municipalities are connected to the service. eSam also issues guidelines in legal and other matters related to digitalization. In 2018, a new authority was established, DIGG, the Agency for Digital Government. DIGG is tasked with coordinating and supporting the digitalization of public administration, taking responsibility for the Sweden’s digital infrastructure, and analyzing the digitalization of society. Further, the Swedish competent authority under the General Data Protection Regulation (GDPR), the Swedish Authority for Privacy Protection (IMY), monitors digitalization from a personal data perspective and give guidance to both private and public on how to ensure data protection.
In the following, Swedish legislation with bearing on automation in administrative decision-making and transparency will be presented in section 3, with case law, non-judicial reviews, and decisions from supervisory authorities addressed in section 4. Soft law tools will be mentioned briefly in section 5. In section 6, some closing thoughts are presented.
3. National legislation on automation in administrative procedures
As seen above, the legal consequences of digitalization in general, including fully or partially automated decision-making, have been the subject of several governmental enquiries commissioned by the Government in recent decades, in regard to general administrative law, sector-specific issues, and – not least – the constitutionally protected principle of transparency and the right of access to public documents. In regard to general administrative law, few proposals have led to legislation being enacted. There are very few general rules on automated decision-making and several core issues remain unclear, for example whether there is a sufficiently defined exemption in Swedish law for processing personal data in automated decision-making procedures under Article 22 GDPR. The aim to remain technology-neutral, included in the Administrative Procedures Act (APA), may explain the unwillingness of the legislator to enact specific rules for a digitalized setting. On the other hand, the fact that transparency is a core constitutional value in Swedish law may explain why digital information structures have been regulated to a greater degree.
3.1. The Administrative Procedures Act, APA
The question of automation of administrative decision-making has been discussed in legislative procedures at least since the mid-1980s, but very few rules have as yet been introduced. As noted above, the main idea has been to keep the APA technology-neutral, meaning that principles and rules are to be applied to administrative actions and decisions no matter how a procedure is conducted. When a new APA was enacted in 1986, it was stated in the legislative bill, which is traditionally considered to be an important source for legal interpretation in Sweden, that the APA was to be applied also in automated decision-making:
«In recent years, authorities have increasingly come to use computers in preparing individual matters. This technical aid can in some cases be used so that the preparation of the matter is in itself fully or partially automated. The APA is applicable also in these cases. When drafting routines for the preparing of matters through automatic data processing, one must therefore not only take into account the technical and financial factors. Legal certainty requirements that apply according to the APA must also be met».
However, the 1986 APA did not introduce any specific rules on digitalization or automation. The first rule introduced in the APA on digitalization came in 2003, requiring authorities to ensure that private citizens can contact them via telefax or e-mail, and to provide an answer via the same channel. The amendment was initiated as a part of the Government’s aim to create the «24-hour authority», with services available to the public around the clock.
When a revised APA was enacted in 2017, one of the aims of the reform was to adapt the APA to an increasingly digital administration (other aims being to strengthen legal certainty for private parties and to adapt the act to European requirements). The initial proposal included several rules regarding digitalization, predominantly of a practical nature, regulating the handling of electronic document, e.g., rules to determine the time of arrival of an electronic document. These changes were not included in the final act. The previously introduced rule on the obligation to accept communication via telefax and e-mail was also removed. Instead, and more importantly, a new general provision explicitly stating that public authorities may make automated decisions was enacted. Under the heading «How decisions are made» section 28, the following is stated:
«A decision can be made by an officer on their own or by several jointly or be made automatically. In the final processing of a matter, the reporting clerk and other officers can participate without taking part in the determination.
When several persons shall make a decision jointly and are unable to agree, the chair shall present the various proposals for a decision put forward. Each proposal shall be presented so that it can be answered to by either a yes or a no.
When those taking part in the determination have had the opportunity to take positions on the proposals, the chair makes known what has, in their opinion, been decided. This is the decision unless a vote is requested».
