Finanssiala ry (FA), the Finnish financial sector lobby group, has welcomed the proposed reform of Finland's Data Protection Act, which clarifies when and on what grounds personal data may be processed by insurance companies. In a statement on April 21, 2026, FA highlighted that the reform, now before the Finnish Parliament, addresses long-standing ambiguities in the current law, particularly regarding the processing of special categories of personal data such as health information during the insurance application process.
The reform follows a series of regulatory developments in EU financial oversight. On April 14, 2026, the European Securities and Markets Authority (ESMA) issued guidelines to standardize periodic information submissions from financial market entities, including benchmark administrators and credit rating agencies, aiming to harmonize reporting formats and reduce compliance costs. Earlier, on April 16, 2026, the European Banking Authority (EBA) published a draft technical package for version 4.3 of its reporting framework, introducing new anti-money laundering and third-country branch reporting requirements. These EU-level initiatives reflect a broader push for transparency and standardization in financial data handling, which the Finnish reform complements at the national level.
FA specifically praised the addition of the term 'vakuutuksenhakija' (insurance applicant) to Section 6 of the Data Protection Act, which clarifies that special personal data, such as health information, can be processed during the application stage—not only after a policy is issued. This is essential for risk assessment and the ability to offer insurance coverage. FA jurist Tuulia Karvinen noted that the reform resolves previous uncertainties about whether data could be processed before concluding an insurance contract, even when necessary for evaluating the insurer's liability. FA's leading jurist Piritta Poikonen added that the current Section 4 of the Act has posed challenges for financial sector actors because only public authorities could invoke it, despite private insurance and pension companies also performing public administrative tasks. The reform aims to align the law with the reality that non-governmental entities often handle such functions.
The reform is expected to have a moderate positive impact on insurance companies by reducing legal uncertainty and compliance costs, while also benefiting consumers through clearer rules on data processing. However, it may raise privacy concerns among civil society groups regarding the expanded processing of sensitive health data by private entities. The balance between enabling risk assessment for insurance provision and protecting personal data remains a key cleavage in the debate.
← Atlas › News › Digital & Communication