Pay attention to laws and provisions

Please note that your organisation must be familiar with the special legislation of its own sector and the marginal conditions set by it for data sharing.

Key national laws and regulations:

• The Constitution of Finland, section 12 (Finlex)Opens in a new window.
• Act on Information Management in Public Administration (Finlex)Opens in a new window.
• Act on the Openness of Government Activities (Finlex)Opens in a new window.
• Archives Act (Finlex, in Finnish)Opens in a new window.
• Data Protection Act (Finlex)Opens in a new window.
• Act on Electronic Communications Services (Finlex)Opens in a new window.
• Government Decree on Security Classification of Documents in Central Government (Finlex)Opens in a new window.

Key EU legislation:

• General Data Protection Regulation (EUR-Lex)Opens in a new window.
• Regulation on European data governance (EUR-Lex)Opens in a new window.
• EU Open Data Directive (EUR-Lex)Opens in a new window.
• Regulation on harmonised rules on fair access to and use of data a (EUR-Lex)Opens in a new window.

See also:

• Assessment memorandum on the current state and development needs of information system regulation in public administration (Government of Finland)Opens in a new window.

The definition of legal interoperability in the European Interoperability Framework (Eur-Lex)Opens in a new window. is realised when the legal framework does not prevent the sharing of data between organisations.

If your organisations feel that current legislation unnecessarily prevents data sharing, it is worth remembering that legislation is constantly evolving and that it can be amended.

Amendments to legislation may be promoted together with other actors in the sector, for example through interest groups.

Please note that even opening access to high-value datasets involves exceptions and risks that the organisation must to identify.

• The EU Regulation mentions sensitive data, related to such things as national security, statistical confidentiality and commercial confidentiality, as an exception.

Read more about risk management related to data sharing in the section Assess and manage risks.

Spatial data in the possession of an authority are classified as high-value datasets with specific potential for socio-economic benefits. For this reason, they should be shared as open data.

Read more about high-value datasets and legislation on spatial data sharing:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.
• INSPIRE Directive (2007/2/EC)Opens in a new window.
• Spatial Data Infrastructure Act 421/2009, in FinnishOpens in a new window.
• Government Decree on Spatial Data Infrastructure 725/2009, in FinnishOpens in a new window.

Land observation and environment data in the possession of the authority are classified as high-value datasets with special opportunities to produce socio-economic benefits. For this reason, they should be shared as open data.
Read more about high-value datasets and legislation on land observation and environment data sharing:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.
• INSPIRE Directive (2007/2/EC)Opens in a new window.

Weather data in the possession of the authority are classified as high-value datasets with special opportunities to produce socio-economic benefits. For this reason, they should be shared as open data.

Read more about high-value datasets and legislation on weather data sharing:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.
• INSPIRE Directive (2007/2/EC)Opens in a new window.

Statistics in the possession of the authority are classified as high-value datasets with special opportunities to produce socio-economic benefits. For this reason, they should be shared as open data.

Read more about high-value data:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.

Data on companies and company ownership in the possession of the authority are classified as high-value datasets with special opportunities to produce socio-economic benefits. For this reason, they should be shared as open data.

Read more about high-value data:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.

Mobility data in the possession of the authority are classified as high-value datasets with special opportunities to produce socio-economic benefits. For this reason, they should be shared as open data.

Read more about high-value datasets and legislation on mobility data sharing:

• Implementing Regulation on specific high-value datasets (EU) 2023/138Opens in a new window.
• INSPIRE Directive (2007/2/EC)Opens in a new window.

The anonymisation of data is a process in which the personal data contained in a dataset are completely and permanently changed.

It is no longer possible to identify a person from an anonymised dataset, even by combining several pieces of data.

After anonymisation, personal data are no longer personal data and, for example, the EU General Data Protection Regulation (GDPR) does not apply to anonymised data.

Read more about the anonymisation of personal data on the Data Protection Ombudsman's website (tietosuoja.fi)Opens in a new window..

In addition to anonymisation, we sometimes talk about pseudonymisation of personal data. Data pseudonymisation is a process in which the personal data contained in the dataset is changed or coded so that it cannot be used to identify individuals without additional information.

As it is possible to identify a person from a dataset, although only by means of additional information or a code key, pseudonymised data are still personal data. In other words, these must continue to be processed in the manner required by the EU General Data Protection Regulation.

Read more about pseudonymisation of personal data on the Data Protection Ombudsman's website (tietosuoja.fi)Opens in a new window..

The purpose of the Data Governance Act is to increase the availability of data and to harmonise its sharing within the EU.

Describing public datasets to national central data points facilitates the findability and usability of data, benefiting the circular data economy across the EU.

The Act applies to public sector actors:

• state authorities
• regional or local authorities
• bodies governed by public law
• associations formed by one or more such authorities or bodies governed by public law.

The Act does not apply to public undertakings.

The Act applies to data types protected on the following grounds:

• commercial confidentiality, including business, professional and company secrets
• statistical confidentiality
• the protection of intellectual property rights of third parties
• the protection of personal data, insofar as such data fall outside the scope of Directive (EU) 2019/1024.

The following data types are not covered in the Act:

• Data held by public undertakings.
• Data held by public service broadcasters and their subsidiaries, and by other bodies or their subsidiaries for the fulfilment of a public service broadcasting remit
• Data held by cultural establishments and educational establishments
• Data held by public sector bodies which are protected for reasons of public security, defence or national security.
• Data that the public sector body in question is not mandated to make available as part of its public remit.