As can be seen, this is a general rule encompassing all types of decisions, enacted by one or more individuals, or automatically. The only part that regulates automatic decision-making is the reference to the fact that decisions can be made automatically. The rule is thus of a declaratory nature, without giving any guidance on the legal consequences of automation. According to the legislative bill, the intention was to clarify that decisions can in fact be made by automated means. The Government noted that the automation of decisions had become an increasingly common phenomenon within parts of the administration that handle a large number of matters annually. Thus, by stipulating in the law that decisions can be made automatically, the Government wanted to make clear that there is no need to enact rules in sector-specific acts in order for an authority to use this form of decision-making. Thus, the intention was to create better conditions for the continued development of digital administration.
Unfortunately, it seems that the addition of the words «or be made automatically» has caused some confusion. Three questions can be identified, with varying degrees of complexity.
First, and most importantly, it remains unclear whether section 28 APA fulfills the requirements of Article 22 GDPR to establish an exemption from the prohibition against automated individual decision-making on personal data, including profiling. According to Article 22(2)b GDPR, an exception must be «authorised by Union or Member State law», providing suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests. The Government did not address this issue in the legislative bill, but has in several later sector-specific bills argued that section 28 APA does fulfill this function, referring to the general requirements of the APA regarding legality, objectivity, and proportionality, the right to transparency, the right of private parties to be heard, as well as the possibility of reassessment of decisions and the right to appeal. In legal doctrine, it has been argued that the APA falls short of fulfilling all the safeguards listed in recital 71 to the GDPR, more precisely the requirement to provide «specific information to the data subject and the right to obtain human intervention». Further, the APA does not include any restrictions regarding the use of automated decision-making on children. IMY, the competent authority under the GDPR, has concluded that section 28 APA does not meet the requirements to authorize an exemption under Article 22 GDPR.
A second, connected uncertainty relates to the question of how the technology-neutral approach is to be realized in practice. As stated above, the point of departure is that the APA is fully applicable to automated decision-making. On the other hand, the legislative bill holds that automated decisions cannot be expected to fulfill all formal requirements in the APA regarding information to be included written decisions, namely:
«1. the date of the decision;
2. what the decision contains;
3. which person or persons took the decision;
4. which person or persons were reporting officers; and
5. which person or persons participated in the final processing without taking part in the determination».
It was emphasized in the legislative bill that the information listed in the section was not to be interpreted as requiring authorities to set up their decision-making procedures in such a way that all this information must always be entered. If certain information, e.g., on names, is not relevant in a specific decision-making procedure, for example in automated decision-making, such information need not be included. However, for several public authorities which use automated decision-making, such as the Tax Agency and the Social Insurance Agency, specific exceptions from the requirements of documentation have been introduced in the relevant legislation. For others, for example the Board of Student Finance, no such exceptions exist. Government enquiries from both before and after the enactment of section 28 in the 2017 APA have argued that this state of affairs creates unnecessary uncertainty and ought to be rectified.
Also in relation to the duty to state the reasons for decisions, in accordance with section 32 APA (as well as the EU principle of good administration, where applicable), it has been questioned to what extent the duty can be fulfilled through automated means. In a legislative bill on automated decision-making regarding taxation of real estate, it was stated that the provisions in the APA in practice constitute a limit on what decisions can be made automatically. However, it is not apparent how the general exceptions permitted in section 32 APA, namely that «all decision affecting a person in a not insignificant way» should contain «a clarifying statement of reasons», if it is not deemed to be «obviously unnecessary». One of the downsides of automated decision-making, at least if less sophisticated algorithms are used, is the lack of responsiveness to the specific circumstances in each individual case. As automated decision-making is increasingly used in more complex matters, it may be difficult to satisfy requirements to give individualized reasons.
