Tietokiri led by the State Treasury was one of the projects aiming to promote a culture of knowledge management in public administration. The aim of the project was not only to create new services (including a shared data platform and analysis and reporting services) but also to make the results of knowledge management visible and share good practices. Networking and cooperation have been the cornerstones of these efforts, and besides the State Treasury, the participants have included the Ministry of Finance that guided the work, Finnish Government Shared Services Centre for Finance and HR Palkeet, Hansel, National Land Survey of Finland, HAUS Finnish Institute of Public Management Ltd and DigiFinland.

One of the most important objectives of Tietokiri was to aggregate data administrated by different actors in order to make more efficient use of it and to increase transparency in public administration. The shared data platform contains information on central government activities, finances and administration residing in the registers of joint service providers. The data platform also makes it possible to aggregate data collected from different sources, making it possible to generate new information. The benefits of compiling shared central government data are multiple: openness and transparency in administration are increased and a more uniform information architecture will improve predictability and comparability and, on the other hand, the collection of data will require less resources in the future.

Tietokiri has compiled different interesting examples of knowledge management to the website valtiolla.fi (in Finnish).

The Government's analysis, assessment and research projects produce information to support decision-making, knowledge management and practices. These activities are guided by the Government's annual assessment and research plan. The maximum duration of projects carried out following this plan is three years. The criteria for evaluating projects are their relevance, impact, usability, quality and feasibility. Read more about the Government’s analysis, assessment and research projects.

Tietojohtaminen association promotes data-based value creation and the utilisation of information in decision-making and all societal activities. The association raises awareness of knowledge management, issues statements, provides training related to its field for public and private sector organisations, and publishes a blog and a journal titled Tietoasiantuntija.

Tietojohtaminen association's website (in Finnish).

Knowledge management network was established to disseminate information on good practices in knowledge management, especially in the social and health care sector, and to promote cooperation in the context of national knowledge management. The network provides up-to-date information on knowledge management themes in the form of blog posts, webinars and seminars.

Knowledge management network website (in Finnish).

The public administration's Data and analytics expert network is intended for those working with data and analytics and anyone interested in this theme. The purpose of the data and analytics expert network in public administration is to share experiences and advance competence. Its goals include creatively aggregating and visualising public administration data to develop knowledge management, to network and share best practices, and to promote cross-administrative cooperation.

Helsinki Graduate School of Economics (Helsinki GSE) established in April 2020 a Situation Room of economics, which provided information in support of economic policy decision-making for ministries and other public bodies during the coronavirus pandemic. The aim of the Situation Room was to provide more or less real-time information on developments in the business sector, the labour market and society as a whole. Helsinki GSE specialises in research and education in economics.

Research and education in information management have been conducted in the University of Tampere for more than 20 years. Its research in the fields of information system science (IS) and knowledge management (KM) is internationally recognised.

More information about NOVI Research Group for Information and Knowledge Management.

The Act on Information Management in Public Administration (906/2019, Public Information Management Act) and the acts associated with it entered into force on 1 January 2020. The Act promotes the harmonisation of information management, information security and digitalisation in the authorities’ activities.

The Act on Information Management in Public Administration lays down provisions on following the principle of openness and meeting the requirements of good governance in data management by the authorities. The Act contains provisions applicable to public administration at large on the organisation and description of data management, interoperability of information pools, information system interoperability, technical implementation of application programming interfaces and viewing access, and the implementation of information security. An Information Management Board of Public Administration was established pursuant to this Act. The task of this Board operating in conjunction with the Ministry of Finance is to assess and steer information management by State agencies and municipalities.

More detail has been added to the provisions of the Act in decrees on documents subject to security classification (Government Decree on the Security Classification of Documents in Central Government 1101/2019), the activities of the Information Management Board (Government Decree on the Public Administration Information Management Board 1338/2019), and the procedure for issuing statements on changes in information management applicable to central government authorities (Government Decree on Statement Procedure for Information Management Changes 1301/2019).

Implementing the Act is a task that belongs to all authorities and that is guided and supported in a systematic manner. The Public Information Management Act is only partly applicable to some actors; see section 3, Scope of application of the Act and restrictions to it.
 

