Acts on the Processing of Personal Data by the Police and Border Guard to be updated

Plans are in place to amend the Act on the Processing of Personal Data by the Police in order to bring it in line with the new EU data protection requirements. The Act also includes provisions on the processing of personal data by the Finnish Security Intelligence Service. Following the updates, the Act would be connected to the purposes of processing personal data rather than to specific registers or data management systems.

The operating environment of the police has changed, and in order to ensure that the police can carry out their duties, changes must also be made to data processing and the legislation that governs it. With this in mind, the Government submitted a proposal on the new Acts on the Processing of Personal Data by the Police and the Border Guard to Parliament on 22 November.

“The new Act will improve the possibilities of the police to use the personal data obtained through their duties in the prevention, detection and investigation of crimes. The amendments will not broaden the authority of the police to gather information,” says Minister of the Interior Kai Mykkänen. The Act would give the police the possibility to use the data obtained under their existing powers in a more versatile way in the prevention, detection and investigation of crimes. For example, the police would be able to assess the need for personal data for a maximum of six months.

The aim of the new Act on the Processing of Data by the Police is to ensure that the police process personal data in compliance with the requirements of the new data protection legislation at the national and EU levels. The Act on the Processing of Personal Data by the Police complements the general legislation on data protection.

Amendments would improve the ability of police to prevent crimes

Currently, the police process the data they require for crime prevention and detection using sources such as the Suspect Data System (Epri) and temporary crime analysis registers. Moving forward, all of these personal data would be processed in line with unified national-level procedures. This would facilitate data protection and the monitoring of data processing, which would, in turn, also improve the legal protection of data subjects.

The current Act on the Processing of Personal Data by the Police is based on criminal intelligence in situations where the police have a concrete suspicion of a crime concerning an individual person. The new Act would enable the police to process and combine personal data on individuals connected to criminal activities more clearly when preparing analyses related to organised crime or criminal groups and when dealing with broader series of events. Information on organised crime could also be used on a limited basis in assessments related to firearm permits, for example.

The police would be able to process the personal data of individuals other than those directly connected to a crime or criminal activity for crime prevention and detection purposes only when it is absolutely necessary. The new Act defines more clearly how the police can process personal data on witnesses, victims, injured parties and persons who have filed police reports in the prevention and detection of crimes. When dealing with the personal data of individuals other than those suspected of a crime, more stringent criteria would be applied to the processing of personal data to ensure adequate data protection and legal safety.

Use of personal data and data systems monitored regularly

The police are permitted to use only those personal data that are required for their work. Access rights to the police data systems are granted based on the tasks of individual police officers. Compliance with the law when processing personal data is part of the official duties of the police and other authorities.

The processing of personal data by the police is monitored by the Ombudsman for Data Protection. The use of data systems is also monitored regularly as part of the oversight of legality carried out by the National Police Board and within police units. The legal compliance of the activities of the police and the processing of personal data are also evaluated by the Parliamentary Ombudsman, the Office of the Chancellor of Justice and the Ministry of the Interior. The police force engages in cooperation with the data protection authorities and the authorities responsible for the oversight of legality in the development of data processing. The new general legislation on data protection contains further provisions on data security and the monitoring of the processing of personal data.

Amendments also planned for the Act on the Processing of Personal Data by the Border Guard

The planned amendments to the Act on the Processing of Personal Data by the Border Guard also aim to bring the processing of personal data by the Border Guard in line with the new EU data protection legislation. With the amendments, the structure of the Act would be streamlined and the provisions simplified.

The new Act would lay down provisions on the purposes of personal data processing by the Border Guard, rather than on individual registers and data systems. In line with the existing act, the purposes of processing personal data would be to carry out border control, maintain order and security at the border, investigate crimes within the Border Guard’s competence, maintain public order and security, prevent and detect crimes under the Border Guard’s jurisdiction, enforce justice under military law and carry out other statutory duties of the Border Guard, such as various monitoring duties.

The efficiency of personal data processing by the Border Guard for crime prevention purposes would be improved in the same ways as proposed for the Act on the Processing of Personal Data by the Police. The rights of the data subject and the monitoring of the processing of personal data would be subject to the same provisions as those in effect for the police. 

Inquiries:

Suvi Pato-Oja, Senior Specialist, tel. +358 295 488 379, [email protected] (Act on the Processing of Personal Data by the Police)
Risto Lammi, Director General, tel. +358 295 488 550, [email protected] (Act on the Processing of Personal Data by the Police)
Heli Heikkola, Ministerial Adviser, tel. +358 295 488 224, [email protected] (processing of personal data by the Finnish Security Intelligence Service)
Anne Ihanus, Senior Adviser for Legislative Affairs, tel. +358 295 421 608, [email protected] (Act on the Processing of Personal Data by the Border Guard)