The Finnish law regulating data protection in working life remains in conflict with the GDPR

D&I Alert

The Finnish Act on the Protection of Privacy in Working Life will not be amended during the current electoral term. The government proposal on amending the Section 4 of the Act has not progressed since May 2022 and will lapse, as the electoral term’s last parliamentary session has now ended.

In 2020, the Ministry of Economic Affairs and Employment of Finland launched a project to clarify the Finnish regulation concerning the collection of employees’ personal data. The purpose of the project was to amend the legislation in terms of the consent requirement so that employers could also collect, without employees’ consent, personal data during an employment relationship for the general purpose of fulfilling their rights or obligations provided in the law or when the law separately provides for the processing of personal data. This would have clarified the relationship between the Act on the Protection of Privacy in Working Life and the General Data Protection Regulation (“GDPR”).

The government proposal1 on amending the Section 4 of the Act on the Protection of Privacy in Working Life was submitted to the Parliament in March 2022. The proposal has been under consideration of the Employment and Equality Committee, but the handling of the matter has not progressed since May 2022 and the committee report has not been completed.

Legislative proposals that have not been approved by the end of the electoral term will lapse. It is up to the new government to decide whether it will submit a similar proposal to the Parliament. It should be noted that the new government is not tied to the contents of the lapsed proposal, and eventual regulatory drafting would be conducted anew on the ministry level. Therefore, no changes to the Act on the Protection of Privacy in Working Life can be expected in the near future.

1Government proposal 35/2022. (Available in Finnish and Swedish)

Read also

The law regulating data protection in working life is broken – and only a temporary fix is under way

More by the same author

First-ever Supreme Administrative Court rulings on GDPR fines – both for and against

The Supreme Administrative Court of Finland has issued its first decisions regarding administrative fines under the General Data Protection Regulation (the “GDPR”). Incidentally, the decisions concerned the first administrative fines imposed by the Finnish Data Protection Ombudsman back in 2020. The court’s essential arguments, as summarised below, may provide useful insights into how the appellate courts will interpret GDPR requirements and, especially, what aspects are key when challenging GDPR fines in the future.

The Finnish National Cyber Security Centre clarifies website cookie practices

Earlier in June, the National Cyber Security Centre of the Finnish Transport and Communications Agency, which supervises the use of cookies in Finland, issued a detailed decision regarding website cookie practices. In its decision, the National Cyber Security Centre assessed the necessity of cookies, the structure of a cookie banner, the standards for the consent mechanism as well as the nature of legitimate interest in connection with cookies. We have compiled the main points of the decision into this D&I Alert.

Life Sciences Regulation in Finland: Overview

A Q&A guide to life sciences regulation in Finland. This Q&A provides a high-level overview of key practical issues, including life sciences clinical trials, manufacturing, marketing, abridged procedure, pharmacovigilance, data privacy, packaging and labelling, biological medicines, medical devices, health care IT, combination products, borderlines, and natural health products. Read the Finland chapter we contributed: Life

Latest insights

Finnish Supreme Administrative Court Tightens Permitting Requirements for Wind Projects

Alert / 26 Sep 2023
Reading time 2 minutes

First-ever Supreme Administrative Court rulings on GDPR fines – both for and against

Alert / 14 Sep 2023
Reading time 2 minutes