Sweden’s employment agency has been tracking the online locations of thousands of citizens claiming unemployment benefits in an effort to crack down on welfare fraud.
According to Swedish unemployment legislation, people who receive unemployment support must live in Sweden and actively seek work from within the country.
They are also required to report their holidays, during which they are not eligible for unemployment benefits. Travelling abroad for job-seeking purposes needs a special permit in advance.
Recipients typically use the agency’s online portal to confirm they are applying for jobs and communicate with government advisers who support their job search.
But Sweden’s Public Employment Service (Arbetsförmedlingen) has been tracking citizens online to detect if they are actually in the country. It is checking their Internet Protocol (IP) addresses, which are unique strings of numbers that are assigned to every device and can be used to identify its physical location.
Swedish residents who are found to be abroad without permission risk losing their benefits or being asked to pay back the money, which can be a maximum of nearly €2,500 per month before taxes.
The employment service’s decision to monitor IP addresses was made public in June, and around 4,000 people have already been flagged for logging in with a foreign IP address, according to the Swedish newspaper Dagens Nyheter.
“It is a way to counteract the risk of incorrect payments,” Andreas Malmgren, operations controller at the Public Employment Service, told the newspaper.
“We are talking about people who are abroad even though they should be in Sweden and looking for work or participating in labour market policy programmes,” Malmgren added.
Starting this autumn, the agency will begin contacting the 4,000 people, giving them a chance to explain their absences before it withdraws benefits or takes other action.
“The consequence may be that they are not deemed to meet the right to compensation,” Malmgren said.
Dutch backlash
The Swedish approach comes after controversy in the Netherlands, where the state benefits agency (the Employee Insurance Agency, or UWV) was forced to scrap a similar system last year after government lawyers warned it breached privacy laws.
Under the European Union’s data privacy rules, IP addresses are classified as personal data. They are also not conclusive proof of a person’s location, as tools like virtual private networks (VPNs) can mask or change an IP address.
In 2023, Dutch broadcaster NOS and Nieuwsuur reported that UWV collected IP addresses, planted hidden cookies, and used algorithms to flag unemployment benefits recipients who were suspected of being abroad.
The system led to 3,600 investigations and benefits being adjusted in 460 cases, though the Dutch agency said no one lost payments solely due to the algorithm.
At the time, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) called the method “worrying” and called for an investigation.
“People must be able to trust that their privacy is in safe hands, especially with large organisations that implement government policy and on which many people depend,” the authority told local media.
The Dutch tracking programme ran for nine months before eventually being shut down after a government review concluded that it lacked a legal basis. The UWV later apologised, saying it “regrets not having acted with sufficient care,” in a statement.
No similar concerns have been raised in Sweden. On its website, the Swedish Public Employment Service says that personal data, including IP addresses, are processed legally “in order to fulfil our mission to provide jobs but also to comply with our role as an authority and employer”.