Jusletter IT

Openness, Access, Interoperability and Surveillance: Transparency in the New Digital Network Society

  • Author: Saarenpää Ahti
  • Category: Articles
  • Region: Finland
  • Field of law: E-Government
  • Collection: Tagungsband IRIS 2014
  • Citation: Ahti Saarenpää, Openness, Access, Interoperability and Surveillance: Transparency in the New Digital Network Society, in: Jusletter IT 20 February 2014
One of the core elements of an individual’s right of self-determination is the right to know. We may consider this a meta-level fundamental right in modern democracy. It is both a necessary precondition for the realisation of our other rights and a right in and of itself. Efforts to realise our right to know in the relationship between the individual and government have, however, included mostly guarantees of access to public documents and access to events of importance. Today, access to public documents is a fundamental right enshrined in the EU Charter of Fundamental Rights. This is all well and good, but in the Network Society we find ourselves rather far removed from traditional documents and traditional forms of access. We work primarily on networks in a digital environment and no longer necessarily produce paper documents. Therefore we must adopt a significantly broader perspective where information management is concerned. Our right to information, if it is to be properly realised, requires adequate knowledge of information systems and their functionality as well as of document design and document logistics. The article focuses on the requirements that must be set for the design and use of information systems if transparency is to be realised in the Network Society. This means a transparency in which our right to know is realised and, at the same time, everyone’s rights to privacy and data protection are safeguarded all the time. I call this approach to the issues «the legal welfare perspective». In the constitutional state, legal welfare must figure as prominently as the other forms of welfare that society seeks to promote.

Inhaltsverzeichnis

  • 1. Introduction
  • 2. Some important basic concepts and principles
  • 3. The legal planning of transparency
  • 4. Planning the path of information
  • 5. Summary

1.

Introduction ^

[1]
In the literature and the media, we see years labelled by the issue that figured most significantly during the particular year. This past year, 2013, could justifiably be called «the year of surveillance». Earlier disclosures of the personal and telecommunications data gathered by the United States were followed by revelations that a number of other states as well have engaged in large-scale monitoring of electronic communications. As these practices became known, we saw the familiar old expressions Big Brother and Surveillance Society being used more visibly in the media and in public debate, and in a disparaging vein. We, and our social contacts, are monitored to an increasing extent. Both unregulated and regulated surveillance are on the rise.1 In the spirit of the technological imperative, we see the opportunities afforded by technology being exploited to the full. The assumption at work here is that we have everything to gain by effective use of what is ever more sophisticated information technology.
[2]

When we speak of legal informatics in the broader sense, it is essential that any analyses we undertake of the legal impacts of IT bring societal development into the picture. Our digital environment and the information networks it relies on reflect more than the spectacular development of the tools. More than ever the role of networks signals that the society we live in has changed; we are now members of the Network Society. We have come a long way since the Information Society, and its e-government, which relied heavily on electronic tools. At least at this writing we live in the Network Society and in the age of information government. This fact is often overlooked when we operate with tried and true, but dated concepts. The very terms «Information Society» and «e-government» smack of times past and are burdened by the informational baggage of their age.2

[3]
Surveillance is indisputably one of the problems we face in the Network Society. This is already common knowledge. It would be easy to content ourselves with criticising widespread surveillance on a general level as a procedure that is alien to a democratic society. This is what has been done in many instances. However, where legal informatics is concerned, it is more important – essential in fact – that we scrutinise the legal principles that affect citizens» rights on the multistage path that information takes in society, and see how these principles play out in information processing in the Network Society. It is this that I will try to do in what follows, at least in modest measure. Specifically, I will be looking at surveillance and its permissibility in legal perspective.

2.

