Visit fondia.com
The content concerns Finnish legislation.
 

Processing of Messages and Identification Data

The communication service user’s right to privacy and confidential communication means that no one is allowed to process the user’s messages or identification data pertaining to the user’s communication without the user’s consent or legal grounds. Thus, the main rule is that other than those who are parties to a specific communication do not have the right to process the messages or identification data in question without consent or legal grounds. The same rule applies to location data that can be linked to a subscriber or user, respectively.

The Act on Electronic Communication Services (Chapter 17) contains an exhaustive list of the grounds based on which a corporate subscriber may process identification data generated from communication between users within a communications network. The regulation does not however allow the processing of the contents of messages. Information may be processed for the following purposes:

  • Identification data may be processed to the extent necessary for the provision and use of network services, communications services or value-added services and for the purposes of ensuring data security.

  • A corporate subscriber may process identification data that is necessary for internal billing.

  • A telecommunications operator may, in order to market its communications services, process identification data to the extent and for the time necessary for such marketing, provided that the subscriber or user of such a service has consented to such marketing. The subscribers or users must be informed about what identification data is to be processed and how long the processing would last. Furthermore, such consent is always subject to withdrawal at a later stage, if the user or subscriber wishes to do so.

  • A corporate subscriber may, under certain preconditions, process identification data for the purposes of technical development of its own communications network and own services connected to it. Before the processing can begin, the user must be informed about what identification data is to be processed and how long the processing would last. The notification may be non-recurring.

  • A corporate subscriber may process identification data of its communications network or a connected service for statistical analysis, under certain preconditions. The first prerequisite is that such analysis cannot be made by any other means without undue difficulty. Secondly, it is required that an individual natural person cannot be identified in the analysis.

  • A telecommunications operator and a value-added service provider may process identification data for the detecting, preventing and investigating events of misuse.

  • The transmitter of communications can only process traffic data if it is necessary for the detecting, preventing and investigating of a technical disruption or problem.

A corporate subscriber may process identification data to prevent or reveal unauthorized use of a paid information society service, communication network or communication service, or to prevent and investigate disclosures of trade secrets. More detailed information on the topic can be found in section A corporate subscriber may process identification data to prevent or reveal unauthorized use of a paid information society service, communication network or communication service, or to prevent and investigate disclosures of trade secrets. More detailed information on the topic can be found in section [Processing of Identification Data in Events of Misuse].