blog

How the government's IT strategy should be strengthened through the Digitalisation Council

The Digitalisation Council’s mandate has been renewed through 2026. At the same time, Government Bill 2022/23:97 is pending a decision on exceptions to confidentiality rules when outsourcing IT operations.

Fredric Wallsten

Fredric Wallsten

CEO, Safespring

This text is automatically translated for your convenience. You can read the text in:

English Swedish (original) Give feedback
.

Discussions about the relationship between government IT systems and freedom-of-information and secrecy legislation have been running hot for over 60 years. The latest spin on the record, Government Bill 2022/23:97 on confidentiality exceptions when outsourcing IT operations, likely won’t be the final word either.

Our reading is that the basis for Government Bill 2022/23:97 is a reluctance among many Swedish agencies to limit the use of US cloud services. The EU’s data protection rules, and Sweden’s secrecy rules, require that personal data processed automatically in a computer system be protected against arbitrary access by a third country’s authorities, regardless of whether such access occurs through a legally defined process in that third country. A core view in Sweden and in the EU is that Swedish and European law governs Swedish and European authorities’ relationships with Swedish and European citizens. An increasingly evident conflict in recent years is that US legislation applicable to US companies does not satisfy this premise. There are few conclusions to draw other than that Swedish and European law require our administration to use services built and operated domestically.

So what’s the problem? In short: the bill instead proposes that you don’t have to draw such conclusions if it isn’t deemed “appropriate.”

Public procurement is a powerful tool at the disposal of states and agencies for shaping norms in the local market. The needs of the public sector steer development in everything from industrial kitchens and buildings to healthcare information systems and GSM networks. The prospects for local companies and service providers to grow are either helped or hindered.

In Sweden we have several commercial and private actors ready to provide the IT infrastructure the public sector needs to run modular, flexible, and open service systems. We can build everything from networks and data centers to file transfer services. We want to be part of the 50-year plan and believe we can shoulder the responsibility of providing an environment that is secure both technically and legally for agencies’ digitalization processes. But that requires a government that dares to draw the obvious conclusions: Swedish and European law must be followed, even by digitized agencies. And we are not afraid to invest in our industry.

The government justifies the wording by a desire to decentralize reasonableness assessments to each individual agency. But in doing so it also shifts responsibility for long-term, strategic decisions that affect everyone to a large number of bodies whose mission is neither to contemplate nor to take responsibility for such decisions. By not daring to show leadership, including over the longer horizon, the government risks forfeiting opportunities to defend Swedish industry at the European level, and European industry globally.

That is a challenge for the government’s Digitalization Council, which has just had its mandate extended. In its new composition the council lacks representatives from the agencies most affected by digitalization and procurement. But you don’t need to be directly affected to think strategically, long-term, and in the national interest. You just need to think beyond your own large company’s immediate export priorities and instead understand how the next major export industry will get room to grow. That is what we, and the government, need from the Digitalization Council through 2026.

It has now been so many years since the Court of Justice of the European Union annulled the European Commission’s Privacy Shield decision that it can hardly be considered an urgent matter anymore to amend Swedish legislation to permit data transfers to the United States despite EU law. Unfortunately, with this bill, the Riksdag will be forced to decide whether to put band-aids that are much too small on an already badly wounded and visionless public-sector IT operations strategy. Instead, the government and the Digitalization Council need to devote their valuable energy to assessing the larger strategic challenges for domestic industry, future skills supply, and Sweden’s place in Europe.

What is Government Bill 2022/23:97?

Government Bill 2022/23:97 proposes a new rule allowing agencies to share confidential information with an individual or another agency for technical processing or storage on behalf of the original agency.

However, data must not be shared if it is deemed inappropriate given the circumstances, and the bill also proposes a limitation of freedom of expression for those subject to confidentiality obligations when outsourcing the technical processing or storage of data.

These proposals aim to create better conditions for agencies to outsource or coordinate their IT operations and to strengthen the protection of information handed over to an individual when outsourcing IT operations.

Source: Government Offices of Sweden

<div class="pb-2"></div>

Safespring offers flexible and high-performance cloud infrastructure services.

Our Nordic solution provides you with the confidence that you can meet legal and regulatory requirements, such as GDPR, with ease.

Optimize your service with:

Watch demo

Let one of our Cloud Architects show you our platform.

Watch demo
×
Safespring Linkedin Safespring X Safespring GitHub Safespring YouTube Safespring Facebook

Choose language

English flag Svenska flag Norsk (Bokmål) flag Dansk flag

© Safespring AB (559075-0245) 2017-2026