Support Centre



Law: The Data Protection Act (1050/2018) ('the Data Protection Act') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: Office of the Data Protection Ombudsman ('the Ombudsman')

Summary: In Finland, the GDPR is supplemented by the Data Protection Act which entered into force on 1 January 2019 and repealed the old Personal Data Act (523/1999). In addition, the GDPR has led to amendments to other legislation regarding the processing of personal data such as the Act on the Protection of Privacy in Working Life (759/2004) as amended in 2019, the Criminal Code (39/1889) ('the Criminal Code'), the Act on Enforcement of Fines (672/2002) (only available in Finnish here), and the Act on Grey Economy Information Unit (1207/2010) (only available in Finnish here). The Ombudsman acts as the Finnish supervisory authority with regards to the GDPR and its supplementing legislation.


The Finnish Transport and Communications Agency ('TRAFICOM') announced, on 13 September 2021, that it had published, after a period of public consultation, its finalised guidelines on cookies and other similar tracking technologies1 ('the Guidelines') for service providers. In particular, TRAFICOM noted that the purpose of the instructions given in the Guidelines is to promote the implementation of confidentiality and good practices in the storage and use of cookies and other similar tracking technologies. However, TRAFICOM stated that the purpose of the Guidelines is not to oblige service providers to use certain technologies, but to instruct them to act as required by law with respect to the storage and use of cookies and other data concerning the use of the service, consent to cookies, and information about cookies. In this insight, OneTrust DataGuidance outlines the key information provided in the Guidelines.