The Swedish DPA refused to authorize Standard & Poor’s AB, a Swedish subsidiary of a US company, to process employee criminal records. The law restricts the processing of this type of data to public authorities, unless prior authorization is obtained from the Swedish DPA. The Swedish entity was asked to obtain employees’ past criminal records by its US parent company so that it could become a member of a “Nationally Recognized Statistical Rating Organisation (NRSRO)” in the US. The Swedish DPA took into consideration the International Labor Organization (ILO) recommendations whereby employers should not seek to obtain employees’ past criminal records in the course of the employment relationship, unless the request is directly connected or relevant to the company’s undertaking.
The DPA decision is available (in Swedish only) at: http://www.datainspektionense/pdf/beslut/20071218-standard-poorspdf