Some important basic concepts and principles ^

[4]
When we speak of surveillance and societal control, we must address the issues of openness and transparency in the same breath. Taken together, these concepts and principles provide the context that shapes the image of the kind of society we have, could have and should have. And underlying all of these concepts is our conception of the individual’s right to self-determination in what today can be described as an essentially democratic society. In a democratic constitutional state, society is for its citizens and the proper realisation of their rights.
[5]

I will now begin with openness. We often view an open society as the democratic alternative to a closed, totalitarian one. There is no reason to dismiss this distinction between the extremes as such, which is rooted in principle and practice. Openness is an integral element of democracy, whether we are talking about Karl Poppers (1902–1994) well-known conceptual distinction or the Lisbon Treaty. The Treaty of Lisbon amending the Treaty on European Union and the Treaty establishing the European Community emphasises openness as one of the bases for how the Union works. Article 1 of the Treaty states: «This Treaty marks a new stage in the process of creating an ever closer union among the peoples of Europe, in which decisions are taken as openly as possible and as closely as possible to the citizen.» This is very well put.

[6]
As a legal term, openness has often been and is still seen primarily as meaning access to public documents. Consistent with the general Nordic principle of openness, government in Finland is guided by the Act on Openness in Government Activities. The Act, which focuses on access to public documents, is commonly referred to as «The Openness Act». The name can be explained by the Act having come into force in 1999, when Finland was President of the EU. The country’s policy on openness in connection with this role inspired the choice of the name of the legislation. We were trying to do our part to achieve more extensive openness in government throughout Europe. Government had been a good deal more closed in many other member states of the Union. From a Finnish perspective, in many places the process of openness – in the sense of providing public access to documents – was in its infancy.
[7]

The principle of openness has a far longer history in the Nordic countries. The first steps in that direction can be traced back to the eighteenth century in what was then Sweden-Finland. A freedom of the press law introduced at that time – albeit an ultimately short-lived one – was the handiwork of a Finnish representative in Parliament. We can thus justifiably claim that openness was originally a Finnish idea, not an exclusively Swedish one.3 The principle of openness is also a fundamental right enshrined in the Finnish Constitution, which reads: «Documents and recordings in the possession of the authorities are public, unless their publication has for compelling reasons been specifically restricted by an Act. Everyone has the right of access to public documents and recordings.»

[8]
Transparency is the second important concept we must consider. When we say that an open society should be transparent, we mean quite a bit more than public access to official documents. The requirements of transparency encompass various procedures in public action, the relationship between the public and private sectors and, in some respects, the operation of the marketplace. We have a right to know what is going on. This is why transparency is one of the pillars of democracy.
[9]

Transparency is referred to in general as something that complements openness, and in particular as a crucial means for combating corruption. Indeed, we can undoubtedly say that in international debate the term has become synonymous with the prevention of corruption. Where there is extensive transparency, there is less room for corruption in its different forms. Not surprisingly then, the name of the international anti-corruption watchdog is nothing less than Transparency International.4

[10]

Here, I use the term in a more neutral sense, one embracing the range of efforts to increase openness in society. These necessarily include the importance of information and how it is processed in different activities. As Silvia Kirkegaard has astutely put it: «The best advice that any government can be given today is to ensure that transparency is firmly embedded into its processes.»5 In fact, one now hears talk of society’s information policy. There is every reason to pursue the issue.

[11]

The third important or, rather, essential, basic concept to consider in this connection is privacy. This has been and still is a very difficult legal concept. Frequently one sees complaints, even in the legal literature, that legislation mentions privacy but does not define the term in detail. Like the fruits of Tantalus, privacy eludes our grasp just when we think we know what it is. Law often looks for new definitions and goes on to use these in its work. But in the case of privacy, it has been hard to find an appropriate way to elaborate a detailed definition. The reason for this difficulty is straightforward as such. Privacy is a concept describing the relationship between an individual and society on a general level. In the realm of philosophy, this basic idea was illustrated by Plato no less when writing how the soul and its substance are hidden from the gaze of others.

