![[Sökformulär]](http://trip.abo.fi/icon/sok.gif){kind=icon}
![[Info om databasen]](http://trip.abo.fi/icon/info2.gif){kind=icon}
![[Söktips]](http://trip.abo.fi/icon/soktips.gif){kind=icon}
| [1 / 3] |
Date when decision was rendered: 7.6.2007 Judicial body: Kuopio Administrative Court = Kuopio förvaltningsdomstol = Kuopion hallinto-oikeus Reference: Report No. 00572/07/1204; 07/0220/3 Reference to source Electronic database for administrative court decisions within the FINLEX databank system, administered by the Finnish Ministry of Justice Databasen för beslut av förvaltningsdomstolar inom FINLEX-databassystemet, vilket administreras av justitieministeriet Oikeusministeriön ylläpitämän FINLEX-tietopankin hallinto-oikeuksien päätöksiä sisältävä tietokanta Date of publication: Subject
respect for private life,
data protection,
Relevant legal provisions Section 10-1 of the Constitution Act; sections 1, 2-1 and 29 of the Personal Data Act; sections 22-2 and 23 of the Trade Register Act = grundlagen 10 § 1 mom.; personuppgiftslag 1 §, 2 § 1 mom. och 29 §; handelsregisterlag 22 § 2 mom. och 23 § = perustuslaki 10 § 1 mom.; henkilötietolaki 1 §, 2 § 1 mom. ja 29 §; kaupparekisterilaki 22 § 2 mom. ja 23 §. general reference to the ECHR Abstract The case was concerning the question whether the National Board of Patents and Registration in Finland had a duty to erase from the trade register erroneus personal data at the request of the Data Protection Ombudsman, who, by an earlier decision, had ordered the National Board of Patents and Registration to do so on the basis of sections 29 and 40 of the Personal Data Act (523/1999).The National Board of Patents and Registration requested the administrative court to repeal the decision of the Data Protection Ombudsman on the grounds that the applicable law in this case was the Trade Register Act (129/1979) and its sections 22 and 23 which provide that erroneus data can be erased from the trade register on the basis of a court decision only.The National Board of Patents and Registration also claimed that the Trade Register Act was lex specialis as compared to the Personal Data Act.The administrative court rejected the appeal. In its decision, the administrative court noted that the Trade Register Act was enacted some 20 years before the Personal Data Act.Since that time the circumstances in which the provisions on the trade register are applied have changed.Because of fundamental rights protection, the Council of Europe conventions on human rights and data protection as well as Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, data protection has become an essential element in the processing of personal data.The administrative court held that, because the basis for the enactment of section 29 of the Personal Data Act is different from the circumstances prevailing during the time sections 22 and 23 of the Trade Register Act were drafted, the National Board of Patents and Registration, as a controller of the trade register, was under an obligation to erase the erroneus data from the register on the basis of section 29 of the Personal Data Act, in spite of the fact that the person to whom the personal data pertains could also have made use of the procedure under the Trade Register Act. The Supreme Administrative Court did not change the decision of the lower court (Report No. 2861 of 13 November 2008). 2.1.2009 / 10.10.2012 / RHANSKI
|
|
|
|
| [2 / 3] |
Date when decision was rendered: 15.8.2017 Judicial body: Supreme Administrative Court = Högsta förvaltningsdomstolen = Korkein hallinto-oikeus Reference: Report no. 3736/3/15; 3872 Reference to source Electronic database for the decisions of the Supreme Administrative Court within the FINLEX databank system, administered by the Finnish Ministry of Justice Databasen för Högsta förvaltningsdomstolens beslut inom FINLEX-databassystemet, vilket administreras av justitieministeriet Oikeusministeriön ylläpitämän FINLEX-tietopankin Korkeimman hallinto-oikeuden päätöksiä sisältävä tietokanta Date of publication: Subject
passport,
respect for private life,
data protection,
limitations of rights and freedoms,
