In Finland, the use of social and health data is regulated by several laws, such as:
- The Data Protection Act
- The Act on the Processing of Client Data in Social and Health Care
- The Medical Research Act
- The Act on Clinical Trials on Medicinal Products
- The Act on the Medical Use of Human Organs, Tissues, and Cells
- The Biobank Act
However, the secondary use of social and health sector register data is regulated by the Act on the Secondary Use of Social and Health Data, or the Secondary Use Act, which came into force in 2019. In the same year, the data permit authority Findata was established, centralizing the permit activities.
The Secondary Use Act defines how and under what conditions social and health data can be used outside of their original purpose, for example, in research, statistics, and other purposes not related to patient care or benefit processing. The Act also regulates issues concerning data protection and confidentiality obligations and sets requirements for data processing and security.
Before the Secondary Use Act came into force, permits for data use were granted by individual data controllers, the Ministry of Social Affairs and Health, or the National Institute for Health and Welfare, and there was no uniform practice for processing the data. Centralizing permit activities and data processing to Findata has improved data security and the privacy of citizens. When data is combined centrally, its use is more protected and can be monitored more effectively.