A third unclarity relates to the use of automated decision-making in specific procedures. Notably, the Local Government Act includes specific rules on internal delegation of decision-making power, an issue that was not addressed in the legislative bill of the 2017 APA. In July 2022, a revision of the Local Government Act was enacted to provide a clear legal basis for automated decision-making at the local level. In the meantime, the question of how to interpret section 28 APA in a local government context caused some confusion. The Government took the opportunity to give some general guidance on the appropriateness of using automation in administrative decision-making. It was held that automation could not be used in cases where sector-specific legislation laid down specific requirements, e.g., the involvement of officials with specific competence, such as a psychiatrist in matters of compulsory care or in social services. The limitations set out by the requirement in the APA to provide reasons for decisions were reiterated, with the addition that other procedural safeguards could also pose limitations, e.g., the responsibility for investigating matters carefully (section 25) and the general requirement to handle matters simply, rapidly, and as cost-effectively as possible without encroaching on the rule of law (section 9). Ultimately, the Government held that «the exact demarcation of which cases are suitable for automated decision-making should, in line with what currently applies within the state administration, be a matter for legal adjudication». This task was accordingly handed over to sector-specific authorities, supervisory authorities, and courts, to be performed in dialogue with the individuals involved in judicial and non-judicial proceedings.
3.2. Transparency and secrecy
Transparency and access to public documents are core constitutional values in Swedish law, and friction in relation to digitalization, automation, and data protection has been seen for decades. Sweden has a longstanding tradition of keeping extensive public archives and registries, which motivated the country to introduce a national data act for the protection of personal data as early as 1973. The act focused on monitoring the use of private and public registries by making them subject to permits issued by a new public authority, the Data Protection Authority, carefully balancing access limitations against the right of access to documents.
The Swedish transparency rules have been adapted to digitalization and automation in two main ways. First, by broadening the concept of documents to also include digital documents in various forms as well as adapting documentation and archiving to accommodate this change. Second, by developing new grounds for secrecy based on the needs of a digital society.
In regard to the definition of documents, the inclusion of digital recordings in the right of access to documents were introduced in the Freedom of the Press Act (one of Sweden’s four fundamental laws) in 1974. A digital recording is considered to be held by the authority «if it is available to the authority using technical devices which the authority itself employs for communication in such form that it may be read, listened to, or otherwise comprehended». Today, the right also includes «potential recordings», i.e., compilations of information taken from registries, databases, etc. The authorities must release the compilation as long as it can be collected and transformed into a recording with «routine means», meaning that the authority is not required to develop software programs to search for the information. This may provide researchers and others with important data from state-held registries, including population-based registries. A further limitation has been introduced to protect personal data from being exposed. If a compilation contains personal data and the authority does not have the power under a law or ordinance to make the compilation available, the authority is not deemed to be holding the compilation and is therefore not be required to release it. Completed recordings are not covered by the limitation rule. Therefore, such recordings are considered to be documents regardless of their content. It should be stated that this exception is worded in a somewhat strange and illogical manner, making the holding of a recording dependent on the legal status of its content. Restricting the use of certain categories of information is normally done through confidentiality and secrecy rules, discussed below.
When digital recordings were first included into the dominion of official documents in the early 1970s, it was considered a risk that the documents would become inaccessible to the public at large and to private parties concerned by actions taken by the authorities, since access to the information was effectively conditioned on access to the relevant technical equipment. A specific rule was introduced in the 1973 Data Act, requiring authorities to transmit recordings in a readable form in certain cases. When the Data Act was repealed in connection with the implementation of the EU Data Protection Directive, the rule was transferred to the Transparency and Secrecy Act, which remains in force. Chapter 4, section 3 of the act holds:
«If an authority for processing a case or matter uses a recording for automated processing, the recording must be added to the documents in the case or matter in legible form, unless there are special reasons against it».
It is unclear how this rule is to be applied in the context of automated decision-making. The opening for not applying the rule in case of «special reasons» was initially meant to take into account the costs, in terms of both labor and money, of transforming recordings into paper documents, especially if there were tools for making the data available via technical means. Today, security concerns in relation to the information may also be relevant.
