Privacy Law at Finland
Finland's data protection framework aligns closely with the European Union's General Data Protection Regulation (GDPR), supplemented by the national Data Protection Act (1050/2018). This dual-structure approach ensures comprehensive protection of personal data while accommodating specific national considerations.
Key Aspects of Finland's Data Protection Laws
1. National Legislation Supplementing the GDPR
The Data Protection Act (1050/2018) supplements the GDPR b:
Defining the supervisory authority The Office of the Data Protection oversees compliance with data protection law.
Specifying lawful bases for processing Including processing for public interest tasks, scientific research, and archiving purpose.
Establishing age of consent Setting the age at 13 for offering information society services to children, lower than the GDPR's default of 1.
Outlining employee data processing Imposing strict limitations on processing employee data, even with consent, to protect privac.
Introducing criminal liability Amending the Criminal Code to include data protection offense.
2. Role of the Data Protection Ombudsman
The Office of the Data Protection Ombudsman, led by Anu Talus, is Finland's independent authority responsible fo:
Monitoring compliance with data protection law.
Issuing orders concerning data subject rights and data prossing issue.
Imposing administrative fines for serious violations, up to €20 million or 4% of global turnove.
Providing guidance and promoting awareness of data protection rights and obligation.
3. Sector-Specific Regulations
Finland has enacted specific laws to address data protection in particular sector:
Healthcare Regulations tailored to the processing of sensitive health dat.
Law Enforcement The Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining National Security governs data processing by police and other authorities in criminal matter.
⚖️ Enforcement and Penalties
Violations of data protection laws can result i:
Administrative fines Imposed by the Data Protection Ombudsman for serious offense.
Criminal sanctions For offenses related to data protection, as defined in the Criminal Code.
Civil remedies Individuals may seek compensation for damages resulting from unlawful data processin.
🛡️ Notable Case: Vastaamo Data Breac
In 2020, Finnish psychotherapy service provider Vastaamo experienced a significant data breach, exposing sensitive information of approximately 40,000 patiensThe breach led to legal actions against the company and its employees, highlighting the importance of robust data protection measures and timely breach notificatios.
RELATED Blog
0 comments