[12]
In the real world, we realise that there is no point in having a precise legal definition of privacy. Conceptions of privacy and the need to protect it change as the conception of the human being and society change. Any precise definition one might adopt would be so narrow in scope that it would easily exclude matters significant to us all that are covered by privacy as it is expressly protected in the law. Any narrowly defined concept would become an artificial one, and legislation using it would have to be constantly amended. Indeed, it is sufficient that we describe privacy as our right to be alone in relation to other individuals, communities and society at large as well as our right to decide primarily for ourselves the extent to which, the manner in which and the price at which we are willing to reveal our private life to others. This general characterisation shows that privacy entails not only protection from others but also the right to decide and act. Privacy has an active and passive aspect as part of our right to self-determination.
[13]

It is important to notice that only very rarely does our right to privacy allow us to withdraw completely beyond of the reach of other actors. There can be no complete privacy in a democracy. However, extensive privacy is the objective in principle when considering the ways in which we might realise our right to self-determination. It is unequivocally also the aim to pursue on the level of human rights. Similarly, any breach of privacy requires a justification in the law. Lord Denning, quoting William Pitt, once expressed this most compellingly: «The poorest man may in his cottage bid defiance to all the force of the Crown. It may be frail; its roof may shake; the wind may blow through it; the storms may enter, the rain may enter, – but the King of England cannot enter; all his forces dare not cross the threshold of the ruined tenement!»6

[14]

When we speak about privacy in today’s Network Society, we absolutely must direct special attention to the issue of personal data protection. We are accustomed to seeing it as part of the protection of privacy, and this is indeed still the case in Anglo-American legal culture.7 Things are different in the EU. Today, the right to personal data protection is a fundamental right in Europe. The European Charter of Fundamental Rights, which came into force pursuant to the Treaty of Lisbon recognises the right to personal data protection as one of our fundamental rights.

[15]

But this is not the whole story. Personal data protection as a fundamental right has also become distinguished from privacy. Personal data as such are in principle always somehow linked to our privacy. They tell about an individual and his or her characteristics. But personal data are processed as part of the corresponding fundamental right. Accordingly, the European Commission’s proposed new Data Protection Regulation says essentially nothing about privacy.8 The basic term is the protection of personal data. Whenever personal data are processed, it happens in the scope of that fundamental right and the related legislation. The language and the mind-set have changed.

[16]
This, too, tells us that the world is changing. As such, the object of regulation is the same as before but its scope of application has changed in a significant way. Those interpreting the law no longer need to consider questions of privacy. Although the concept of personal data as such is still unavoidably problematic, the related regulation has gained precision. Both the Charter of Fundamental Rights and the draft Data Protection Regulation are important steps in the development of people’s right to self-determination.
[17]

In addition, I must say a few words by way of justifying my conception of the Network Society. I originally delved into the concept as it was interestingly presented from the point of view of communication by Jan van Dijk back at the beginning of the 1990s. He realised at the time that a new information infrastructure might arise. Today, we have seen his work published quite deservedly in a third, revised edition, in an era when the information infrastructure he predicted is with us.9 In legal perspective, this infrastructure clearly encompasses our privacy in the Network Society. This is a positive development as such.

[18]
For my part, putting things briefly, I see today’s Network Society as a society in which information networks, primarily open networks, form a new public information infrastructure, a superhighway for the masses; it is also a society in which we are increasingly reliant on this infrastructure. Indeed, we are unequivocally increasingly dependent on data systems and networks in many of the things we do daily. In this light, our right to access information networks is a significant societal issue, not merely a commercial question. Likewise, given our dependence on them, the quality of information systems becomes a more significant concern than it has been to date.
[19]
One telling development in this regard is RITU, a system introduced in Finland in 2013 to assist in handling criminal cases. The local courts have calculated that in its early stage of use, the system has significantly slowed the processing of criminal cases in the courts.10 Writing judgments in a structured form has unfortunately clearly taken more time, even 30 % more time than before.
[20]

