Datasuveränitet

The hidden monitoring in the driver's seat

Β· Håkan Lundmark Β· 12 min read
The hidden monitoring in the driver's seat
The Hidden Surveillance in the Driver's Seat – Navichain
Current review Β· May 2026

Labor Law & Data Sovereignty

For union representatives and safety representatives

The hidden
surveillance
in the driver's seat

Thousands of Swedish drivers are currently operating vehicles where their exact movement patterns, breaks, and working hours can be secretly collected by a foreign intelligence service. No one has asked them. No one has told them. It's time for the union to look at the haulage companies' IT architecture.

Union Review Readers: Union representatives Β· Safety representatives Β· HR managers 8 min read

Imagine that you, as a safety representative, found out that a foreign intelligence agency had access to every second of driving data about your colleagues – their routes, break times, driving speeds, and exact position around the clock. You would demand answers. You would call for an MBL meeting. You would act immediately. Now is the time – because that scenario is not hypothetical. It is the reality for thousands of Swedish transport workers today.

Every modern transport management system – a TMS – is a machine for personal data. GPS positions are logged second by second, driving times are registered meticulously, performance is measured, and behavior patterns are mapped. It is necessary technology and is neither good nor bad in itself. But the question that neither union representatives nor employers have asked is: where does all this data go?

Legal Background Β· FISA Section 702

If a haulage company uses a TMS operated on a US cloud platform – such as Amazon Web Services or Microsoft Azure – all data is subject to US legislation. This applies regardless of whether the server physically happens to be in Sweden, Frankfurt, or Dublin.

Through FISA Section 702, US authorities such as the NSA and FBI have the right to secretly monitor the digital footprints of foreign citizens. No Swedish laws, no EU court decisions, and no contractual clause change that fact.

The legal trap that no one talked about

Swedish data protection is strong on paper. GDPR, MBL, collective agreements, and the Data Inspectorate's rules together create a safety net that employers are obliged to respect. But that safety net has a hole that is exactly the right size for a transatlantic data cable.

A US court – a so-called FISA court – can issue a secret decision that forces a US cloud company to hand over data about its customers. The company is not allowed to tell about it. The customer knows nothing. The employee knows nothing. And the decision applies to data about foreign citizens – that is, exactly you, your colleagues, and the drivers you represent.

A driver who works for a haulage company in Halmstad, Sundsvall, or LuleΓ₯ should not have to accept that his or her daily movements are part of a global surveillance machinery – without being asked.
Navichain Analysis Β· May 2026

Palantir case: Not theory – reality

That this is not an abstract risk was confirmed in a brutal way in May 2026. Internal documents revealed that Palantir Technologies – one of the world's leading companies for intelligence software, with deep ties to the NSA and CIA – had been given virtually unlimited access to sensitive personal data for over 50 million British citizens in the national healthcare system NHS.

Confirmed incident Β· May 2026

Palantir and NHS: 50 million patients' data

Internal documents showed that Palantir's staff were given unlimited access to sensitive information about more than 50 million British patients – data originally collected by a national health system under the assumption that it remained British. The case illustrates a pattern: when data is stored with US companies and processed by US subcontractors, national protection ceases to apply in practice, regardless of what the contracts say.

Transport data is not patient data – but the principle is identical. The drivers' GPS history is as sensitive as any other behavioral profile. It reveals where a person lives, which terminals they visit, when they take breaks, and how their workweek looks. In intelligence contexts, it is gold.

What the violations mean in practice

Actor What happens Consequence
US cloud company Receives secret FISA order for data disclosure Cannot inform the haulage company or the drivers
NSA / FBI Analyzes drivers' movement patterns and behavior Occurs without legal review in Sweden
Haulage company Has formal personal data responsibility according to GDPR Has in practice lost control over data
Safety representative Lacks information about where data is stored and who can access it Cannot fulfill their duty to protect the employees

The consequences do not only affect integrity. An employer who – regardless of whether he or she knew about it – has handed over control of their employees' personal data to a foreign authority has violated GDPR Art. 5 on the integrity principle and Art. 44–46 on third-country transfers. It is a sanctionable offense. And the safety representative who did not know about the IT architecture cannot have ensured that the risk was considered in the systematic work environment work, in violation of AFS 2001:1.

β—†

The solution does not require paper and pen

No serious union representative demands that haulage companies stop using modern technology. TMS is necessary, GPS data is necessary, and digital fleet management is necessary. The question is not if – but where.

The answer is spelled total European data sovereignty. And in Sweden, it already exists.

01
Swedish company

Navichain is a Swedish company without US ownership interests, without US subcontractors, and without transatlantic legal ties.

02
Swedish servers

All data is operated exclusively on servers in Sweden, under the Swedish flag and Swedish jurisdiction. FISA Section 702 does not reach here.

03
GDPR without exceptions

No unknown third-party transfers, no hidden data processors. The haulage company retains actual – not just formal – control over the drivers' information.

04
Union security

With Navichain, the safety representative can with a clear conscience certify that the employees' personal data is handled in accordance with MBL and systematic work environment work.

Switching TMS platform is not a technical decision. It is a labor law and ethical decision. A decision about what kind of workplace you want – and what trust you want to build with the people who actually drive your trucks.

Navichain Β· Transport Management System

Switch to a TMS that
respects your drivers

Navichain is built in Sweden, for Swedish haulage companies. Free trial period, easy onboarding, and a team that understands what data sovereignty actually means – not just on paper.

Try Navichain for free Book a demo
N
Navichain AB Β· Operated in Sweden
100 % outside US CLOUD Act jurisdiction

References and further reading

Read more on Navichain

Read more on Navichain