Jusletter IT

Openness, Journalism and Personal Data Protection – Lessons from the Taxation Data Business

  • Author: Ahti Saarenpää
  • Category: Articles
  • Region: Finland
  • Field of law: Data Protection
  • Collection: Conference Proceedings IRIS 2016
  • Citation: Ahti Saarenpää, Openness, Journalism and Personal Data Protection – Lessons from the Taxation Data Business, in: Jusletter IT 25 February 2016
In the modern Network Society we – every one of us – are increasingly dependent on access to networks, the information they contain and the services they offer. We can safely say that we live and work in a digital environment. Society has definitely changed. Accordingly, I prefer to speak of the Network Society, not the Information Society or Cyber Society.
As well, we are witnessing the rise of a new type of state, the constitutional state. It is a state in which human rights and constitutional rights are given increasing importance. Accordingly, I prefer to speak of the constitutional state, not a state governed by the rule of law.
These significant changes play an important role when thinking about how we can get access to and process information. It is time to discuss the principles of information law seriously. Old dichotomies such as public/private or secret/open with reference to information often serve us poorly today.
My article takes a brief look at the relations between openness, personal data protection and journalistic freedom. The leading case is this area is Satakunnan Markkinapörssi Oy and Satamedia Oy v. Finland, heard before the European Court of Human Rights. In its judgment, the Court discusses legal tensions between data protection, journalism and the public data business.

Table of contents

  • 1. Two remarkable milestones
  • 2. Traditional access principle
  • 3. Data protection regulation
  • 4. Taxation data and openness
  • 5. Veropörssi case
  • 6. Openness and tax information – once again
  • 7. Conclusion

1.

Two remarkable milestones ^

[1]
This year marks a milestone in the Nordic principle of openness. It has been 250 years since Finland, part of Sweden at the time, enacted a law – the Freedom of the Press Act – that could be described as an Openness Act. The openness principle is still one remarkable legal cornerstone in Nordic countries; a trademark in our international relations.1
[2]
We also have cause for celebration where personal data protection is concerned. The new General Data Protection Regulation can justifiably be described as legislation of and for the Network Society and the constitutional state. The framework is a new one.
[3]
Celebrating these two milestones will undoubtedly once again bring to the fore the tensions between the narrow perspectives to be found in our field. Specialization easily narrows expertise. What we here need are general doctrines of information law. It is these that will tell us, as we well know, what might be right in a given situation. The elaboration of such doctrines has been very slow in different countries. These efforts are now being given a new, essential urgency.

2.

Traditional access principle ^

[4]
Traditional access, as the right to see paper documents, has been a strong legal principle in Finland and other Nordic countries already for a long time. Nowadays it is one of our constitutional rights. In Finland access to documents is provided for in the following terms: «Documents and recordings in the possession of the authorities are public, unless their publication has for compelling reasons been specifically restricted by an act. Everyone has the right of access to public documents and recordings.» 2
[5]
This kind of access alone no longer applies in our modern democracy in the digital Network Society. It is too crude. The principle of access should not be a simple «open the door» solution. It should entitle us to comprehensive quality, too. At the end of the day, what we must focus on is how comprehensible, credible and useful information in different formats is in different societal and personal situations. We have a human rights-based right to know. We also need a more extensive array of standards and more of a narrative perspective in legal planning and its assessment. The robust functioning of democracy is among the loudest and clearest signals in legal and administrative communication.
[6]
A crucial difference to observe here is that we are no longer talking only about the right to inspect the content of traditional or digital documents or get copies of them. Citizens should also have more technical access – access to information networks and the information systems on them. We have already begun to view access to information as a new human right. Access to information systems, for its part, is one means by which IT implements transparency.
[7]
One practical and important aspect of access comes from the area of information government. When many, many years ago, talk began of e-government, a mentality arose whereby government information systems could – and should – be divided into two categories – front office and back office. The front office would provide citizens with information and electronic services; the back office was an internal information service for government itself. No doubt there are still applications out there that adhere to this architecture, and there is certainly no shortage of discussions and recommendations in the e-government literature. 3

3.

