Public Access to Information and Confidentiality

On this page, you will find information about the principle of public access to information and how it applies to your work. There is also a detailed overview of the confidentiality provisions that you, as an employee at Stockholm University, need to be aware of.

Stockholm University is a public authority and is therefore required to adhere to the principle of public access. This principle is established in Chapter 2, Section 1 of the Freedom of the Press Act and ensures, among other things, that the everyone has the right to access official documents held by the University. The principle also includes the right to freedom of communication.

In addition to the information on these pages, we encourage you to review the following:

Watch our short informational videos on public access and confidentiality (only in Swedish)

What are public documents?

According to Chapter 2, Section 3 of the Freedom of the Press Act, a document is considered public if it is held by an authority and has either been received by the authority (Section 6) or drawn up by the authority (Section 7).

A "document" refers to any written or pictorial representation, as well as recordings that can only be accessed, read, or understood using technical means (Chapter 2, Section 3). This includes physical documents, such as paper records, as well as digital formats, such as tape recordings, video files, or information stored on hard drives or similar devices. Any material that contains information, regardless of its medium, is classified as a document.

For a document to be deemed public, it must be held by the authority at the time the request is made. Compilations of public documents are also regarded as held by the authority if they can be produced without undue effort and through routine procedures (Chapter 2, Section 3, second paragraph). However, compilations containing personal data are not considered to be held by the authority if the authority does not have the legal right to make such a compilation available.

A letter, email, or similar correspondence addressed to a specific individual is only considered to be in held by the authority if it pertains to a case or matter that falls under the authority’s responsibility.

A document is deemed to have been received when it has arrived at the authority’s premises or has been delivered to the appropriate official. A document is considered received even if the official is outside the authority’s premises at the time of receipt. There is no requirement for anyone at the authority to have reviewed the contents of the document for it to be classified as received. It is considered received as soon as it, for instance, arrives in the authority's inbox.

A document is deemed to have been drawn up when it has been dispatched. Dispatch of a document usually refers to the document being sent to a recipient outside the authority. A document that has not been dispatched is considered drawn up when the case to which it pertains has been concluded. A document that does not belong to a specific case is considered drawn up when it has been finalized or otherwise completed.

Example:

An exam paper submitted for grading is considered received and thereby becomes a public document.

An exam paper with grading comments, on the other hand, is considered drawn up and becomes a public document when the case is concluded, i.e., when the grade decision has been communicated.

Note:

Email logs, cookies (i.e., files containing information about which web pages a user has visited), and global files (records displaying address details of the websites a user has visited on the Internet) are, according to established practice, to be regarded as drawn up public documents

Drafts, notes, and similar documents are generally not considered public documents. However, if they are archived, their status changes. Therefore, ensure such materials are removed before the case is closed.

An internal email is generally not considered a public document. However, if the document adds substantive information to a case, is finalized (e.g., a final version shared for information purposes or a response to an internal survey), or is forwarded outside the authority (and thus dispatched), it is considered a public document.

Confidentiality Assessment and Decision of Refusal

Public documents may be either accessible to the public or contain confidential information. If someone requests access to a public document or information contained within it, you must always conduct a confidentiality review to determine whether parts or the entirety of the document t can be disclosed.

Information within public documents can either be public or confidential. The general rule is that all public documents are accessible. However, access can be restricted by provisions in the Public Access to Information and Secrecy Act (2009:400), i.e., through confidentiality rules. For further details on the most common confidentiality rules applicable to documents held by the University, see the page Confidentiality Provisions at Stockholm University.

If someone requests access to a public document or information contained within it, you must always conduct a confidentiality assessment to determine whether the entire document or parts of it can be disclosed. If the public document is not confidential, it should be released immediately. A document containing confidential information should be released only in the parts that are public. If you need to redact confidential information in a document that is otherwise released, you must ensure that the confidential information cannot be accessed. It must be evident where and to what extent information has been redacted.

If you conclude that the requested information cannot be disclosed, either because it does not qualify as a public document or because it is partially or entirely covered by confidentiality, you must inform the requester of your assessment and the reasons why the document or parts of it cannot be released.

Note that you are also obligated to inform the individual of their right to a written decision of refusal.

Denial decisions are issued by the Chief Legal Counsel in accordance with the Decision and Delegation Procedures of Stockholm University. Contact the Legal Secretariat immediately when a denial decision needs to be made and transfer the matter for further processing.

Note:

Even if you deny only a single piece of information within a large set of documents, the individual still has the right to a written decision of refusal since they have not received exactly what they requested.

If the request concerns a document that does not exist, a written decision of refusal must still be offered.