Parties within the scope of application of the Public Information Management Act are:

• State agencies and institutions
• courts of law and committees established to handle appeals (in parts)
• State enterprises
• municipalities and joint municipal authorities (mainly)
• Parliamentary organs (mainly)
• Office of the President of the Republic of Finland (mainly)
• independent institutions subject to public law (mainly)
• universities (mainly)
• universities of applied sciences (mainly)
• parties performing public administrative tasks (in parts)

Find out more:

• Act on Information Management in Public Administration
• Information Management Board
• Information package on the Information Management Act compiled by Parliament (in Finnish)

Source: Ministry of Finance, Public Information Management Act (in Finnish)​​​​

The Act on the Openness of Government Activities (621/1999) implements the principle regarding the openness of documents and information held by the authorities laid down in section 12 of the Constitution. Following the principle of openness, all information produced by the public administration is public unless there is a specific legal basis for its secrecy.

The Act on the Openness of Government Activities also contains provisions on the grounds on which documents may be secret. However, specific legislation applicable to a certain sector may also contain provisions on secrecy and publicity.

The authorities to which the Act on the Openness of Government Activities applies are defined in section 4 of this Act, under which authorities are defined as

• State administrative authorities and other State agencies and institutions as well as State enterprises
• Parliamentary agencies and institutions
• courts of law and other bodies for the administration of law
• municipal authorities and the authorities of well-being services counties and joint authorities for health and wellbeing
• independent institutions subject to public law, including the Social Insurance Institution (Kela) and Bank of Finland
• boards, consultative bodies, committees etc. appointed for the independent performance of a certain task on the basis of an Act, a Decree or the decision of an authority.

This list is not exhaustive, as the Act on the Openness of Government Activities may also be applicable by virtue of special legislation. Under section 30, subsection 2 of the Universities Act (559/2009), for example, activities pursued by the university and the student union are governed by the provisions of the Act on the Openness of Government Activities.

The Act on the Openness of Government Activities also applies to corporations, institutions, foundations and private individuals appointed for the performance of a public task on the basis of an Act, a Decree or a provision or order issued by virtue of an Act or a Decree.
The Act on the Openness of Government Activities applies to documents prepared or delivered to an authority. Under section 5 of the Act, a document refers to not only conventional documents on paper but also to information, data sets and messages in electronic format.

When a document is requested from an authority, the authority must, as a rule, disclose the document or decide that the document will not be disclosed without delay and as soon as possible. The decision should be made within two weeks of receiving the request, except in special cases where the matter must be resolved within one month. If the authority decides not to disclose the document, a written decision that can be appealed must be made on this.

If the full document is not secret, disclosing it may be possible, for example by deleting or covering secret information.

The Act on the Openness of Government Activities also contains provisions on the requirements and obligations applicable to the provision of information by the authorities and the manner in which access to documents is provided. An authority is obliged to assist those requesting access in finding the information, such as specifying the document to which access is required. The authorities must also promote the openness of their activities and, where necessary, produce guides, statistics and other publications, as well as information materials on their services and practices, as well as on the social conditions and developments in their field of competence.

Find out more:

• Act on the Openness of Government Activities
• Ministry of Justice, Act on the Openness of Government Activities​​

The Archives Act (831/1994) lays down provisions on archiving and its organisation as well as the obligations of records creators. An archive comprises documents that have been delivered to the records creator because of their tasks or that were created in connection with the records creator's work. In this context, a document has the same meaning as in the Act on the Openness of Government Activities above.

The Act applies to the following records creators:

• State agencies, institutions, courts and other judicial bodies as well as other State authorities,
• municipal authorities and bodies as well as the authorities and agencies of a wellbeing services county and joint authority for health and wellbeing,
• the Bank of Finland, the Social Insurance Institution of Finland, other independent institutions subject to public law and universities,
• enterprises of the State, wellbeing services counties and municipalities, and
• the Orthodox Church and its parishes (separate provisions apply to the Evangelic Lutheran Church).

In addition, the Archives Act applies to other organisations or individuals when they perform a public task pursuant to an Act or a Decree or a provision or regulation issued by virtue of an Act or a Decree, to the extent that they generate and acquire documents referred to in the Act on the Openness of Government Activities as a result of this task.

The records creator must determine how the responsibility for and the planning and practical management of its archive activities are arranged. The records creator must define the storage periods and methods for the documents accumulated as a result of the performance of their tasks and maintain a filing system for them. When determining the storage periods of documents, any separate statutes or regulations on them must be taken into consideration. The National Archives of Finland determines which documents and information related to them must be preserved permanently.