Data protection regulation ^

[8]
We also have cause for celebration where personal data protection is concerned. The environment in which we live and work will be governed by a new data protection regime, the outcome of a comprehensive reform in which we have preserved the core principles of what is a fundamental right. The new General Data Protection Regulation can justifiably be described as legislation of and for the Network Society and the constitutional state. Developments that we were only just waking up to back in 1995, when the first Data Protection Directive was adopted, are now nothing less than the very underpinnings – very firm ones I might add – of legal life today.
[9]
In the new regulation we can see the relation between the democratic access principle and our right to the protection of personal data taken into account at the rule level. Section 80a is now the Nordic fingerprint in the new regulation.4 The content is following:
  1. Personal data in documents held by a public authority or a public body may be disclosed by this authority or body in accordance with Union or Member State legislation regarding public access to official documents, which reconciles the right to the protection of personal data with the principle of public access to official documents.
  2. Each Member State shall notify to the Commission provisions of its law which it adopts pursuant to paragraph 1 by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment affecting them.
[10]
It is easy to see, that the old tension between access and data protection is still remarkable. Now member state legislation should be checked deeply and carefully. Are we ready to do that when at the same time celebrating the Nordic access principle? Let me now continue with one example concerning taxation information.

4.

Taxation data and openness ^

[11]
Information on individuals’ taxable income has a special place of its own in drawing the line between public and private information, a status reflecting the Finnish and, more broadly, Nordic traditions. Originally, it was considered necessary to place information on people’s income in the public domain because the tax authorities had no effective means of obtaining such information. Little by little, the sale of this information, appealing as it did to people’s curiosity, became a very productive means of fundraising for many associations. The publication of tax calendars, which began back in late 1920s, ended abruptly in 1988 with the coming into force of Finland’s first data protection act – the Personal Data Act. The publication activities would have required a permission from the Data Protection Board to process the relevant personal data. No such permission was forthcoming, because the Board did not consider the type of publication activity at issue to be related to an important public interest. Taxation information was still public but curiosity could not be the acceptable reason to publish it.
[12]

When implementing the data protection Directive we however got a new taxation information act; Act on the public disclosure and confidentiality of tax information (1999). This act makes part of citizen’s tax information public. Due to transparency we can get to know citizens incomes and how much they have paid taxes. This tax information act is giving journalism interesting material. Every October when taxation is ready, media is publishing national and regional lists of person’s wits highest incomes and public persons with high or low incomes. As media does tell how much they have paid taxes.

[13]
This kind of journalism is selling very well. People are curious. Media does not need to ad so much comment. Numbers themselves speak and sell. But what is journalism in that informational environment? This question is leading as toward the limits of journalism. The openness of tax information is a service for media and for citizens. How about the business? Now we come to the interesting Finnish Veropörssi case.

5.

Veropörssi case ^

[14]

Except the typical, ordinary media started one business company in Finland to publish citizen’s tax information again during 90's. The sale of tax information by Satakunnan Markkinapörssi Company, which began back in 1994 was based on two basic ideas. First, the company was collecting public personal tax information from tax offices and publishing Veropörssi magazines containing only that information as such. Second, the electronic SMS service it introduced was based on information the company had already published. Sending the name of person to this service you got to know his or her incomes and tax information. The company had the opinion, that both activities were out of the scope of data protection legislation.

[15]
The Data Ombudsman in Finland, Mr. Reijo Aarnio challenged the legality of the company’s activities. He observed that the company’s publishing activities constituted extensive processing of personal data without journalistic purposes. The legal background of this observation was clear. The Finnish Personal Data Act excludes journalistic activities of the media from its scope of application. Rather, publication of information covered by the protection accorded to a person’s private life – and this is what tax information is – is governed by provisions in the Finnish Penal Code. The mere fact that the information is public does not entitle a party to publish it in the mass media.
[16]
There is no doubt that journalism is among those activities in a society that is at best difficult to define. Media is also against the idea, that outsiders would define it. That is why data ombudsman asked the media’s own regulatory body in Finland, the Council for Mass Media to give its opinion. The council however did not did not want to reply to the Data Protection Ombudsman when he asked what journalism was.
[17]

The European Court of Justice did later provide a tentative answer. It considered journalism as complying with the Personal Data Directive where it consists of activities whose sole object is the disclosure to the public of information, opinions or ideas: solely for journalistic purposes.5 More detailed assessment of the question was left to the national courts.