In regard to the second issue – new grounds for secrecy based on the needs of a digital society – very few legislative reforms have been enacted. The question of whether information on algorithms should be considered to fall within the right of access to public documents has been discussed in a Government enquiry, which found that this could be the case. There is no general secrecy rule applicable to algorithms for public decision-making, but the enquiry suggested that either secrecy rules in Chapter 17, section 1 of the Transparency and Secrecy Act, on activities for inspection, control, or other supervision, or Chapter 18, section 3, on surveillance measures, could be applied. There may be other grounds for secrecy, depending on the circumstances in an individual case. However, it is for the public authority to demonstrate that there is a basis for secrecy – otherwise the document or recording must be released. There is further a basis for secrecy protecting personal data in public documents, Chapter 21, section 7 of the Transparency and Secrecy Act, which has mainly been applied in relation to requests for large amounts of personal data in public registries.
4. Case law, non-judicial review, and administrative supervision
Swedish courts have reviewed a large number of automatically enacted decisions over the last decades, for example concerning social insurance, tax, and changes of registered owners of cars. However, as yet, neither the Swedish Supreme Administrative Court nor any of the four Administrative Courts of Appeal appear to have made decisions in any cases regarding the legal dimensions of the automated decision-making procedures as such.
In 2022, the Supreme Administrative Court made a decision in a case concerning the consequences of a general error in the calculation of the level of guaranteed pensions in automated procedures, after the European Court of Justice had, in a previous preliminary ruling, found the Swedish interpretation of the concept to be incompliant with EU law. The error was thus in the legal interpretation of the relevant concept and not related to errors in the algorithm as such. All the same, the error necessitated the Swedish Pension Authority to recalculate a vast number of guaranteed pensions and it took two years before the decisions on reassessment were enacted due to the technical complexities of the automated procedures. The Supreme Administrative Court upheld one of the reassessment decisions on appeal, even though it meant that the pension of the applicant was lowered retroactively. The Court justified this based on pension decisions being applicable for long periods of time, the cross-border implications of the pensions in question, and the importance of upholding the principle of equal treatment between beneficiaries. Problems relating to administrative delays due to lengthy development periods for automation of essential decision-making procedures have also been addressed by the Parliamentary Ombudsmen, in relation to calculation of agricultural aid.
There have been a few cases on secrecy for the algorithms generating administrative decisions in lower level courts. For example, the Administrative Court of Appeal in Stockholm denied an applicant the right to public documents which included information on algorithms generating the Social Insurance Authority’s decisions on dental care allowance. The decision was based on Chapter 18, section 3 of the Transparency and Secrecy Act. According to the Court, the documents could indirectly have provided information on how the system could be circumvented or manipulated. In another decision, the Administrative Court of Appeal in Gothenburg held that documents with information on algorithms used by municipal social services to calculate social benefits were not covered by secrecy and should therefore be released. The Court found that the basis for secrecy relied upon by the municipality, Chapter 31, section 16 of the Transparency and Secrecy Act on the protection of the financial interests of the private company that had developed the code, was not relevant in the case. The code has been developed specifically for the municipality’s needs and was owned by the municipality, meaning that release of the documents would not affect the private company negatively.
The more principled assessments of the handling of automated decision-making among Swedish authorities may instead by found in the case law of non-judicial bodies and supervisory authorities. The Parliamentary Ombudsmen and other supervisory authorities have over the years enacted a number of decisions on digitalization and automation of administrative decision-making. In 2006, the Parliamentary Ombudsmen made an investigation into the administrative consequences of a pilot case introducing automated road tolls in Stockholm, the capital of Sweden. The Ombudsmen found, among other things, that the system ought to be able to provide a more accessible procedure for reassessing decisions on tolls in cases where an automated decision had been directed at a previous owner of a car, due to the lengthy procedure for registration of a new owner.