In addition to looking at the Network Society in sociological and communicational terms, we must subject it to legal scrutiny. We need to speak of the Legal Network Society. It is the society we see in the era of the modern constitutional state, a society in which the very exercise and protection of our fundamental rights increasingly take place on information networks. The development of technology and the development of the constitutional state inevitably meet. This is where legal welfare comes into the picture. The use of information systems should contribute to the development of the constitutional state. When we talk about welfare, we should not overlook the aims of legal welfare; yet, this is often what happens. Legal welfare seems to be left out of the societal welfare discussion.11

[21]
To recap briefly, in the Network Society we are dependent on the smooth functioning of information systems; in the new constitutional state we rely on legal welfare that is deeply based on human and constitutional rights. These considerations should figure in the design phase of information systems and document logistics. Where this is done, our rights will be realised early on in the process. Gone is the day – or it should be – when legal certainty was primarily assessed in terms of a fair trial. In the modern European constitutional state, we should be able to trust that our rights are being respected in all phases of their realisation.12 One fundamental practice to adopt if we are to achieve that aim is the legal planning of information systems.
[22]
Following these brief observations, it is time to move on to take a closer look at how and what kind of transparency is implemented in the Network Society.

3.

The legal planning of transparency ^

[23]
Traditionally, the two basic elements of transparency have been access to public documents and procedural transparency; these have been the cornerstones of openness. Complementing these are the obligation to keep financial records, the obligation to inform and making various activities subject to permit and qualifications. And, in the final analysis, a free press has been seen as the guarantee of transparency. What we see is a rather complex whole, one that is organised in different ways in different countries.
[24]
The increasing use of computers in government gradually prompted consideration of the stores of data that were being maintained using IT and the types of documents information systems were producing. These concerns explain in part the rise of legislation on personal data protection, and as part of this trend the definition of a document came to include other than paper records. Nevertheless, for a long time people still lived the era of paper documents, and some do even today. The focus of attention was, or is, on content of the document and not on how it is produced. For a long time, IT was seen, like other forms of office automation, primarily as a tool; only as a tool.
[25]

Today it is time – actually it has been time for a long while – to say goodbye to the e-government we had that was based on an IT-as-a-tool mentality. Government in the Network Society is information government13. We are reliant on information systems and information networks. Good government is not merely a matter of procedure, of how things are done. It is also, and above all, well-designed, sound data processing in high-calibre digital operating environments. In that design and those environments, the legal perspective is the starting-point for everything. We can and should speak of the legal planning of information systems. Where legal planning is lacking, we may encounter rather odd and revealing situations, ones that expose the attitudes of officials in baffling ways. I will illustrate this through two rather regrettable examples from Finland. The first involves document management in the police and the second the work of the highest-ranking body of experts dealing with patient injuries, the Patient Injuries Board.

[26]
The Parliamentary Ombudsman had to issue a reprimand to the police administration in a situation where, when the pre-trial investigation in a criminal case had ended, the police sent each of the parties involved a document that included the personal identification codes of all the other parties. The codes were in the same document and the police administration justified its procedure by saying that it was not good document management to strike out personal data in documents. In other words, for the police good document management was more important than people’s fundamental rights.14
[27]

The second example illustrates a technically outdated procedure and the dubious approval it enjoys under the law. It involves a case where the Patient Injuries Board refused to supply decisions made in its plenary sessions to a law firm that had requested them.15 One reason was that the decisions had been written with the personal data crossed out in a manner that made the decisions hard to understand. The structure of the document had not been planned with transparency in mind. Another reason for the refusal was that reviews of the cases by two experts in medical journals, the publication of the reviews by a commercial publisher in a database and use of the reviews at training sessions were seen as fulfilling the duty imposed on authorities by the Openness Act to produce and disseminate information. In terms of Legal Informatics and document logistics, this ruling is nothing short of unbelievable. The Patient Injuries Board did not comprehend the importance of document logistics when making its decisions and, in addition, the Supreme Administrative Court was not familiar with our right to information – the correct, original information; edited information is another thing. This simply should not happen in a constitutional state in Europe.16

[28]

