Although the EC’s proposed new Data Protection Regulation is still under discussion, some national legislators are already passing laws intended to ensure better data protection for their citizens in the online world. This has been recently the case in Finland, where the new electronic communication code includes stricter rules on data privacy.
The Finnish code may require amendments later, but it is now setting a precedent
Finland’s new Information Society Code, approved in November 2014, shows that Finnish policymakers are willing to tighten the grip on data protection and privacy.
The code, which combines and updates all the legislation related to Internet and telecoms policy, draws on some of the proposals included in the EC’s upcoming Data Protection Regulation, which is still under discussion. Data protection rules will apply to all service and application providers that serve Finnish users, even when they are not based in Finland. In particular, messaging services will have to meet the same privacy standards as existing regulated services (i.e., telcos’ services).
It is understandable that policy-makers in individual countries would aim to improve data protection measures: changes brought about by technological evolution require a prompt update of the regulatory framework. However, there is a risk that the Finnish code will need further amendments, or a complete repeal, by the time the EC’s updated regulation is finally passed. Legislators are showing that they are not prepared to wait forever for an agreement to be reached between EU institutions and member states, and the precedents they are setting are likely to influence further amendments of the EC’s regulation before its final approval.
European institutions should aim to finalize the Data Protection Regulation as soon as possible, given that national legislators are likely to make their own decisions in the absence of a clear and compelling European framework. Further delays are also likely to hamper the impact of the regulation itself – new data-driven services are now emerging at a fast pace, which makes it even harder to keep legislation up to speed.
Current Status and Future Developments in Data Protection, TE0007-000812 (August 2014)
Luca Schiavoni, Analyst, Regulation