Comparison of personal data protection regimes of Finland and the United States

Adequate level of data protection and Safe Harbor

The right to privacy is fundamental right, and it is protected in Finland by Section 10 of Chap-ter II, Basic Rights and Liberties of the Constitution of Finland (731/1999). According to Section 10, “Everyone's private life, honour and the sanctity of the home are guaranteed. More detailed provisions on the protection of personal data are laid down by an Act.” The detailed provisions on protection of privacy are provided in the Personal Data Act (523/1999) implementing the European Commission’s Directive on Data Protection, Act on Openness of Government Activities, Act on the Protection of Privacy in Electronic Communications (516/2004) and Act on the Protection of Privacy in Working Life (759/2004). There are essential differences between the approaches to data protection between Finland and the United States. Unlike the US regime, the Finnish data protection regime is heavily regulated. Due to the inadequate level of data protection provided in the United States, Euro-pean Commission’s Directive on Data Protection, also implemented by Finland, prohibits transfer of personal data to the United States, because it does not meet the European “ade-quacy standard” for privacy protection. The cap between the US and European privacy pro-tection models has been solved by so called “Safe Harbor” regime developed by European Union and the US Department of Commerce, which provides possibility for US companies and other organizations to comply with the Directive.

Proposed changes for privacy in electronic communications

Currently the second subsection included in Section 10 of the Constitution is hot topic in Finland. The sentence provides that “The secrecy of correspondence, telephony and other confidential communications is inviolable.” However, the third subsection provides that “Measures encroaching on the sanctity of the home, and which are necessary for the pur-pose of guaranteeing basic rights and liberties or for the investigation of crime, may be laid down by an Act. In addition, provisions concerning limitations of the secrecy of communi-cations which are necessary in the investigation of crimes that jeopardise the security of the individual or society or the sanctity of the home, at trials and security checks, as well as during the deprivation of liberty may be laid down by an Act.” Government has given its bill 48/2008 regarding amendment of the Act on the Protection of Privacy in Electronic Communications and related acts. The major change proposed by the government is that companies would be given the right to survey their employees’ identification data in order to prevent leakage of confidential information. However, the application sphere of the act would also reach any community subscribers, i.e. for example universities, libraries, government offices and even housing companies allowing them to follow the staff’s or residents e-mails, chat messages, internet browsing and calls – “only” the identification data, of course.