5.1. Legislation related to the utilisation of data
The utilisation of data by the City is subject to legislation related to the information management of public authorities, which defines how the data possessed by the City should be processed, published and utilised. This section describes key pieces of legislation related to the utilisation of data possessed by the City.
The Act on the Openness of Government Activities (621/1999) regulates the publicity and secrecy of official documents and other datasets as well as access to documents and the associated procedure. The Act also regulates the authorities’ duty to realise good practice on information management, which includes data security requirements.
In the EU, objectives related to access to public sector information are realised via the Directive on open data and the re-use of public sector information (EU 2019/1024, PSI Directive). The directive obliges EU member states to ensure that any data content that the directive applies to can be re-used for commercial or non-commercial purposes when access to public sector datasets is not restricted at national level.
The Act on the Provision of Digital Services (306/2019) obliges public authorities to offer customers the opportunity to access their services electronically using data-secure methods, to ensure that electronic services are also available outside of the opening hours of service points, and defines when services should require strong authentication.
The purpose of the Act on Information Management in Public Administration (906/2019) is to ensure harmonised and high-quality management and data secure processing of datasets of authorities to implement the principle of openness. The Act obliges the City to map its datasets and data flows and promote the interoperability of information systems, datasets and information resources not only within the organisation, but in relation to other public authorities as well. The key points of the Act are described in greater detail in Section 3.2.
The Act on Common Administrative E-Service Support Services (571/2016) improves the accessibility, quality, data security, interoperability and steering of public services and promotes the efficiency and productivity of public sector operations.
Most of the datasets in the City’s possession contain personal data in accordance with the EU’s General Data Protection Regulation and the Finnish Data Protection Act (1050/2018), which are subject to usage restrictions and conditions as defined in the regulation. It should be noted, in particular, that the City is a public authority, as a result of which the consent provided by individual data subjects is subject to special restrictions.
According to the Archives Act, public authorities must define the storage methods and times of documents accumulated as a result of their official duties and maintain a filing plan for them. For this purpose, the City has a common data management plan within its information management system. The included metadata also enable the permanent and long-term storing of datasets.
The use of health and social data is regulated by numerous laws that impose special conditions on data processing and restrict utilisation. In spring 2019, the Parliament of Finland approved the Act on the Secondary Use of Health and Social Data (552/2019). The Act enables the secondary use of data under certain conditions within the social and health services sector, but only in a limited capacity outside of it.
There is plenty of legislation that affects the processing of data in other sectors as well. The volume and diversity of legislation has for its part slowed down the utilisation of data and sharing between different service domains.