Relevant legal provisions sections 5c(1), 6a and 29 of the Passport Act; sections 1(2) and 8(1) of the Personal Data Act; sections 3(3) and 16a of the Act on the Processing of Personal Data by the Police; section 10 of the Constitution Act = passlagen 5c § 1 mom., 6a § och 29 §; personuppgiftslag 1 § 2 mom och 8 § 1 mom.; lag om behandling av personuppgifter i polisens verksamhet 3 § 3 mom. och 16a §; grundlagen 10 § = passilaki 5c § 1 mom., 6a § ja 29 §; henkilötietolaki 1 §, 2 § 2 mom. ja 8 § 1 mom.; laki henkilötietojen käsittelystä poliisitoimessa 3 § 3 mom. ja 16a §; perustuslaki 10 §. ECHR-8; Articles 7, 8 and 52 of the Charter of Fundamental Rights of the European Union Abstract The Finnish Embassy in Switzerland had rejected a passport application because the applicant had not agreed to it that his fingerprints are stored not only in the passport's data chip but also in the passport register.The applicant claimed that storing the fingerprints in the passport register was an undue interference with the right to private life and the protection of personal data. The Passport Act provides for, e.g., the security features for passports and contains provisions on biometric data, including fingerprints, and the storing of fingerprints in the passport register.The Act on the Processing of Personal Data by the Police regulates the use of the data in the passport register.The Act provides, e.g., that the police is allowed to use the fingerprint data in the passport register for other purposes than collecting and recording that data only in cases where the police needs to identify a victim of a natural or other disaster or a victim of crime or when a victim cannot be identified by any other means.The fingerprint data extracted from the passport register must be erased as soon as the comparison of fingerprints has been completed. The Supreme Administrative Court noted that storing fingerprint data in a register, outside of the data chip integrated in the passport, constitutes processing of personal data, which is regulated in the Personal Data Act, as amended in order to incorporate the Data Protection Directive (1995/46/EC).Storage of fingerprint data in the passport register thus falls within the scope of EU law, and the Charter of Fundamental Rights of the EU is applicable.The court also took into account Article 8 of the ECHR.The court noted that the right to private life and the protection of personal data, as enshrined in the Charter and the ECHR, are not absolute rights and may be subject to limitations, when such limitations are provided for by law, respect the essence of the rights and are proportionate and necessary in a democratic society. The Supreme Administrative Court found that the storing of fingerprints in an external data system, which is not integrated in the passport, provides more extensive protection for privacy, because it not only protects the passport against fraudulent use but also protects the true identity and person of the passport holder.By comparing a passport applicant's fingerprints to the data in the passport register it is possible to prevent identity theft as well as situations where a person applies for multiple passports using different identities.Also, with the help of the data in the register, a person's identity can be verified in cases where the passport chip has been damaged or the person has lost his or her identity document.The regulations are both for the protection of the individual and public safety.The court also noted that the use of the fingerprint data in the passport register is restricted by law. The court concluded that the provisions in the Passport Act concerning storage of fingerprint data in the passport register and the limitations imposed on the right to private life and the protection of personal data are precise and defined in sufficient detail.They are compatible with the Charter of Fundamental Rights, the ECHR and the criteria that must be met in the restriction of constitutional rights, as defined in the Finnish constitutional rights system, particularly the requirements of acceptability and proportionality.The passport application could thus be rejected on grounds that it did not meet the requirements prescribed in the Passport Act. 16.1.2018 / 16.1.2018 / RHANSKI
|
|
|
|
| [3 / 3] |
Date when decision was rendered: 17.8.2018 Judicial body: Supreme Administrative Court = Högsta förvaltningsdomstolen = Korkein hallinto-oikeus Reference: Report no. 173/1/17; 3774 Reference to source KHO 2018:112. Electronic database for the decisions of the Supreme Administrative Court within the FINLEX databank system, administered by the Finnish Ministry of Justice Databasen för Högsta förvaltningsdomstolens beslut inom FINLEX-databassystemet, vilket administreras av justitieministeriet Oikeusministeriön ylläpitämän FINLEX-tietopankin Korkeimman hallinto-oikeuden päätöksiä sisältävä tietokanta Date of publication: Subject
data protection,
respect for private life,
freedom of expression,