In a decision in 2021, the Ombudsmen criticized the Migration Agency for employing a fully automated procedure in matters on applications for Swedish citizenship, where applicants requested the authority settle the matter under a failure to act proceeding, as described in the APA. If the application had not been assigned to a case manager at the Migration Agency, the request for determination of the matter was automatically refused (and the applicant could appeal the refusal to an administrative court). The Ombudsmen were particularly critical of the procedure not providing any mechanism for taking individual circumstances into account.
A decision from the Health and Social Care Inspectorate (IVO) on an individual complaint is also illustrative. This matter was (also) in regard to the automated decisions of municipal social services and social benefits. The IVO harshly criticized the municipality on several points, including not having fulfilled its duty to investigate the applications carefully, not having guided the applicants individually and according to their needs, not having taken the best interest of the child into account where relevant, and not having properly documented information relevant to the processing of the matter.
Lastly, assessment errors in an automated decision system used by the Swedish Public Employment Services to assess the level of activity among job seekers can be mentioned. Due to the errors, the Employment Services issued approximately 15,000 incorrect decisions directed at individuals, including warnings and sanctions for not having been sufficiently active in the search for work. When the mistake was discovered, the Employment Services began handling the matters manually, resulting in a large number of reassessment decisions. Alongside technical problems in distributing the decisions to the individuals concerned, the procedure in its entirety caused considerable delays. Still, the Employment Services reported that they had not received an influx of complaints. As Enqvist and Naarttijärvi has pointed out, the situation illustrates the inherent opacity of automated decision-making, rendering it difficult for both the authority and the individuals concerned to discover mistakes.
5. Soft law on automation or sophisticated AI in public decision-making
eSam, the aforementioned network of authorities cooperating to promote digitalization, has enacted a number of guidelines in the area. The most relevant here is the Checklist – Law when using AI, which contains guidance on several aspects of automated decision-making, for example processing personal data, services to the public, security-related issues, procurement, transparency and explainability, discrimination, etc. The checklist often refers to EU documents, foremost among them the Commission proposal for an AI Regulation and the Article 29 Working Party Group Guidelines.
IMY, the Swedish competent authority under GDPR, has also published general information and guidelines on personal data in the context of automation and AI, mostly guidelines from the Article 29 Working Party Group and the European Data Protection Board. IMY also publishes legal positions on data protection issues in a Swedish context. As yet, none of them have related to automation or AI.
Lastly, a policy document enacted in 2018 by the Government Offices can be mentioned, The National Pathway for Artificial Intelligence. One of the conclusions in the document is that there is a further need to develop rules, standards, norms, and ethical principles to guide ethical and sustainable AI and its use.
6. Concluding remarks
Digitalization of the administration and automated decision-making has been a central concern for the Parliament and the Government for decades, and has deeply affected two central areas addressed here: general administrative law and transparency. The regulatory responses in the two areas differ. While concerns regarding the negative effects of digitalization on access to documents prompted the Swedish legislator to include digital recordings in its transparency rules already in the 1970s, general administrative legislation has been adjusted to a very limited extent. Even though automated decision-making has been used since the 1970s, it is remarkable how few binding sources in Swedish law actually regulate how this is supposed to work in practice. The aim that the law should remain technology-neutral may explain the unwillingness of the legislator to enact specific rules for a digitalized setting. Another factor is the legal and administrative culture in Sweden. Administrative authorities hold a strong position in the constitutional setting, which – together with social trust and a pragmatic tradition in Swedish administrative law – may also have contributed to the current state of affairs. Authorities are trusted to organize their decision-making in accordance with the law, whether the procedures are carried out manually, digitally, or by automated means. Swedish courts have as yet refrained from intervening.