These cases reveal not only the attitudes at work but also the basic problems associated with static documents. A paper document is basically static, the same no matter where and how it is used. It can be altered by covering information or preparing extracts. However, alteration of a document has been regarded as an exception to the main rule, an act requiring extensive justification – preferably regulation.17

[29]

One prospect where the development of the digital operating environment is concerned has long been the idea of having a paperless office.18 In public administration this is connected with decision making and the notification of decisions that are verified by electronic signatures and, ultimately, electronic archiving. The EU Electronic Signatures Directive was undoubtedly one of the impetuses for the extensive development that began in the 2000s. For example, in November 2010, the Ministry of the Interior was the first ministry in Finland to change over to electronic document management. A hard copy of an administrative decision can only be obtained on request.

[30]
Digital document systems and electronic document management provide an opportunity to produce dynamic documents. Being digital is in fact one of the fundamental technical characteristics of such systems. Documents can be planned for different purposes and with different content while retaining, using metadata, information on the original document and the different forms in which it has been distributed. For this to succeed, we need more than merely the requisite technical and legal planning of the information and communications system involved. The path of information, like openness and legal welfare in society, should be legally invulnerable. Then transparency can be appropriately realised and realised to its full extent.

4.

Planning the path of information ^

[31]

In examining the path that information takes in the Network Society, it is helpful to distinguish at least five basic factors: content, access, delivery, usability, and information security. The right information must be in the right form at the right time and available in the right manner to those who have a right to use it. These aims are, in principle, straightforward and, indeed essential in a democratic constitutional state. But in practice they are sometimes difficult to implement, above all because legal planning is sketchy, planning is downright lacking and even the required know-how is not there. Adding to the problem is that IT planning has generally been specific to each branch of administration. Narrow scope experts have been responsible for projects.19

[32]
Although the digital working environment has brought with it the prospect of using the features of dynamic documents, in terms of IT the path which information takes has become considerably more complicated. We have to keep the entire lifecycle of information in view. Legally significant scrutiny begins with considerations of the platform to which data are attached and how this is done, and extends to the question of how data are archived or erased. Likewise, one must be asking how the digital traces of a document can be expunged. These are all very different concerns indeed than one sees in the lifecycle of a static paper document.
[33]

It would be misleading, even downright wrong, to claim that these issues have not been given any attention. In fact, legal informatics can boast a long history of addressing them. There was the work that was done already in German legal informatics in the 1970s or the Nordic research of the 1980s. Yet these all predate the Network Society and today’s constitutional state. Needless to say, the efforts mounted in the 2000s to achieve interoperability in the administrative services in Europe also merit our attention. The EIF and EIS programmes have shown that interoperability has been promoted through recommendations.20 In Finland, the approach taken was legislation – the Act on Information Management Governance in Public Administration – which came into force in 2011 and whose particular objective is to promote interoperability and systems architectures as a whole.21

[34]

The background to the Act is straightforward: the extensive incompatibility of software applications and the use of data systems in the public sector that resulted from old fashioned, e-government thinking. This has been particularly visible and harmful in social welfare and public health care. In that sector, the independence of Finnish municipalities had resulted in there being a wide variety of information systems and software acquisitions. However, the law itself has an unfortunate cosmetic defect: it defines information management as a support activity only.22

[35]
I will not go into the plans that are in the works in different countries here. There are no doubt many of them and interoperability has become a key word in developing administration. I would prefer to draw attention to a consideration that has been largely overlooked in my opinion: the comprehensive legal planning of the path information takes. What I mean here is planning that proceeds from human rights and encompasses the entire path information travels, beginning with the acquisition of an information system and the attachment of data to a platform. Such planning would define all of the situations in which data will be processed and see to it that this processing is implemented automatically to the extent possible. This approach goes a step farther than that already required by the Personal Data Directive. Privacy by design and data protection by design are anything but new considerations, but they have most often been understood in general terms, without getting down to the level of the technology involved. When due consideration is given on the technical level to the path information must travel, legal expertise, standards and certification take on a crucial role. This has been acknowledged to a certain extent in the draft Data Protection Regulation.
[36]

