The COVID-19 crisis and recent data breaches have highlighted the importance of trustworthy data processing. In its white paper on artificial intelligence, the European Commission also emphasised that trustworthiness is a prerequisite for the adoption of digital technology. Ethical AI is one of the EU’s key goals. Algorithmic biases are a particular risk that can undermine the trustworthiness of AI, and everyone developing or adopting AI applications should be prepared to deal with such biases.
14.1.2021
Artificial Intelligence: Don’t Let a Biased Algorithm Ruin Your Business
Related services
AI is Biased and Can Lead to Discrimination
AI is biased by default, as its functioning is based on data and rules that are input and defined by people. This bias can arise for a number of reasons. The data used to train AI could be factually incorrect, incomplete or otherwise prone to cause algorithmic bias. The algorithm used by the AI could also have been developed to give weight to certain grounds for discrimination, such as gender or language. Biases are significant particularly when people are subject to an automated decision made by an AI application. If the bias is not corrected in time, such decisions can lead to discrimination.
A discriminatory AI could be created, for example, because the application has been trained primarily using data from men, and therefore, does not produce optimal results for women. Some of the specific features of many AI applications, such as opacity, complexity, unpredictability and partially autonomous behaviour, can be problematic from the perspective of the protection of fundamental rights.
Automated decision making and the risk of discrimination related to it have given rise to a great deal of debate. Decisions made by AI have even been appealed to the Non-Discrimination Ombudsman. One case was brought before the National Non-Discrimination and Equality Tribunal, which issued a decision and a conditional fine in 2018 prohibiting the use of the AI in question.
The case concerned a credit institution, which had used a fully automated decision-making system. The system scored consumer credit applicants by comparing the applicant’s data to corresponding statistics to determine creditworthiness. The system was found to discriminate against applicants, among other things, based on gender and native language. It is worth noting that even small choices made by AI can be deemed decisions, such as the choice to direct a certain type of applicant to customer service.
AI Needs Supervision and Good Agreements Are Key
In order to prevent biases, the functioning of AI applications must be regularly monitored and evaluated, whether the application has been developed in-house or acquired from an outside provider. Because AI reflects the views and values or the people who developed it, acquiring AI applications from abroad involves its own risks that require caution. It is possible that the AI will display a bias that is based on the cultural norms of the developers.
As there is still little to no legislation specifically concerning AI, the rights and obligations of parties agreeing on AI applications are based on the agreements between the parties. Among other things, the contractual terms should provide for liability for defects and audits. Agreeing on liability for defects is important, for example, in case the data used to train the AI is deficient or the algorithm used functions incorrectly. An auditing clause should provide for how the correct functioning of the AI is ensured if the decision logic of the AI is not sufficiently transparent. Though the field lacks actual legislation, the EU’s ethical guidelines for AI provide a framework for the responsible use of AI.
Latest insights
Article published 28.4.2026 – Private M&A
Unlocking value in carve-outs – Why integration planning deserves top priority in every carve-out
Article published 2.2.2026 – Data & Technology
Avoid costly risks with well-drafted distribution agreements
Article published 10.10.2024 – Data & Technology
New act on dual-use items entered into force in September – what companies need to know
Article published 5.9.2024 – Data & Technology
Technology acquisitions can boost companies’ growth – or cause them to fail
Benjamin Bade, Maiju Mäkinen & Samuli Salminen
Topi Lusenius & Samuli Salminen
Kim Parviainen & Lauri Laatunen
Topi Lusenius, Anders Forss & Kim Parviainen
Latest references
Downing – Acquisition of the entire share capital of Tornionlaakson Voima
We advised UK-based investment company Downing in its acquisition of the entire share capital of Tornionlaakson Voima Oy. Tornionlaakson Voima owns three hydropower plants in the Tengeliönjoki river system – the Portimokoski power plants in Ylitornio, the Jolmankoski power plants in Raanujärvi and the Kaaranneskoski power plants in Sirkkakoski. The power plants produce a total of approx. 45 gigawatt-hours of electricity per year. Tornionlaakson Voima’s daily operations will continue normally, and the transaction will not affect customers. The consummation of the transaction is subject to the approval of the Ministry of Economic Affairs and Employment. Downing has over 35 years’ experience in providing a wide range of investment solutions to the needs of institutional investors, advisers and retail investors. The company manages over £2 billion in assets in both the private and public markets and its current hydro power portfolio includes approx. 50 hydro power plants in the Nordics.
Case published 27.3.2026
LähiTapiola and OP Henkivakuutus – Successful representation of insurance companies in Supreme Administrative Court health data processing cases
We successfully represented insurance companies LähiTapiola and OP Henkivakuutus in two cases concerning an important point of principle: the right of insurance companies to process health data as part of the insurance application process. The Supreme Administrative Court handed down twin decisions ( one published as precedent ) addressing the matter in light of contrary DPA decisions. Under the Finnish Data Protection Act, insurance companies may, to simplify, process health data concerning “insured persons” (vakuutettu, försäkrad) to determine liability under the insurance. This rule constitutes an exception to Article 9 GDPR. At issue was whether the term “insured person” also covers people in the process of obtaining insurance coverage or only people who are already covered. In more practical terms: can an insurance company rely on the rule when considering whether/how to grant the insurance in the first place? The SAC answered in the affirmative and thus upheld the traditional industry approach over the DPA’s contrary view. The SAC noted that the Data Protection Act did not define the term “insured person” and thus looked at insurance legislation for guidance. As argued by the insurance companies, that legislation also uses the term in the context of describing the insured person’s pre-contractual informational obligations. Thus, and in view of the underlying purpose of the rule at issue, the SAC found that an “insured person” could be someone in the process of obtaining coverage, not just a person already covered. The outcome clarifies the scope of the local rule at the insurance application stage for the Finnish insurance industry.
Case published 22.1.2026
SuperOffice – Acquisition of Lyyti
We acted as Finnish counsel to SuperOffice AS, backed by Axcel, in its acquisition of Lyyti Oy from Finnish private equity firm Vaaka Partners and other sellers. Lyyti is a leading event management software company for physical, digital and hybrid events with a strong customer base in Finland, Sweden and France. SuperOffice is a leading provider of customer relationship management (CRM) software for small and medium-sized businesses across Northern Europe. Axcel is a Nordic private equity firm with a focus on technology, business services and industrials, healthcare, and consumer sectors.
Case published 9.12.2025
Lantmännen – Acquisition of Leipurin from Aspo
We advised Lantmännen ek för in its contemplated acquisition of Leipurin from Aspo Plc. Lantmännen is an agricultural cooperative and Northern Europe’s leader in agriculture, machinery, bioenergy and food products. Lantmännen is owned by 17,000 Swedish farmers and has 12,000 employees in over 20 countries. Leipurin is a leading Nordic supplier of bakery ingredients, equipment, and expert services to professional bakeries, confectioneries, and food manufacturers. The company operates across Finland, Sweden, and the Baltic countries with subsidiaries located in the aforementioned countries, providing comprehensive solutions to the baking industry. The closing of the transaction remains subject to regulatory approvals.
Case published 25.8.2025