[18]

From this point of view the Finnish Supreme Administrative Court refined its own view of the matter as follows:

 

«Because publication on this scale of the data recorded in a data file is comparable to the publication of a so-called background register collected by the entire company for editorial purposes, the issue is not one exclusively of disclosure to the public of information, opinions or ideas.»
[19]
In a word, journalism is something more than the publication of extensive bodies of information. The company’s activities lacked journalistic added value. it is easy to see, that this is the opinion of laymen too.
[20]

The European Court of Human Rights – voting 6 to 1 – accepted later the way in which the Supreme Administrative Court had weighed the protection of personal data on the one hand, and the freedom of expressions on the other. Accordingly, it no longer presented a specific view on the concept «journalism». However, it did find sufficient grounds for restricting the freedom of expression in a democratic society.6

[21]
Unfortunately, that decision is now scheduled to be heard before the Grand Chamber of the ECHR.7 I really am mystified here. The case is plainly a case of doing business with no journalistic purposes. The argument put forward by the company – that some newspapers had contented themselves with publishing the same tax records largely in list form – should not broaden the boundaries of what the media can do in the direction of other commercial activity. Veropörssi was a publication set up to collect and sell information, not a real newspaper or any other real media.

6.

Openness and tax information – once again ^

[22]

The question of the societal significance of tax information bears on the discussion of the surveillance society and its limits. Supervision is required to check the accuracy of taxation.8 The supervision carried out by the authorities has customarily been enhanced through supervision by other taxpayers. Making tax information public at one time served that purpose: it offered taxpayers the chance to assess the accuracy of others' tax information, for example, that of neighbours' and other people they knew.

[23]
Today, Finland has a new tool for the purpose in the form of an online service: It is possible to report suspected cases of tax evasion to the authorities anonymously on an information network. In my opinion, this arrangement is problematic indeed in the constitutional state. Every anonymous report is a step closer to a surveillance society. This is a real, not only theoretical problem.
[24]

The sale of private individuals' tax information as a commercial activity is difficult to accept ethically. Information protected by fundamental rights is being sold openly on the information markets. This should not be possible in a genuine constitutional state, where data protection is one of our fundamental ringhts.

[25]
Taxation is being handled increasingly using what has become known as the tax account, a system where the taxpayer communicates with the authorities using a protected telecommunications connection. The supervision of monetary transactions, part of the effort to stamp out the grey economy, has also become more significant. These two developments undoubtedly give us good reason to create a general framework providing a level of protection for tax information as a form of personal data protection that respects our right to the protection of financial data on us. There we do need a strong common Information Law.

7.

Conclusion ^

[26]
Realizing freedom of speech and freedom of the media inevitably allows bad and poor journalism to get its foot in the door. We cannot totally avoid this. But we should not tolerate substandard processing of personal data. This would be a violation of human and fundamental rights. Eliminating such a risk will require us to redouble our efforts to enact new data protection legislation and culture.
[27]

The principal advocate of the first access act, the father of the openness legislation, was the Finnish priest Anders Chydenius (1729–1803), a Member of Parliament in his day. I think he would today join my opinion about access to citizens taxation information in the new network society. Freedom of expression must be seen in a new environment.9 And he would discuss about a modern Law of Personality to protect citizens freedoms.

  1. 1 About the Nordic openness principle see more for example Erkkilä, Tero, Reinventing Nordic openness: transparency and state information in Finland (2010), passim.
  2. 2 The Constitution of Finland (1999) section 12.2.
  3. 3 Saarenpää, Ahti, Oikeusinformatiikka, in Niemi (ed.), Oikeus tänään (2016, in Finnish).
  4. 4 Earlier the same idea was written into the recital 72 in the data protection directive.
  5. 5 ECLI:EU:C:2008:727. The Decision was made in the Grand Chamber. The Administrative Supreme Court in Finland had asked the opinion of EU court.
  6. 6 EHRC fourth section 21 July 2015.
  7. 7 Referral to the Grand Chamber 14 December 2015.
  8. 8 See an interesting point of view in Hemberg, Erik/Rosen, Jacob/Warner, Geoff/Wijesinghe, Sanith/O´Reilly, Una-May, Tax Non-Compliance Detection Using Co-evolution of Tax Evasion Risk and Audit Likelihood, ICAIL 2015.
  9. 9 Cf. Nordenstreng, Kaarle, Deconstructing Libertarian Myths About Press Freedom, in Carlsson (ed.) Freedom of Expression Revisited (2013), pp. 45.