Information management in the constitutional state cannot be allowed to take place on a case-by-case basis. Likewise, we cannot allow the protection of personal data to be jeopardised because the lack of regulation causes an otherwise protected digital document to be printed out and registered as a whole, for anyone to access, in the name of openness. Legal planning should cover the path information takes as comprehensively as possible. Transparency thus necessarily plays an essential role in planning. We have to answer the question, «What kind of information do we produce and use?» We are not entitled to hide public information artificially in invoking the protection of trade secrets or privacy. This is what has occasionally happened where case-by-case discretion has been the approach. In addition, when things are done manually, we have seen that those processing data either lack the requisite skills or have poor skills when it comes to balancing different values and rights. We can also, like Shima Baradaran, speak of «blind balancing», in which attitudes regularly steer things in the same direction without taking seriously all relevant information.23

[37]
In an automated, legally well-planned system the risks will be fewer if the system can alert users where it detects an error and present questions regarding the information needed. In other words, we need sophisticated expert systems if we are to implement interoperability and transparency on the path information takes in the Network Society.
[38]

This proposition of mine might raise suspicions that I am urging a return to the 1980s and 1990s, when expert systems were proffered as systems that could replace human decision-making.24 This is of course not what I have in mind; far from it. Here I see expert systems as tools that support decision making where appropriate, when there is a need to proceed from a legally well-planned standard solution to an individual case; and in such cases the program would only present the available options, seals or marks and the grounds for them.25 Data protection by design and privacy by design are effective approaches for reducing administrative burden only where their implementation includes a functional informational environment that supports decision making. Openness, access, interoperability and surveillance will be properly realised only in environments offering legally well-planned, secure information systems. As information travels its prescribed path in the Network Society, every situation allowing open discretion is a risk.

[39]

I mentioned at the beginning that I would also express my position on surveillance in the constitutional state. I will now do so briefly. We can gain insights into surveillance, perhaps best-researched in sociological terms in our time by David Lyon, if we divide it into three types: good surveillance, bad surveillance and surveillance between states.

[40]

Good surveillance and monitoring is, in simple terms, the supervision carried out to maintain the functionality of democracy. It is the essential oversight that ensures the realization of human and fundamental rights. In this form, it is one of the basic principles of the law of personality.26 It is also crucial, because transparency cannot be an absolute value that is invoked without due justification to interfere in an individual’s right of self-determination.

[41]
Bad surveillance and monitoring are, like bad bureaucracy, inflated and cause unnecessary administrative burdens. The roots of such surveillance lie largely in the mind-set that prevailed under administrative government and in the procedures that became established at the time. Characteristic of this form of surveillance is a lack of respect for the rights of the individual.
[42]
The legal planning of information and communications systems would keep us alert to the relation between good and bad surveillance, ensuring in the process that we achieve optimal legal welfare. This aim would require a voluntaristic view on the use of IT, one with a healthy skepticism regarding the technological imperative.
[43]
The most difficult issue to tackle is the legal organization of surveillance and monitoring between states. Here I will content myself that the question is ultimately one of the exercise of power. However, there is no factor in this context either that should justify circumventing human and fundamental rights. Bearing this in mind as well, it is an important objective in developing the constitutional state to create optimally secure and legally well-planned information networks. A constitutional state whose information networks pose risks to the rule of law is hardly worthy of the name.27

5.

