National benefits agency Kela has broken the law by not asking users of its website for permission to gather their data in accordance with data protection regulations, according to news consortium Uutissuomalainen.
The news agency reported Saturday that the data belonging to persons who use the website of the Finnish Social Insurance Institution, Kela, had ended up in the hands of third parties such as Facebook and Google.
According to Uutissuomalainen, Kela’s website uses technology and data collection tools sourced from private companies. However the agency does not provide users with this information on its site.
The news report is based on an analysis by data protection specialist Heikki Tolvanen. Kela communications director Pipsa Lotta Marjamäki said that the analysis is partly correct. However she differed from Tolvanen on the question of the level of user detail shared with third parties.
Uutissuomalainen reported that Kela said it would modify its website so that users would be asked to agree to the use of their data as well as so-called cookies.
Cookies are small files that track a user’s activity on a website and also help resume previous sessions and preferences as well as save login information to help personalise their experience on the site.