A decade ago, Finnish Parliament passed a controversial reform to the data protection law, known as Lex Nokia, giving employers the right to monitor IP traffic data, such as email recipient details. Employers who had lobbied for the bill said it would help clamp down on industrial espionage.
The hotly debated reform, dubbed "Lex Nokia" because of the mobile phone giant's perceived advocacy for the law, angered unions and privacy rights advocates.
Back in the early 2000s, Nokia dug through employee email when it suspected an information leak within the company. Collecting this type of data was illegal at the time, leading corporations to lobby for the bill that was eventually written into law in 2009.
After the bill passed, Finnish society braced itself for employers to start monitoring employees’ email, with the Data Protection Ombudsman even establishing a three-person team to handle issues arising from Lex Nokia. But reality proved quite different. Three years passed before the office received its first Lex Nokia case.
Even Nokia, which strongly supported the bill, never reported using it. While Nokia chose not to comment on the matter to Yle, researchers dissecting the company’s history said the law backfired for Nokia as it strengthened a culture of fear within the company.
Yle found that only six companies in Finland tapped into their legal right to monitor employee email, including startup financier Business Finland and grid operator Fingrid.
Experts in the field told Yle that technology quickly outpaced the scope of the law. Email now competes with many other messaging channels. In addition, with employers having to notify personnel ahead of any snooping, wily workers were likely to find other means of passing secrets. Companies were also frightened to earn a poor reputation, as Lex Nokia was widely criticised as eroding an individual’s fundamental rights.
Today, Lex Nokia has become a part of the Information Society Code, which covers matters like the confidentiality of electronic communications.
Protecting trade secrets is a more complicated affair than watching email traffic, said Eija Warma-Lehtinen, an attorney specialising in data protection and privacy.
“If information critical to a company is stored on an unsecured shared server, it’s difficult to claim that they’re trade secrets,” Warma-Lehtinen explained.
She told Yle that employees in Finland enjoy a high level of confidentiality in their workplace communications. In comparison to other countries, employers in Finland have very limited rights to monitor personnel communications.