Summary ^

[44]
The Network Society ushered in an era of watchdog organisations. There are a large number of these that monitor people’s rights in using networks and the use of networks in general. This phenomenon should not be overlooked when speaking of transparency in its various forms.
[45]
Two international organisations of interest for our topic were set up in 1993: Privacy International and Transparency International. Both can be described as expert watchdog organisations and can be said to represent an import change in the doctrine of the sources of law. Watchdog organisations, in particular expert organisations, stand to play an increasingly important role in the Network Society in the debate on what is fair. Research in law cannot afford to overlook them as producers of legal source material.
[46]
It is no doubt a coincidence that both organisations mentioned were founded in the year 1993. Then again the date can justifiably be considered the point at which society woke up to a significant change. The Information Society and the development of e-government at that time made it advisable to begin looking at the future in a new light. The drawbacks to eagerly following the technological imperative begged for closer and critical scrutiny. We can say that there was a social need for a fresh examination – one proceeding from different bases – of the rights of the individual and the functionality of the marketplace. Today, naturally, there are a fair number of international watchdog organisations.
[47]
The role watchdog organisations play reflects the complexities involved in regulating the path that information travels. This is an issue very often fraught with considerable tension. We have to weigh various rights against one another. Contrasts become highlighted in this process when matters are viewed from a narrow, single-issue perspective. In such cases, a comparison of the information provided by different watchdog organisations often has much to contribute to finding a solution.
[48]
Leaving the interpretation of conflicting views to take place on a case-by-case basis runs counter to the objectives of both the constitutional state and modern information government. Openness and transparency can be effectively promoted through sound legal planning of information systems and communication. Using dynamic, structured documents and placing multisensory «traffic signs» based on expert systems along the road information takes will represent a great step forward, whether the case at hand involves an individual document or the development of open data and the practicing of data journalism based on it.
[49]
However, this will require a significant upgrading of the present routines in information management and knowledge leadership. With appropriate open planning we can rid ourselves of the administrative burdens which the development of e-government brought with it. The implementation of openness and transparency can be automated to a considerable extent without violating the rights of the individual to the protection of personal data and privacy.28 Open data should not be a slogan only.

 

Ahti Saarenpää

Professor Dr., University of Lapland, Institute for Law and Informatics

Box 122 96101 Rovaniemi, Finland

asaarenp@ulapland.fi

 