The task of the archives service is to ensure the usability and preservation of documents, to provide an information service related to documents, to determine the preservation value of documents and to destroy unnecessary documents.

Archives services must be managed ensuring that

• they support the performance of the records creator’s tasks
• they support the right of individuals and organisations to access public documents
• the legal protection and data protection of individuals and organisations has been duly accounted for
• the availability of documents related to the legal protection of individuals and organisations has been ensured
• the documents serve as information sources for research.

The requirements of the archive services must be addressed in the records creator’s information and document management.

The Archives Act also contains further provisions on the preparation, preservation and use of documents. For instance, documents must be preserved so that they are safe from destruction, damage and unauthorised use. Documents that are not subject to long-term preservation must be destroyed after the specified storage period, safeguarding data protection.
Find out more:

• Archives Act (in Finnish)
• National Archives of Finland​​​​​​

The cornerstone of the legislation on processing personal data and data protection is the General Data Protection Regulation of the European Union, or Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

The General Data Protection Regulation (GDPR) imposes strict requirements for the collection, storage and control of personal data on companies and organisations. These requirements apply both to European organisations that process personal data concerning persons in the EU and to non-EU organisations that process data concerning persons residing in the EU.

Personal data are information concerning an identified or identifiable natural person which may include their name, personal identity code, address, internet protocol address, passport number or income information. However, it may be possible to anonymise data and datasets, for example by technical measures, ensuring that they no longer contain personal data.

Under the GDPR, personal data must be processed lawfully, fairly and transparently. Personal data must be accurate and, where necessary, kept up to date. The GDPR also lays down provisions on the data subject's right to demand rectification of incorrect personal data concerning them.

Consequently, under the GDPR personal data must always be processed lawfully and for a certain lawful purpose, and only the data needed for this specific purpose may be processed. Data may not be processed for a purpose or in a manner that is incompatible with that purpose. Data processors must also ensure that, in order to process personal data, they fulfil one of the bases defined in the GDPR, including:

• the data subject's consent,
• compliance with a legal obligation,
• protection of the data subject's vital interests, or
• exercise of official authority or performing a task carried out in the public interest.

As a basic premise, the last mentioned is the grounds for processing personal data in a public authority's tasks. The processing of personal data is regulated under a national act, which defines how and for what purpose each type of data can be processed. Guidance on this matter is also provided by the practice of the parliamentary Constitutional Law Committee. The entry into force of the General Data Protection Regulation has consequently led to the passing of a great deal of national special legislation. Regulation that provides a legal basis for the processing of personal data may also be included in some other Act, rather than necessarily laid down in a separate piece of legislation.

Personal data must also be processed in a manner that is sufficiently secure and protected. Various measures should be taken to prevent unauthorised or unlawful access to the data and to avoid accidental destruction or loss of the data. In this respect, regulation on data protection and information security are also close to each other.

The General Data Protection Regulation is an extensive and significant piece of legislation that cannot be discussed exhaustively in this context. The GDPR obliges organisations that process personal data on a large scale to appoint a data protection officer (mandatory in public administration), whose task is to provide advice on different data protection issues and supervise the processing of personal data.

The GDPR has been supplemented with the national Data Protection Act (1050/2018), which defines the tasks and competence of the Data Protection Ombudsman and lays down more detailed provisions on certain special situations, including the processing of personal data for journalistic, artistic or scientific purposes, and the processing of personal identity codes.

Find out more:

• Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data
• Data Protection Act
• ​​​​​​Information about data protection on the website of the Data Protection Ombudsman

Besides the statutes discussed above, other pieces of legislation may also be relevant to the opening of data. This may include legislation that applies to the activities of a certain authority or the performance of a certain public task, or it may be other legislation laid down to fulfil an international obligation or implement an EU directive, for example. EU obligations related to opening data are described in the next chapter.

In addition to the General Data Protection Regulation, a wide range of other European Union legislation on disclosure and movement of data exists or is being planned that may be directly applicable without separate implementation, including the Data Governance Act, the negotiations on which in the EU were concluded in 2022 and whose implementation in the Member States is expected to begin in 2022.