This short description of the regulation of automated decision-making in Sweden reveals that several crucial uncertainties remain. Swedish law lacks any clear demarcation of when automated decision-making is to be allowed. As of now, the question is merely discussed in preparatory works to individual pieces of legislation. However, the issue was not discussed in the preparatory works to the 2017 APA, even though a general legal basis for automated decision-making was introduced there. Some guidance has been introduced in preparatory works to sector-specific legislation and the Local Government Act. However, the main take-home message from the Government is that this is a matter for legal adjudication, namely sector-specific authorities, supervisory authorities, and courts to resolve. Judging by the matters that have arisen before the Parliamentary Ombudsmen and other supervisory authorities, it has not been an easy task. Further, it is debated whether Swedish law fulfils the GDPR requirement of establishing an exemption from the prohibition against automated individual decision-making on personal data, including profiling. It seems that the Swedish legislator has been too busy focusing on becoming the «best in the world» at using the possibilities of digitalization, and has given too little attention to central democratic ideals such as good administration and the rule of law.
- I would like to thank Lena Enquist, Umeå University and Henrik Wenander, Lund University, for their valuable comments and suggestions during the preparation of this paper, as well as the very constructive discussions with the INDIGO-team and other participants at the work-shop in Freiburg, on 29-30 September 2022. ↑
- C. Magnusson Sjöberg, Rättsautomation. Särskilt om statsförvaltningens datorisering, Norstedts juridik, Stockholm, 1992. ↑
- Legislative bill 1995/96:125 p. 65–73; Commitee report 1995/96:TU19 p. 46–48; Written communication from the Riksdag 1995/96:282. ↑
- Legislative bill 2011/12:1 utg.omr. 22, p. 84; Commitee report 2011/12:TU1; Written communication from the Riksdag 2011/12:87; R. Karlsson, Den digitala statsförvaltningen – Rättsliga förutsättningar för automatiserade beslut, profilering och AI, Förvaltningsrättslig tidskrift 2020 p. 51–80, 51. ↑
- Legislative bill 2015/16:1 utg.omr. 22 p. 120. Translation by the author. ↑
- Report from the Swedish Supreme Audit Institute, Automated decision-making in the national administration – effective, but controls and follow-ups are lacking, RiR 2020:22 [Riksrevisionen, Automatiserat beslutsfattande i statsförvaltningen – effektivt, men kontroll och uppföljning brister]. ↑
- Swedish Governmental Enquiry 2010:29 A New Administrative Procedures Act [En ny förvaltningslag], p. 21, 206; Legislative bill 2016/17:180, p. 141, 170; Swedish Governmental Enquiry 2018:25, op cite n 6, p. 126. ↑
- On the role of the Parliamentary Ombudsmen, see J. Reichel, M. Ribbing, Codification of Administrative Law in Sweden, in F. Uhlmann (Ed), Codification of Administrative Law: A Comparative Study on the Legal Basis of Administrative Law, Bloomsbury Publishing, forthcoming 2023, section 3.3. On the role of supervisory authorities in monitoring automated decision-making, see L. Enqvist, M. Naarttijärvi, Rättsstatliga principer och beslutsprocesser i en (alltmer) digitaliserad och automatiserad förvaltning, in K. Djurberg Malm, R. Sannerholm (Eds), Rättsstaten i den svenska förvaltningen. En forskningsantologi, Statskontoret 2022. ↑
- RiR 2020:22, Automated decision-making in the national administration, op cite n 5, p. 4–5. ↑
