Acts on the Processing of Personal Data by the Police and Border Guard and Act implementing the PNR Directive to enter into force on 1 June

The Acts on the Processing of Personal Data by the Police and the Border Guard will be amended in order to bring them in line with the new EU data protection requirements. In addition, passenger information collected by air carriers may in future be utilised more extensively in prevention of terrorism and serious crime.

On 9 May, the Government submitted the amendments to the Acts on the Processing of Personal Data by the Police and the Border Guard and the Act implementing the PNR (Passenger Name Record) Directive for approval. The President of the Republic is to approve them on 10 May, and they will enter into force on 1 June 2019.

Police will use personal data in accordance with new data protection requirements

The Act will give the police the possibility to use the data obtained under their existing powers in a more versatile way in the prevention, detection and investigation of crimes. The Act also includes provisions on the processing of personal data in other police duties, as well as on the processing of personal data by the Finnish Security Intelligence Service. The aim of the new Act on the Processing of Data by the Police is to ensure that the police process personal data in compliance with the requirements of the new data protection legislation at the national and EU levels. Following the updates, the Act will be connected to the purposes of processing personal data rather than to specific registers or data management systems.

The police are permitted to use only those personal data that are required for their work. Access rights to the police data systems are granted based on the tasks of individual police officers. Compliance with the law when processing personal data is part of the official duties of the police and other authorities.

The processing of personal data by the police is monitored by the Data Protection Ombudsman. The use of data systems is also monitored regularly as part of the oversight of legality carried out by the National Police Board and within police units. The legal compliance of the activities of the police and the processing of personal data are also evaluated by the Parliamentary Ombudsman, the Office of the Chancellor of Justice and the Ministry of the Interior.

Amendments also made to the Act on the Processing of Personal Data by the Border Guard

The Act on the Processing of Personal Data by the Border Guard will also lay down provisions on the purposes of personal data processing by the Border Guard, rather than on individual registers and data systems. In line with the existing Act, the purposes of processing personal data will be to carry out border control, maintain order and security at the border, investigate crimes within the Border Guard’s competence, maintain public order and security, prevent and detect crimes under the Border Guard’s jurisdiction, enforce justice under military law and carry out other statutory duties of the Border Guard, such as various monitoring duties.

Passenger information collected by air carriers to be utilised more extensively in crime prevention

The EU Passenger Name Record Directive, also known as the PNR Directive, enables a wider utilisation of passenger information collected by air carriers in the prevention of terrorism and other forms of serious crime. A passenger name record contains information provided by each passenger upon making a reservation. This information includes the name, address and other contact details of a passenger and information on the means of payment, for example.

The Directive will be implemented by the Act on the Use of Airline Passenger Name Record Data in the Prevention of Terrorist Offences and Serious Crime. The Act will oblige air carriers to transfer certain PNR data to the Passenger Information Unit for the purpose of preventing terrorism and other forms of serious crime. The common criminal intelligence unit of the police, Customs and the Border Guard will function as the Passenger Information Unit in Finland.

The Passenger Information Unit will analyse the PNR data in accordance with certain pre-determined criteria and compare them against national and international databases relevant for the prevention of terrorist offences and other serious crime. The objective is to identify persons that may be involved in terrorist offences or other serious offences. If it turns out that further investigations are needed, the Unit submits the data to the competent national authorities, which in Finland are the police, Customs and the Border Guard. The Passenger Information Unit will preserve the PNR data for five years.

Inquiries:

Suvi Pato-Oja, Senior Specialist, tel. +358 295 488 379, suvi.pato-oja@intermin.fi (Act on the Processing of Personal Data by the Police and the Act implementing the PNR Directive)
Anne Ihanus, Border Guard Chief Superintendent, tel. +358 295 421 608, anne.ihanus@raja.fi (Act on the Processing of Personal Data by the Border Guard)