The SDG Regulation does not provide for exceptions to the disclosure of secret or other sensitive personal data. The Regulation and its extensions only provide for e-services from another EU Member State and for requesting and disclosing the necessary information regardless of the nature of the information.
Under section 29 of the Act on the Openness of Government Activities (Openness Act), an authority may grant access to a secret document to some other authority if there is a specific provision on access or the right of access in an act, for example. Under section 30 of the Openness Act, an authority may grant access to a secret official document to an authority of a foreign state or to an international institution, if an international agreement binding on Finland contains a provision on such co-operation between Finnish and foreign authorities and if the Finnish authority in charge of the co-operation could under this Act have access to the document. The exchange of OOTS data is governed by the EU SDG Regulation and the OOTS Technical Implementing Regulation.
It is also significant that, from the perspective of the user, i.e. the party protected by the Openness Act, the provision of information always requires an explicit request, which typically revokes the need for secrecy under the Openness Act. Thus, the Openness Act does not prevent the disclosed information (evidence) from containing information that is, as a rule, secret under the Openness Act.
Disclosure of data belonging to sensitive categories of personal data referred to in Article 9 of the General Data Protection Regulation is also possible under section 6, subsection 1, item 2 of the Data Protection Act (5.12.2018/1050). According to this provision, the prohibition on processing data concerning special categories of personal data in Article 9(1) of the General Data Protection Regulation does not apply to any processing of data that is provided by law or that derives directly from a statutory duty set out for the controller by law.