- DO 2022:1, Transparency, training, and data – Authorities’ use of AI and automated decision-making and knowledge of risks of discrimination [Transparens, träning och data – Myndigheters användning av AI och automatiserat beslutsfattande samt kunskap om risker för diskriminering]. ↑
- Ibid, p. 8–11 (English summary). ↑
- Swedish Governmental Enquiry 2014:75 Automatiserade beslut– färre regler ger tydligare reglering; Swedish Governmental Enquiry 2018:25 Juridik som stöd för förvaltningens digitalisering. ↑
- See also Swedish Governmental Enquiry 2020:8 Stronger municipalities – with the capacity to cope with the welfare mission [Starkare kommuner – med kapacitet att klara välfärdsuppdraget]; Swedish Governmental Enquiry 2020:55 Innovation through information [Innovation genom information]. Translations of titles by the author. ↑
- See eSam’s webpage, https://www.esamverka.se/om-esam/om-esam.html. Translation by author. ↑
- See eSam’s webpage, https://www.esamverka.se/vad-vi-gor/exempel-livshandelsedriven-utveckling/digital-tjanst-for-ekonomiskt-bistand.html. ↑
- See DIGG’s webpage, https://www.digg.se/en. ↑
- See IMY’s webpage, https://www.imy.se/en. ↑
- See footnotes 6 and 7. ↑
- See footnote 8; C. Magnusson Sjöberg, Förvaltningslagen och digitaliseringen, Förvaltningsrättslig tidskrift 2018, 519–530, 519 et seq. ↑
- Legislative bill 1985/86:80 on a new Adminstrative Procedures Act, p. 57. Translation by the author. On the status of preparatory works in Swedish law, see L. Carlson, The Fundamentals of Swedish Law, Lund, Studentlitteratur, 2012, p. 45. ↑
- Legislative bill 2002/03:62 p. 12–13; C. Magnusson Sjöberg, IT-anpassningen av 5 § förvaltningslagen – inte bara en kodifiering av praxis, Förvaltningsrättslig tidskrift 2004, 285–305, 286. ↑
- Swedish Government Official Report 2010:29, op cite n 8, p. 53. A special report was drafted, Elektroniska förfaranden – delredovisning av Förvaltningslagsutredningen (Ju 2008:08), included in Swedish Government Official Report 2010:29, p 729–787. ↑
- Swedish Government Official Report 2010:29, op cite n 8, p. 393. ↑
- Official translation. ↑
- Legislative bill 2016/17:180, p. 179. ↑
- Ibid. ↑
- See for example Legislative bill 2017/18:95, p. 100; Legislative bill 2017/18:112, p. 64–65; Legislative bill 2017/18:115, p. 31. ↑
- R. Karlsson, Den digitala statsförvaltningen, op cite n 3, p. 51–80, 74. ↑
- Ibid. ↑
- Datainspektionens (now Integritetskyddsmyndigheten) Response to consultation: Law as support for the digitization of the administration Swedish Governmantal Inquiry 2018:25 [remissvar Juridik som stöd för förvaltningens digitalisering (SOU 2018:25)], DI-2018-7602. ↑
- 31 § FL. The rule is also included in 21 § Governmental Authority Ordinance (2007:525). ↑
- Legislative bill 2016/17:180, p. 185. ↑
- 39 § förordning (2017:154) med instruktion till Skatteverket; 14 § förordning (2009:1174) med instruktion för Försäkringskassan. ↑
- Förordning (2007:1071) med instruktion för Centrala studiestödsnämnden. ↑
- Swedish Government Inquiry 2014:75, p. 64 et seq; Swedish Government Inquiry 2018:25, op cite n 6, p. 223. ↑
- R. Karlsson, Den digitala statsförvaltningen op cit n. 3, 77. ↑
- Legislative bill 2019/20:196, p. 34. See further Legislative bill 2021/22:125, discussed below. ↑
- L. Enqvist, M. Naarttijärvi, op cit n 13, p. 237. ↑
- See below, in relation to the Parliamentary Ombudsmen’s decision of 10 December 2021, reference number 6744-2020 on automated decision-making by the Migration Authority. ↑
- Chap 6, 37–38 §§ Local Government Act (2017:725); Legislative bill 2021/22:125, p. 23 et seq. ↑