Confidentiality Provisions at Stockholm University

In order to claim that a document is covered by confidentiality, you must be able to refer to an applicable confidentiality provision in the Public Access to Information and Secrecy Act (OSL). The confidentiality provisions specify the interests that the confidentiality protects and the degree of protection it provides. Below, you will find a list of the most common confidentiality provisions applicable.

If you are uncertain whether confidentiality applies in a particular case, please contact the Division for Legal Affairs through Legal Advice (Serviceportalen). Fråga juristen.

Highly sensitive information regarding health conditions and sexual life—such as data concerning illnesses, substance abuse, sexual orientation, gender reassignment, sexual offences, or similar matters—may be classified as confidential if it is deemed likely that the individual or someone closely associated with them would suffer significant harm if the information were disclosed (Chapter 21, Section 2 of the Public Access to Information and Secrecy Act, OSL). Information on health can also be protected under other provisions of the OSL. However, this section constitutes a minimum level of protection for sensitive personal data relating to health and sexual life and can be applied by all authorities covered by the OSL. The presumption is in favor of disclosure. Confidentiality applies only if there is an assessed risk of significant harm. Confidentiality does not apply to information included in a decision.

Information about an address or other comparable details that could reveal the permanent or temporary residence of an individual (holiday home, hotel), phone number, email address, or other similar contact details (fax number, workplace phone number), as well as equivalent information about the individual's relatives, may be classified as confidential by the authority if there are specific reasons to believe that the individual or someone closely associated with them may be subjected to threats, violence, or other serious harm (Chapter 21, Section 3 of the Public Access to Information and Secrecy Act, OSL). This provision applies to all authorities covered by the OSL. The presumption is in favor for disclosure. Confidentiality only applies if there are specific reasons to believe the individual may suffer harm. An authority is not obliged to independently verify whether a person has, for example, a confidentiality marker in the population register. The individual must have informed the authority of this, or there must otherwise be an acute threat situation, for the authority to undertake a confidentiality review. Note that it is not possible to classify an individual's name and personal identification number as confidential under this provision. However, for students at universities and higher education institutions, it is possible to classify this type of information as confidential under Chapter 23, Section 5, second paragraph of the OSL; see below under the heading Educational activities.

Confidentiality applies to personal data if it is deemed likely that disclosure would result in the data being processed in violation of the GDPR, according to Chapter 21, Section 7 of the Public Access to Information and Secrecy Act (OSL). This provision does not involve an assessment of whether the individual pieces of data themselves are subject to confidentiality (which they may be under other sections of the OSL). Instead, the assessment the disclosing authority must make under this provision concerns whether it is likely that the data, after being disclosed, will be processed in violation of the GDPR. What will happen to the personal data after disclosure, and what will it be used for? In practice, this provision is most commonly applicable in cases of bulk data requests. Note that it is generally not permissible to inquire about the purpose behind a request for public records. In this case, it means that there must be a suspicion that the requester intends to process the data in violation of the GDPR, necessitating further investigation to justify inquiries about the purpose or how the requester plans to process the data.

It is not uncommon for individuals to approach authorities to request lists of names and addresses (which themselves consist of entirely public information) for marketing purposes, i.e., to promote themselves or offer various products. In such cases, a balance of interests must be made between the commercial interests of the company and the privacy interests of the individuals. In a legal precedent (RÅ 2002 ref. 54), a company requested from the Swedish Board of Student Finance (CSN) a register of university and higher education student aid recipients, presented as lists containing names, addresses, and postal addresses. The purpose was to distribute a discount card to the students. The Supreme Administrative Court stated that, concerning the privacy interests of individuals, the balance between the company’s commercial interest and the individual’s privacy interest must clearly favor the individual for the data to be disclosed. The court noted that the data in question were not sensitive personal data and that the marketing measure was limited since it involved one mailing per semester. Following a comprehensive assessment, the court concluded that the data could be disclosed.

Research collaboration refers to research conducted by agreement between a university and one or more private entities (natural or legal persons).

Confidentiality applies at the university to information about a private entity’s business or operational conditions, inventions, or research results that have been provided or emerged within the scope of such research collaboration, provided it is deemed likely that the private entity—usually the company—participated in the collaboration under the assumption that confidentiality would apply (Chapter 24, Section 5 of the Public Access to Information and Secrecy Act, OSL). The information must have a direct connection to the collaboration and may include details such as business methods, production techniques, cost calculations, and pricing. It can generally be assumed that the company has anticipated confidentiality for this type of information. Even if the company has not explicitly requested confidentiality, an assessment should be made to determine whether the nature of the requested information is such that the lack of confidentiality protection would be considered so significant for the company that it would have refrained from collaborating with the university without such protection. Confidentiality also applies to other authorities participating in the collaboration alongside the university. However, the information may be exchanged between the collaborating parties without restrictions due to confidentiality (Chapter 24, Section 6 of the OSL).