Background to the Directive on open data and the re-use of public sector information

Directive 2003/98 (EC) of the European Parliament and of the Council on the re-use of public sector information (the PSI Directive) was adopted on 17 November 2003. The PSI Directive laid down provisions on the re-use of public sector information, under which all public information produced by the public sector should, as a rule, be freely available to users free of charge. This Directive was part of the eEurope 2002 Action Plan drawn up by the Commission to create a Union-wide framework for the use of public sector information. As Finland’s national legislation already covered the minimum regulation under the PSI Directive, in particular in the Act on the Openness of Government Activities (621/1999) and the Act on Criteria for Charges Payable to the State (150/1992), the Directive did not require any amendments to national legislation at that time.

In June 2013, the European Parliament and the Council adopted Directive 2013/37/EU on amending Directive 2003/98/EC on the re-use of public sector information. The amendment made some further public sector datasets available for re-use and added detail to the presentation and pricing of the data. The scope of the PSI Directive was also extended to museums, libraries and archives.

Finland notified the Commission of the implementation of Directive 2013/37/EU in October 2015 and June 2016 and made reference to the national legislation, including the Act on the Steering of Information Management in Public Administration (634/2011). In October 2019, a third notification was submitted to the Commission regarding Article 5(1) of the Directive, announcing that the Act on Information Management in Public Administration (906/2019, later referred to as the Public Information Management Act) would replace the Act on the Steering of Information Management in Public Administration.

In April 2018, the Commission published its Staff Working Document SWD (2018) 145 and proposal COM (2018) 234 on the Directive on re-use of public sector data (recast). The recast Directive on open data and the re-use of public-sector data 2019/1024/EU, or the Open Data Directive, was adopted in June 2019. 

Purpose of the Directive on open data and the re-use of public sector information

The purpose of the Open Data Directive is to promote the re-use of all public sector data for commercial and non-commercial purposes. The directive is about the practices and procedures of data re-use. It is based on Union and national access regimes, which it does not interfere with.

Key amendments introduced in the recast directive are

• expanding the scope of the directive to documents held by public undertakings operating in certain industries,
• expanding the scope to research data stemming from public funding,
• stricter restrictions on the conditions and exclusive arrangements for the re-use of documents, and
• regulation on high-value datasets.

In addition, the directive imposes an obligation of using APIs to provide access to data updated frequently and in real time (dynamic data) and to high-value datasets.

What are high-value datasets?

High-value datasets have important benefits for society or the economy, and they are subject to higher access requirements than other datasets. The Commission is empowered to adopt delegated acts and implementing acts. Under delegated acts, Annex I of the directive may be amended by adding new thematic categories of high-value datasets to it, and the implementing acts lay down a list of specific high-value datasets belonging to these categories and the arrangements for their publication and re-use. 

Implementation of the Open Data Directive in Finland

The directive was implemented nationally on the basis of the available regulation in July 2021 (see He 74/2021 vp, which is also quoted in this Chapter where applicable). Regarding public authorities, amendments were made to the Public Information Management Act (710/2021) and the Act on the Openness of Government Activities (711/2021). The European Commission will define separately the so-called high-value datasets that must be shared as open data, through APIs and free of charge in the delegated acts supplementing the directive. At the time of the writing of this document, no such delegated acts have yet been adopted.

In addition to the authorities, the Open Data Directive applies to certain data of companies in which public sector bodies exercise a dominant influence, which resulted in the passing of the Act on Re-use of Data Held by Companies Providing Certain Public Services (712/2021). In addition, the directive provides for access to research data stemming from public funding. These provisions were enacted in the Act on the Re-use of Research Data Sets Produced with Public Funding (713/2021).

Read more:

• Summary of Directive 2019/1024/EU on open data and the re-use of public sector information
• Full text of the Directive on open data and the re-use of public sector information
• Parliament's information package on the implementation of the Open Data Directive (in Finnish)
• Ministry of Finance’s project on Open Data Directive implementation (in Finnish)

The EU’s INSPIRE Directive (2007/2/EC) aiming to improve the use of spatial data, increase cooperation between authorities and create diverse services for the public was adopted in 2007. In Finland, provisions implementing the INSPIRE Directive are laid down in the Spatial Data Infrastructure Act (421/2009) and the Spatial Data Infrastructure Decree (725/2009).