- T. Otter Johansson, Automatiserade beslut i förvaltningen, in Gregor Noll, AI, digitaliseringen och rätten, En lärobok, Studentlitteratur, 2021, p. 110 et seq. ↑
- Legislative bill 2021/22:125, 36, 28–29. ↑
- Ibid, p. 29. ↑
- Ibid, 30. Translation by the author. ↑
- J. Reichel, Public Access or Data Protection as a Guiding Principle in the EU’s Composite Administration? An Analysis of the ReNEUAL Model Code in the Light of Swedish and European Case law. In P. Wahlgren (Ed), 50 Years of Law and IT, Jure, Stockholm, 2018, pp. 285–308. ↑
- Data Act (1973:289). 2011/12:TU1; ↑
- Legislative bill 1973:33, Committee report KU1973:19; Written Communication from the Riksdag 1973:131. ↑
- Chapter 2, 6 § 1 para Freedom of the Press Act. Official translation. ↑
- Chapter 2, 6 § 2 para Freedom of the Press Act. ↑
- Chap. 2, 7 § Freedom of the Press Act. ↑
- Legislative bill 1973:33 p. 141 et seq; Legislative bill 2008/09:150 p. 307 et seq. ↑
- Translation by author. ↑
- Swedish Government Inquiry 2018:25, op cite n 6, p. 201. ↑
- Ibid, p. 184. ↑
- Ibid, p. 187. ↑
- Ibid. ↑
- See further below, Administrative Court of Appeal in Gothenburg, Judgment of the 21 February 2020, case number 6973-19, where secrecy based on the financial interest of the company having developed the automated decision-making platform was not deemed relevant. ↑
- J. Reichel, Public Access or Data Protection as a Guiding Principle in the EU’s Composite Administration?, op cit. n 44. ↑
- HFD 2022 ref 9. ↑
- Court of Justice, judgment 7 December 2017, C-189/16 Boguslawa Zaniewicz-Dybeck v Pensionsmyndigheten, EU:C:2017:946. ↑
- HFD 2022 ref 9, para 25. ↑
- JO 2021/22 s. 340. See further L. Enqvist, M. Naarttijärvi, op cit n 13, p. 231–232. ↑
- Judgment 27 August 2019, case number 4995-19. ↑
- Judgment 21 February 2020, case number 6973-19. ↑
- Decision 30 June 2006, reference numbers 1-2006, 62-2006, 173-2006, 355-2006, 420-2006, 893-2006, 900-2006, 1780-2006. ↑
- Decision 10 December 2021, reference number 6744-2020. ↑
- Decision 23 January 2020, reference number 8.5-31394/2018-9. ↑
- The Swedish Public Employment Service identified the problem of its own accord, and reported it to the relevant supervisory authority, the Unemployment Insurance Inspectorate (IAF), at an inspection. The IAF did not find reasons to investigate the matter further, see decision 2021-04-26, Dnr IAF 2019/90. See further L. Enqvist, M. Naarttijärvi, op cit n 13, p. 218. ↑
- Ibid. ↑
- Ibid, p. 237. ↑
- Proposal for a Regulation of the European parliament and of the council laying down harmonised rules on Artificial Intelligence (Artificial Intelligence Act) COM(2021) 206 final. ↑
- Guidelines on Automated individual decision-making and profiling for the purposes of Regulation 2016/679 (wp251rev.01) ↑
- See IMY’s web page, https://www.imy.se/publikationer/?query=&selectedPublicationTypes=Legalposition&page=1. ↑
- Government Offices, National Pathway for Artificial Intelligence 2018, p. 10 [Nationell inriktning för artificiell intelligens (2018)] (Dnr N2018/03008/FÖF). ↑
- C. Magnusson Sjöberg, Förvaltningslagen och digitaliseringen, op cit n 18, 519 et seq. ↑
- H. Wenander, Public Agencies in International Cooperation under National Legal Frameworks: Legitimacy and Accountability in Internationalised Nordic Public Law, in M. Grahn-Farley, J. Reichel, M. Zamboni (Eds) Governing with Public Agencies: The Development of a Global Administrative Space and the Creation of a New Role for Public Agencies, Stiftelsen skrifter utgivna av Juridiska fakulteten vid Stockholms universitet, 2022, p. 172, 179. ↑