Deputy Data Protection Ombudsman Jari Råman: Issues related to internal security in focus

Deputy Data Protection Ombudsman Jari Råman

I started out in the new position of a Deputy Data Protection Ombudsman in May 2019, with issues related to the processing of personal data by the competent authorities in accordance with the Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining National Security as my area of responsibility. In addition to the Finnish Defence Forces and the police, which are the government controllers with the largest number of personnel, this area of responsibility of internal security also includes the Finnish Customs, the Finnish Border Guard, rescue services, activities of the Emergency Response Centres, immigration administration as well as courts of law, the National Prosecution Authority as well as the Criminal Sanctions Agency. I arrived right in the middle of a change that was in progress both outside and inside the Office.

The Act on the Processing of Personal Data in Criminal Matters and in Connection with Maintaining National Security entered into force at the start of 2019. It regulates the processing of personal data by internal security authorities as a general law. Some of the reforms of the authorities’ branch-specific laws as well as the Act on the Use of Airline Passenger Name Record Data in the Prevention of Terrorist Offences and Serious Crime that entered into force during the spring of 2019. Parts of the legislative reform and implementation were and still are in progress. Therefore, it is still too early to say anything about how well the legislation works in practice.

In addition, the focus of the work during 2019 has been on international cooperation as a part of the European Data Protection Board and other expert working groups of the European Union. The interoperability of the many internal security information systems of the EU was developed during the year, both on the level of statutes as well as in practice. The work, which was raised as a clear priority by the Justice and Home Affairs of the Commission, was highly visible during Finland’s Presidency. In addition, progress was made with the development of regulations on electronic evidence. Discussion about the data protection issues of these systems will certainly continue further.

A key part of the international cooperation also included participating in the work of the European Data Protection Board’s subgroups as well as the work of joint monitoring groups on the Schengen Information System (SIS II), the European Asylum Dactyloscopy Database (Eurodac) and the central EU Visa Information System (VIS).

The year was a period of strong reorganisation in the Office of the Data Protection Ombudsman. At the same time, the available resources increased: for example, there are now five person years available for monitoring the internal security authorities. The new organisation brought with it a chance to change and develop operating methods in the Office.

An inspection plan concerning the internal security authorities was prepared for the first time for 2020. Key objects of inspection during the current year include implementing accountability and impact assessment, the use of facial recognition technology that has given rise to many questions, and some of the legal innovations in sector-specific legislation on personal data. The plan has also taken the monitoring and inspections of EU information systems related to internal security in accordance with the special regulations concerning them. In the future, the inspection plan will be updated annually.

Jari Råman
Deputy Data Protection Ombudsman