Relevant legal provisions sections 1, 4, 5, 9-1, 11, 29-1 and 40-2 of the Personal Data Act; Articles 6-1-c and d and 7-1-f of European Parliament and Council Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and the free movement of such data; sections 10-1 amd 12-1 of the Constitution Act = personuppgiftslag 1 §, 4 §, 5 §, 9 § 1 mom., 11 §, 29 § 1 mom. och 40 § 2 mom.: Europaparlamentets och rådets direktiv 95/46/EG om skydd för enskilda personer med avseende på behandling av personuppgifter och om det fria flödet av sådana uppgifter artikel 6-1-c och d och 7-1-f; grundlagen 10 § 1 mom. och 12 § 1 mom. = henkilötietolaki 1 §, 4 §, 5 §, 9 § 1 mom., 11 §, 29 § 1 mom. ja 40 § 2 mom.; Euroopan parlamentin ja neuvoston direktiivi 95/46/EY yksilöiden suojelusta henkilötietojen käsittelyssä ja näiden tietojen vapaasta liikkuvuudesta (tietosuojadirektiivi) 6 artikla 1 kohta c ja d alakohta ja 7 artikla 1 kohta f alakohta. ECHR-8; ECHR-10; Articles 7, 8 and 11 of the Charter of Fundamental Rights of the European Union Abstract The applicant X had requested that Google Finland and Google Inc remove the links to two web addresses from the results obtained from a search made in Google Search on the basis of the applicant's name.The internet pages in question contained information relating to X's state of health and the fact that he had been submitted to a psychiatric assessment and had been sentenced to imprisonment for murder committed in a state of diminished responsibility, having been diagnosed with Asperger syndrome.Google Finland and Google Inc denied X's request.X brought the matter to the attention of the Data Protection Ombudsman, who ordered Google Finland and Google Inc to remove the two links.Google Finland and Google Inc refused to do so, with reference to freedom of expression and the interest of the public in having access to information and in discussing punishment and diminished responsibility in the case of serious violent offences. According to the Personal Data Act, the personal data processed mudt be necessary for the declared purpose of the processing and the controller of the data file has a duty to erase any unnecessary personal data.The key legal question before the Supreme Administrative Court was whether the two links in the name-based search results were necessary, within the meaning of the Personal Data Act, as regards the purpose of the processing of data by Google In c and whether the controller (Google Inc) could be ordered to remove the links from the search results.The Supreme Administrative Court referred to the judgment of the Court of Justice of the European Union in the case C-131/12 (Google Spain and Inc v Agencia Espanola de Proteccion de Datos (AEPD) and Mario Costeja Gonzalez) in which the CJEU held that the data subject's fundamental right to privacy and the protection of personal data override, as a general rule, the interest of the general public to have access to personal data through a name-based search.However, fair balance should be sought between these rights and interests.That balance may depend on the nature of the information in question and its sensitivity and on the interest of the public in having that information.The latter may vary, according to the role played by the data subject in public life. X had been sentenced to imprisonment of ten years and six months for murder committed in a state of diminished responsibility.Under the Personal Data Act, the processing of personal data is prohibited.Personal data related to the state of health of a person or to a criminal act, punishment or other criminal sanction is deemed to be sensitive.However, X had committed a serious homicide and could therefore be considered to play a role in public life, as far as determining the balance between fundamental rights and public interest is concerned.On the other hand, sensitive personal data related to a person's physicial or mental health is within the inner core of the right to respect for private life.Furthermore, the two web pages in question could be found and accessed through the search engine also without making a search based on X's name.In the opinion of the Supreme Administrative Court, removing the links to the two web addresses from the results obtained from a search made on the basis of X's name could not be considered to limit the possibilities of the public to participate in societal debate or exercise their freedom of speech.In the present case, the interest of the public to have access to sensitive data relating to X's state of health and mind did not override X's right to privacy and protection of personal data.The two links in the search results, which Google Inc had been requested to remove, were not necessary, within the meaning of the Personal Data Act, as regards the purpose of the processing of data by Google Inc.The Supreme Administrative Court concluded that, taking into account the relevant national provisions, Articles 7, 8 and 11 of the EU Charter of Fundamental Rights, Articles 8 and 10 of the ECHR, Article 7(f) of the Data Protection Directive, and the evidence presented before the court, Google Finland and Google Inc could be ordered to remove the two links from the search results. 27.8.2018 / 5.10.2018 / RHANSKI
|
|
|
|