If the researcher has chosen to apply for a patent for their invention, confidentiality applies to information regarding the invention or trade secrets within the patent application case according to Chapter 31, Sections 20 and 21 of the OSL. If the research collaboration is still ongoing, confidentiality under Chapter 24, Section 5 of the OSL continues to apply to information that has not been disclosed in the patent case.

Confidentiality applies to information related to commissioned activities performed by a university on behalf of a private entity, provided it is deemed likely that the commission was entrusted under the assumption that the information would not be disclosed (Chapter 31, Section 12 of the Public Access to Information and Secrecy Act, OSL).

The information covered includes testing, determination of properties or quantities, valuation, scientific, technical, economic, or statistical investigations, or other similar tasks performed by the authority on behalf of a private party. This provision protects the client’s financial circumstances. Additionally, the personal or financial circumstances of third parties may be protected, such as when the assignment involves testing conducted on behalf of an employer based on samples taken through occupational health services. It can generally be assumed that the client expected confidentiality for this type of information. Even if the client has not explicitly requested confidentiality, an assessment should be made as to whether the requested information is of such a nature that the absence of confidentiality protection would be considered so significant for the client that they would have refrained from collaborating with the university without such protection.

An illustrative legal case is RÅ 85 Ab 51. A thesis was requested from an economics department at a university. The thesis included information provided by a private company to the department as a basis for the research, which was of interest to the company. It was deemed likely that the information would not have been provided without the assumption of confidentiality. Based on this, and as the legal provision does not require evidence of potential harm of a specific type, confidentiality was upheld.

According to Chapter 24, Section 8 of the Public Access to Information and Secrecy Act (OSL), confidentiality applies in specific activities within a public authority that involve the production of statistics, for information concerning an individual’s personal or financial circumstances that can be linked to that individual.

This confidentiality is absolute, meaning that the information cannot be disclosed. This provision primarily applies to authorities legally responsible for official statistics, such as Statistics Sweden (SCB). Stockholm University is not such an authority. Absolute confidentiality may also apply to authorities assisting other authorities responsible for statistics by collecting data on their behalf. However, this is not applicable to Stockholm University.

There are exceptions to this absolute confidentiality in favor of research. To meet the research community’s need for information, Chapter 24, Section 8 includes a provision allowing authorities responsible for statistics to disclose data necessary for research purposes, provided it is clear that the information can be disclosed without causing harm or detriment to the individual or their relatives. If statistical data are provided by an authority, such as SCB, to Stockholm University for research purposes, the confidentiality is transferred (unless another confidentiality provision already protects the same interest at the university). Consequently, such information remains confidential at the university.

Information from Psychologists, Counselors, or Career Guidance Services


Confidentiality applies to information related to psychological examinations and treatment, as well as information about an individual’s personal circumstances obtained by psychologists, counselors, or career guidance services. The presumption is for confidentiality. Such information may only be disclosed if it is clear that the student or someone closely related to them would not suffer harm (Chapter 23, Section 5, first paragraph, of the Public Access to Information and Secrecy Act, OSL).

Confidentiality applies to information about a student’s identity, address, or other similar details related to the individual’s personal circumstances if there is a specific reason to believe that the student or someone closely related to them may suffer harm (Chapter 23, Section 5, second paragraph, OSL).

This provision may be applied in cases involving suspected stalking or other forms of harassment. Confidentiality only applies if there is a specific reason to believe that the individual would suffer harm. Authorities are not obligated to independently investigate, without specific indications, whether a person, for instance, has a confidentiality marking in the population register or has been granted protected identity. The individual must make the authority aware of such circumstances.

Corrected exams are, as a general rule, public documents that must be disclosed upon request. However, exam questions may, in exceptional cases, be subject to confidentiality. This applies to certain standardized/electronic exams conducted in computer labs where the exam consists, for instance, of a database with a limited set of recurring questions. The questions can be classified as confidential under Chapter 17, Section 3c of the Public Access to Information and Secrecy Act (OSL) if it can be assumed that the purpose of the exam would be compromised by the disclosure of the information. Confidentiality applies to the information in these exam contents as long as the same exam documents are in use.

Information about employees at Stockholm University is, to a very large extent, public. As a general rule, most information in personnel files is public, such as employees’ home addresses, home phone numbers, salary information, CVs, and submitted diplomas, among other things. However, there are certain types of information that can, under specific circumstances, be kept confidential.