  1. 1 An example of regulated surveillance, albeit a sharply criticised form, is the signal intelligence practiced in Sweden by FRA, the National Defence Radio Establishment. However it is openly regulated.
  2. 2 See more for example Saarenpää, Data protection in the network society – the exceptional becomes the natural. In Galindo, Fernando (ed.), El Derecho de la sociedad en red 2013.
  3. 3 For more on the recent development of Nordic openness in Finland, see Erkkilä, Reinventing Nordic Openness: Transparency and State Information in Finland. The author demonstrates that traditional openness has in many respects been transformed into an openness that requires economic efficiency.
  4. 4 Finland has been considered one of the world’s least corrupt countries. One factor contributing to this is the government’s strict adherence to legalism; the principle is even enshrined in the country’s constitution.
  5. 5 Kirkegaard, Open access to public documents – More secrecy, less transparency! Computer Law & Security Review 2009 p. 26.
  6. 6 Lord Denning (1899–1999) in Southam v. Smout (1964).
  7. 7 Dan Svantesson is one of those, who use the concept data poivasy See more in Svantesson, Extraterritoriality in Data Privacy Law pp. 25.
  8. 8 The term occurs only twice in the draft Regulation sections and it is not found in the section setting out the objective of the instrument: Section 1.2: This Regulation protects the fundamental rights and freedoms of natural persons and, in particular, their right to the protection of personal data.
  9. 9 Van Dijk, The Network Society, 3rd edition (2012).
  10. 10 Some of the slow processing experienced can no doubt be attributed to users» attitudes but the chief problem has been the badly designed user interface.
  11. 11 See more Saarenpää, Legal welfare and legal planning in the network society pp. 47–69. In Barzallo/Valdes/Reyes/Amoroso (eds.), XVI Congreco Iberoamericano de Derecho e Informática, Tomo I (2012).
  12. 12 A graphic example of Finnish practice is a case submitted to the Parliamentary Ombudsman, who issued an opinion in response to the complaint stating that it is not permissible to mark an individual’s personal identity code on documents solely because the information system being used requires it. See eoak 1777/2008.
  13. 13 Information government is a legal concept which has been brought into the public debate most compellingly by Victor Mayer-Schönberger and David Lazer. It is a good concept.
  14. 14 This case is also a good example of how the Ombudsman system in Finland has grown to become an important one for overseeing the observance of human and fundamental rights.
  15. 15 Finnish Supreme Administrative Court (KHO:2013:28).
  16. 16 Professor Jukka Kemppinen’s snide blog remark to the effect that there are judges who should never be allowed to take pen in hand was borne out in the extreme.
  17. 17 The Finnish Personal Data Protection Act has an express provision stating that hard copies should not needlessly display personal identity codes. The provision reflects the idea of a dynamic document. See more already David O Stephens in Records Management Quarterly, vol. 32, 1/1998.
  18. 18 The slow pace of this development is insightfully discussed by Sari Yli-Kauhaluoma/Mika Pantzar/Sammy Toyoki in their article Mundane materials at work. Paper in practice. In Elizabeth Shove/Nicola Spurling (eds.): Sustainable practices: social theory and climate change. London: Routledge. Routledge Advances in Sociology 2013: 69–85.
  19. 19 From the German point of view Klaus Lenk has written that Germany has good software engineers, but hardly any organasional experts who could be able to analyse what to do. See Lenk, The nuts and bolts of administrative action in the information age pp. 235. In Snellen/van der Donk (eds.), Public information in an information age. Revisited (2012).
  20. 20 See Schartum, Sharing Information between Government Agencies: Some Legal Challenges Associated with Semantic Interoperability, pp. 347–361. In van der Hof/Groothuis (eds.), Innovating Government and the ISA programme, at ec.europa.eu/isa/index_en.htm.
  21. 21 Section 1 states: «The purpose of this Act is to improve the efficiency of activities in public administration and to improve public services and their availability by laying down provisions on information management in public administration and on promoting and ensuring the interoperability of information systems.» See more at www.‌vm.fi/vm/en/03_press_releases_and_speeches/01_press_releases/20121019Firstc/
    julkictstrategy_EN_20121031.pdf
    .
  22. 22 «In this Act, 1) information management in public administration means support activities that ensure the performance of public administration tasks and make use of the methods and means of information and communication technologies».
  23. 23 See Baradaran Rebalancing the Fourth Amendment, The Georgetown Law Journal, Vol 102:1. Baradaran is of the view that in the United States cases, a lack of information, among other factors, results in cases of privacy being regularly decided in favour of the government.
  24. 24 At its most trivial, a misdirected faith in expert systems appeared in AATU, a system used in Finland to calculate housing subsidies. When it was being built, there was firm belief that legal rules and the logical rules used by expert systems were similar. The rules of the software were formulated by interviewing experts; knowledge engineers. The software itself was intended for use by staff with less education; all the relevant know-how need was, so it was claimed, programmed into the system.
  25. 25 Cfr. recital 77 in COM(2012) 11 final : «In order to enhance transparency and compliance with this Regulation, the establishment of certification mechanisms, data protection seals and marks should be encouraged, allowing data subjects to quickly assess the level of data protection of relevant products and services.» This can be one solution of the so called multisensory law idea sketched by Colette R. Brunschwig.
  26. 26 See more in Saarenpää, Personrätt – integritetsrätt pp. 41–58. In Bärlund/Nybergh/Petrell, Finlands civil- och handelsrätt : en introduktion (4p 2013) (in Swedish).
  27. 27 As Finnish law has no special provisions on surveillance, drafting of the requisite legislation in has begun in connection with work on the country’s cyberstrategy. The first proposals to this end, drawn up by government civil servants, have met with exceptionally harsh criticism from experts on fundamental rights.
  28. 28 A decision in principle taken by the Finnish Government in March 2011 to make the use of public digital materials largely free of charge on information networks will improve the chances of detecting information that points to abuses. In sophisticated legally planned information systems that information is in a form that respects the individual’s rights.