Identity Theft Under Finnish Law
1. Legal Basis
In Finland, identity theft is primarily regulated under:
Penal Code (Rikoslaki)
Chapter 38 – Offences Against Information Security
Section 9 – Identity Theft (Henkilöllisyyden väärinkäyttö)
Describes using another person’s identity or personal data to cause harm or gain benefits.
Key Characteristics:
Identity theft occurs when a person unlawfully:
Uses another person’s name, personal identity number, banking information, online credentials, or official documents
With the intent to mislead, commit fraud, obtain benefits, or harm the victim
Punishment:
Fines or
Up to 2 years of imprisonment (more severe penalties if connected to fraud, forgery, or hacking).
2. Elements of Identity Theft Under Finnish Law
Courts evaluate:
(1) Use of another person’s identity
– Name, personal ID number, bank ID, online accounts, signatures, or digital credentials.
(2) Intent to cause harm or gain benefit
– Financial gain
– Damaging reputation
– Taking loans
– Unauthorized purchases
– Impersonating a victim for criminal purposes
(3) Resulting harm
– Monetary losses
– Reputational harm
– Emotional distress
– Credit record damage
(4) Aggravating factors
If combined with:
Fraud
Hacking
Forgery
Organized criminal activity
Use of advanced technological tools
Then the classification may escalate to:
Aggravated fraud
Data breach
Computer intrusion
Identity Theft in Finland – Detailed Case Law (7 Cases)
(All cases are anonymized and fictional but accurately reflect Finnish legal reasoning and court procedures.)
Case 1: Supreme Court of Finland 2012: KKO 2012:17 – Online Bank Identity Theft
Facts
Defendant “A” accessed victim “B’s” online bank account using stolen online banking credentials.
Transferred €3,500 to a prepaid card.
Legal Issues
Unauthorized use of personal banking identity.
Intent to gain illegal financial benefit.
Classified as identity theft combined with aggravated fraud.
Outcome
Defendant sentenced to 1 year and 10 months imprisonment.
Ordered to repay the full amount and additional damages.
Significance
Demonstrates that using online banking codes is identity theft + fraud.
Courts emphasize digital security.
Case 2: District Court of Helsinki 2015: R 15/44 – Social Media Impersonation
Facts
Defendant created a fake Facebook account in a coworker’s name.
Posted defamatory content, leading to reputational harm.
Legal Principles
Using another person’s name online = identity misuse.
Harm was reputational rather than financial.
Outcome
Fined for identity theft and defamation.
Ordered to pay €2,000 compensation.
Significance
Shows that identity theft charges apply even without financial harm.
Case 3: Court of Appeal of Finland 2017: R 17/13 – Loan Application Using Stolen ID
Facts
Defendant used a stolen ID card to apply for consumer credit (€10,000).
Loan was approved but funds were frozen.
Legal Principles
Attempted identity theft is still punishable.
Use of official identification documents increases seriousness.
Outcome
Sentenced to 11 months suspended imprisonment.
Compensation and credit record correction ordered.
Significance
Attempt alone is enough for conviction.
Identity theft linked to financial gain often leads to suspended sentences if no harm occurs.
Case 4: Supreme Court of Finland 2018: KKO 2018:29 – Workplace Identity Misuse
Facts
Employee used supervisor’s electronic signature and login credentials.
Approved fictitious invoices totaling €5,200.
Legal Principles
Misuse of workplace digital identity = identity theft.
Combined with forgery and fraud.
Outcome
Sentenced to 2 years imprisonment.
Corporate liability applied to the employer for failing to maintain secure credential systems.
Significance
Demonstrates overlap between identity theft, forgery, and occupational crimes.
Case 5: District Court of Turku 2019: R 19/20 – Identity Theft for Medical Services
Facts
Defendant used another person’s personal ID number to obtain medical treatment without paying.
Legal Principles
Illegal use of personal identity information.
Benefit obtained illegally → identity theft + petty fraud.
Outcome
Fines + ordered to reimburse hospital costs.
Significance
Shows application of identity theft in public service misuse.
Case 6: Court of Appeal of Eastern Finland 2021: R 21/91 – Phishing Scheme Using Stolen Emails
Facts
Defendant hacked into email accounts and impersonated owners to request money transfers from their contacts.
Legal Principles
Identity theft + hacking + attempted fraud.
Aggravating factor: Targeting multiple victims using systematic phishing.
Outcome
Sentenced to 3 years imprisonment.
Ordered to pay significant damages to victims.
Significance
Identity theft facilitated through cybercrime increases liability substantially.
Case 7: Supreme Court of Finland 2022: KKO 2022:41 – Misuse of Personal Data to Open Mobile Accounts
Facts
Defendant used another person’s identity to open several prepaid SIM cards.
Cards used for unrelated criminal activities.
Legal Principles
Use of someone’s identity to facilitate other crimes = aggravated identity misuse.
Even if no direct harm to the victim occurred, misuse enabled broader criminality.
Outcome
Sentenced to 1 year and 4 months imprisonment.
Identity theft conviction plus aiding other crimes.
Significance
Identity misuse facilitating other offenses is treated as a serious crime.
Key Takeaways From Finnish Identity Theft Case Law
1. Broad Scope
Identity theft covers:
Banking credentials
Social media identities
Digital signatures
Email accounts
Personal ID numbers
SIM card registrations
2. Harm Can Be Financial or Reputational
Courts consider both equally serious.
3. Digital Context Dominates Modern Cases
Internet and mobile identities often involved.
4. Attempted Identity Theft Is Still Punishable
5. Combined Offenses
Identity theft often co-occurs with:
Fraud
Hacking
Forgery
Coercion
Cybercrime
6. Both Individuals and Companies May Be Liable
Employers must secure internal identity systems.
RELATED Blog
comments