New Information Society Code Entered into Force on 1 January 2015

The introduction of the act brings forth some material changes to, for example, legislation that applies to protection of privacy and ensuring information security. Consumer protection for users and purchasers of electronic communication services is also improved. In addition to these changes, there will be amendments in regulations regarding significant market power and domain names, in particular.

Focus on confidentiality of electronic communications and protection of privacy

Recently, there has been intensive discussion concerning the data protection of users of online services. In fact, one of the main objectives of the Information Society Code is to secure the confidentiality of electronic communications and ensure the protection of privacy. As the Information Society Code enters into force, the Act on the Protection of Privacy in Electronic Communications will be repealed and the relevant provisions will be included in the new code.

Until recently, the operational obligations related to the protection of privacy have only concerned telecom operators, corporate subscribers and providers of value-added services. The legislation on the protection of privacy has been extended to cover all operators that convey communication as referred to in the Information Society Code, i.e. to telecom operators, corporate subscribers and other bodies that convey communications otherwise than for personal or similar normal private purposes.

The operational obligations related to privacy will therefore apply to all operators whose electronic communication services are used for exchanging confidential messages. In particular, such services include various online community services and social media.

Clarifications of the Applicability of Finnish Law in Cross-Border Cases

Another important change introduced by the Information Society Code regards the possible extension of the scope of the regulation of the protection of privacy to cover international operators. Henceforth, the regulation of the protection of privacy will apply to both national and foreign operators that convey communication, if the operator has its seat in Finland or within Finnish jurisdiction. Even when the operator has no seat in the territory of a Member State of the European Union, it is obliged to adhere to the regulation on the protection of privacy, if the operator’s key equipment is located in Finland or is maintained from Finland. The situation is similar when the operator has no seat in the territory of the Member States of the European Union, but the user of the service is in Finland and it is evident, based on the content of the service or the way it is marketed that the service is targeted at Finland.

The aim of the regulation is to increase the awareness of foreign companies about privacy and data security requirements that are set when a company either becomes established in Finland or offers its services there. The objective is equality between Finnish and international companies. In future, the operation of more and more operators conveying communication must take into account various obligations related to the confidentiality in the electronic communication and to the protection of privacy.

Regulation of Consumer Protection Becomes Clearer

In the past few years, defects in electronic communication systems have often been the topic of queries addressed to consumer authorities. This is mainly because the industry is constantly changing. While preparing the act, it was in fact considered essential to create new provisions that would clarify the consumer protection legislation that is applicable to electronic communication services. Under the new legislation, a telecom operator can be held jointly liable for a defect in the provision of a service. The legislation also defines the liability to compensate and the liability for defects as well as contractual terms in general.

The Information Society Act lays down provisions on joint and several liability between telecom operators and sellers or providers: such liability is comparable to joint and several liability between a lender and seller or service provider. Joint and several liability applies to situations in which the consumer has paid for a service, e.g. a public transport ticket or a parking fee, via mobile phone and the payment is charged to their phone bill. If the service or product is faulty or the consumer never receives it, the consumer can—in addition to the seller or service provider—turn to their telecommunications operator. In future, even a telecom operator can, therefore, be held liable to compensate a faulty product or service that has been paid for, e.g., by means of a mobile phone plan provided by the operator.

The Information Society Code also defines the rules related to telecommunication operators’ liability to compensate and liability for defects. Pursuant to law, there is a defect in the provision of an electronic communication service if the quality of the service or the method of provision thereof does not correspond to the provisions of the agreement on the provision of the electronic communication service. Efforts have also been made to clarify the means available to a purchaser when a defect is found. Additionally, the Information Society Code explicitly requires that the contractual terms of an agreement on the provision of electronic communication services be drafted in clear and understandable language. The aim is to emphasise the intelligibility of contractual terms to the consumer. To ensure clarity and intelligibility, consumers can be provided with additional information on the meaning of a specific contractual term.

Further information is available on the website of the Ministry of Transport and Communications (in Finnish).