Read more:

• INSPIRE directive (2007/2/EC)
• Spatial Data Infrastructure Act (421/2009) (in Finnish)
• Spatial Data Infrastructure Decree (in Finnish)

In 2010, the ITS Directive (2010/40/EU) was adopted, which contained rules on the deployment of intelligent transport systems in road transport and interfaces with other modes of transport. The delegated acts have entered into force gradually from 2013 on. A specific report has been prepared on the national implementation of the ITS Directive (pdf, in Finnish).

The Act on Transport Services (320/2017), which contains provisions on the interoperability of data and information systems as well as the deployment of intelligent transport systems related to the ITS Directive, was passed in 2017. 

• ITS directive (2010/40/EU)
• Act on Transport Services (320/2017) 

A separate Act on the Secondary Use of Social and Health Data (Secondary Use Act, 552/2019 (in Finnish)) has been passed in Finland. The objective of the Act on the Secondary Use of Health and Social Data is to enable the efficient and secure processing of personal data stored for the purposes of steering, control, research and compilation of statistics in the social welfare and health sector. The aims of the Act also include safeguarding individuals’ legitimate expectations as well as rights and freedoms related to the processing of personal data. Secondary use of social and health data means that client and register data generated in social welfare and health care activities are used for other than the primary purpose for which they were originally stored.

The Finnish Social and Health Data Permit Authority Findata was established pursuant to the Secondary Use Act (findata.fi). The Data Permit Authority issues data permits when data held by several different controllers, data stored in Kanta services or the register data of a private social welfare and health care service provider are needed. Findata offers controllers who possess the datasets an advisory service, support for preparing metadata descriptions, an anonymisation service and a permit processing service on behalf of controllers. 

Additional information on the Secondary Use Act on the website of the Ministry of Social Affairs and Health.

An information management entity refers to an authority who has a duty to organise its information management in compliance with the Public Information Management Act (906/2019). Information management entities include

• State agencies and institutions;
• courts of law and committees established to handle appeals;
• Parliamentary organs;
• State enterprises;
• municipalities;
• joint municipal authorities;
• independent institutions subject to public law;
• universities referred to in the Universities Act and universities of applied sciences referred to in the Universities of Applied Sciences Act.

In the Public Information Management Act, the management body of an information management entity refers to the authority or public official responsible for the general management of the information management entity.

Table shows examples of actors who typically are responsible for leading the information management entity as referred to in the Public Information Management Act and for organising information management in information management entities.

Under the Public Information Management Act, responsibilities related to the organisation of information management are assigned to the management body of the information management entity. The management body must ensure that the responsibilities connected to the tasks relating to the implementation of information management have been defined and that adequate supervision of compliance with the information management obligations has been organised. The management body must also ensure that the entity has up-to-date instructions for the processing of datasets, the use of information systems, the data processing rights, the implementation of the information management responsibilities and for the rights of access to information, data security measures and preparedness for exceptional circumstances.

The management body must also make sure that the entity has training available to ensure that the personnel have adequate knowledge of the provisions, regulations and instructions of the information management entity in force relating to information management, data processing and publicity and secrecy of documents. Additionally, the management body must provide proper tools for implementing the obligations relating to information management. As part of providing proper tools the management body must ensure, when making procurements, that the interoperability of information systems and information pools can be implemented and that the application programming interfaces can be opened, at least in situations where this is required under the Public Information Management Act. Additionally, it must be ensured that technical interface data structures have been specified and that the API descriptions are available to the information management entity and actors accessing the data.

In connection with changes to information systems and interfaces, the interoperability of information pools and their usability when compiling and using data must be taken into consideration. The information management entity should also identify any needs and rights of other authorities or actors to use the data that can be accessed and assess the impacts of the change from their perspective.

• For more information about the management body’s responsibilities, see the Information Management Board’s recommendation on fulfilling the management body’s duties in information management (in Finnish, pdf)(Ministry of the Finance publications 2020:18).
• An Information Management Board recommendation has also been issued on assessing the impacts of changes in information management (in Finnish) (Ministry of Finance publications 2020:53).

For more information on the information management model, information management map and description to implement document publicity, see chapter 3 Identification of datasets.

• The Information Management Board's website contains useful presentation materials, among other things on implementing information management models.
• The Ministry of Finance has produced an eight-part series of webinars on different areas of implementing the Public Information Management Act. Webinars are in Finnish.