The Finnish law regulating data protection in working life remains in conflict with the GDPR

D&I Alert

The Finnish Act on the Protection of Privacy in Working Life will not be amended during the current electoral term. The government proposal on amending the Section 4 of the Act has not progressed since May 2022 and will lapse, as the electoral term’s last parliamentary session has now ended.

In 2020, the Ministry of Economic Affairs and Employment of Finland launched a project to clarify the Finnish regulation concerning the collection of employees’ personal data. The purpose of the project was to amend the legislation in terms of the consent requirement so that employers could also collect, without employees’ consent, personal data during an employment relationship for the general purpose of fulfilling their rights or obligations provided in the law or when the law separately provides for the processing of personal data. This would have clarified the relationship between the Act on the Protection of Privacy in Working Life and the General Data Protection Regulation (“GDPR”).

The government proposal1 on amending the Section 4 of the Act on the Protection of Privacy in Working Life was submitted to the Parliament in March 2022. The proposal has been under consideration of the Employment and Equality Committee, but the handling of the matter has not progressed since May 2022 and the committee report has not been completed.

Legislative proposals that have not been approved by the end of the electoral term will lapse. It is up to the new government to decide whether it will submit a similar proposal to the Parliament. It should be noted that the new government is not tied to the contents of the lapsed proposal, and eventual regulatory drafting would be conducted anew on the ministry level. Therefore, no changes to the Act on the Protection of Privacy in Working Life can be expected in the near future.

1Government proposal 35/2022. (Available in Finnish and Swedish)

Read also

The law regulating data protection in working life is broken – and only a temporary fix is under way

More by the same author

D&I’s Innovation Powerhouse

2023 has kicked off with a bang! Our Innovation Powerhouse has been busier than ever working with cases and clients that (dare we say without sounding clichĂ©?) inspire us every single day. Let’s take a look at what we have been up to and what we believe makes us the go-to partner for demanding clients working with innovations.

Old and New Elements of Cybersecurity

The current cybersecurity landscape has forced us to learn how to cope with surrounding cyber threats. By assisting our clients and international law firms in large and complex data breach incidents, we have learned the pain points and relieving factors in the data breaches of today. Based on our experience of the busiest ever data breach year of 2022, we predict that the increase of risks and malicious cyber attacks will just continue. Our team has compiled our key takeaways into five categories of the old and new elements of cybersecurity.

Welcoming the new year – and a new mechanism for EU-U.S. data transfers?

In October 2022, President Joe Biden’s administration published an executive order regarding a new EU-U.S. Data Privacy Framework, i.e. the replacement of the so-called Privacy Shield mechanism previously allowing transfers of personal data from the EU to the U.S. The executive order immediately sparked the European Commission’s process to assess the new U.S. regime and prepare a respective adequacy decision, which would bring considerable certainty and clarity to trans-Atlantic data flows. In essence, it was a beacon of hope for European organisations having struggled with U.S. data transfers, for example in connection with various established cloud services, ever since the prior Privacy Shield mechanism was invalidated by the Schrems II judgement in July 2020.

Latest insights

Let’s Sit Down on the Same Side of the Table!

Article / 30 Mar 2023
Reading time 2 minutes

How to be Strategic About Hybrid Working

Article / 30 Mar 2023
Reading time 2 minutes