Confidentiality applies to information about an individual’s personal circumstances in employee support services, unless it is clear that the information can be disclosed without causing harm to the employee or someone close to them. The presumption is for confidentiality. The term "employee support services " refers to psychological examinations and treatment, as well as psychological, counseling, or social support provided by personnel care consultants employed by the authority.

Employee support services may also, to some extent, be carried out by managers. Certain information revealed during planning and development discussions can be considered of a employee support services nature. Such information may also be classified as confidential. However, in this context, confidentiality is weaker and applies only if it can be assumed that the employee or someone close to them would suffer harm if the information were disclosed (Chapter 39, Section 1 of the Public Access to Information and Secrecy Act, OSL).

Information regarding an employee's health condition, such as details regarding sick leave or the health condition of the employee's relatives, may be classified as confidential under Chapter 39, Section 2 of the Public Access to Information and Secrecy Act (OSL). Similarly, information regarding an employee’s personal circumstances in matters concerning reassignment or retirement may also be classified as confidential (see, however, the section below regarding decisions). The presumption is in favor of disclosure. Confidentiality applies only if it can be assumed that the employee or someone close to them would suffer harm if the information were disclosed.

Confidentiality does not apply to matters concerning employment (except for selection tests, see below) or matters regarding disciplinary action, nor does it apply to decisions concerning reassignment or retirement (Chapter 39, Section 2 OSL).

In exceptional cases, a public authority may classify information regarding an employee’s personal circumstances as confidential if it can be assumed that the employee or someone close to them would be subjected to violence or other serious harm if the information were disclosed. This provision is intended for exceptional situations where there is reason to believe that an employee, due to, for example, a decision made, risks threats or other harassment. Information such as home address, home telephone number, and other contact details may be withheld (Chapter 39, Section 3 OSL).

In matters concerning employment (which are otherwise public), confidentiality applies to information regarding selection tests unless it is clear that the information can be disclosed without causing harm to the employee or someone close to them. The presumption is therefore in favor of confidentiality. Selection tests refer to performance tests, aptitude tests, and personality tests that may be used in recruitment processes. Confidentiality applies to both the content of the tests and any compilations of the results (Chapter 39, Section 5a of the Public Access to Information and Secrecy Act).

Procurement under the Public Procurement Act (2007:1091) is subject to strict confidentiality. In procurement matters, information related to a tender may not be disclosed to anyone other than the tenderer until all tenders have been made public or a contract award decision has been made (i.e., a decision to award a procurement contract to a specific tenderer). This means that absolute confidentiality applies until the contract award decision is finalized (Chapter 19, Section 3, Paragraph 2 of the Public Access to Information and Secrecy Act). Following the contract award decision, tender documents are, as a rule, public. The purpose of this is to allow tenderers to review other tenders and, if necessary, request a judicial review of the contract award decision. However, in exceptional cases, certain information within the tenders may still need to be classified as confidential; see below.

Information about a private party's business or operational conditions in connection with a business relationship with a public authority may be classified as confidential if there is a specific reason to believe that the party would suffer harm if the information is disclosed (Chapter 31, Section 16 of the Public Access to Information and Secrecy Act). This is a very limited form of confidentiality. According to legislative commentary (Government Bill 1979/80:2, Part A, p. 241), there must be a specific circumstance or condition invoked by a tenderer to justify classifying parts of a tender as confidential. This may include trade secrets or other unique company information that could harm the company if disclosed. A company may also request that certain parts of its tender be classified as confidential when submitting the tender.

Freedom to Communicate with the Media

The freedom to communicate with the media, as outlined in Chapter 1, Section 1, and Chapter 7, Section 3 of the Freedom of the Press Act, is part of the principle of public access to official documents. It allows employees of a public authority to contact the media and provide information about conditions at the authority or workplace for publication purposes.

The Purpose Must Be Publication

Public authorities are prohibited from investigating who disclosed information under the freedom to communicate with the media and from imposing any form of reprisal. However, this freedom does not apply if you are speaking on behalf of the authority.

The freedom to communicate with the media sometimes allows you to disclose information that is otherwise confidential. However, this does not apply to all types of confidentiality. If you knowingly or unknowingly disclose information that is classified and exempt from the freedom to communicate with the media, you will not be protected by its provisions.

Important Points to Consider:

The freedom to communicate with the media does not allow you to release documents—it applies only to the disclosure of information.

At the end of each chapter of the Public Access to Information and Secrecy Act, you can find details about which confidentiality provisions prohibit disclosure despite the freedom to communicate with the media.

It is not the recipient of the information but the purpose of the disclosure that determines whether the freedom to communicate with the media applies.

Last updated: 2025-02-11

Source: Division for legal affairs