Predictive Policing Debates In Finland
Predictive policing refers to the use of data analytics, machine-learning models, and risk algorithms to forecast crime hotspots, identify high-risk individuals, or allocate police resources.
In Finland, the debate remains cautious, largely due to:
1. The Finnish Constitution
Ensures strong privacy rights (Section 10), protection of personal data, and proportionality requirements for any state surveillance.
Predictive systems requiring large-scale data aggregation or profiling must pass strict necessity/proportionality tests.
2. GDPR and Finnish Data Protection Act
Predictive policing would usually involve automated profiling of individuals, which under GDPR Art. 22 is generally prohibited unless specific safeguards exist.
Risk scoring of individuals can easily become indirect discrimination under EU equality law.
3. Public skepticism and trust in law enforcement
Finland has high trust in the police, but public debate around algorithmic systems includes:
Fears of replicating U.S.-style racial/ethnic bias.
Concern that Sami communities, immigrants, or low-income neighborhoods could be disproportionately targeted.
Transparency demands, since algorithmic logic is often opaque (“black box” problem).
4. Limited experimentation
Finland has considered hotspot analysis tools but is wary of individual-level predictive risk scoring.
National Police Board requires strict impact assessments before introducing algorithmic tools.
Relevant Case Law
Because Finnish courts have not produced many direct predictive-policing rulings, scholars and policymakers rely on analogous cases from Finland, the CJEU, and the ECHR that govern privacy, profiling, algorithmic decisions, and police data use.
Below are 7 detailed cases that directly shape the predictive-policing debate.
1. Finnish Supreme Court (KKO) 2020:20 — Police Data Retention Case
Facts
The case involved the police storing extensive personal data in intelligence registers for long periods, including information on individuals who were not suspected of crimes.
Holding
The Supreme Court found that:
The police exceeded their legal authorization.
Retention periods were disproportionate.
Some data processing lacked a lawful basis.
Why it matters for predictive policing
Predictive policing often requires large pools of historical data.
KKO 2020:20 emphasizes that:
Police cannot collect or keep data "just in case" future analysis might be useful.
Predictive systems must have explicit statutory authorization.
Individuals cannot be added to algorithmic datasets without clear suspicion thresholds.
This case is frequently cited by Finnish scholars as a barrier against “fishing-expedition-style” algorithmic data collection.
2. Helsinki Administrative Court 2018 (Tietosuojavaltuutettu vs. Police)
(Case on police facial-recognition trial data)
Facts
The Police had tested an early facial-recognition system using images from police databases, without clear impact assessments or purpose limitations.
Ruling
The court upheld the Data Protection Ombudsman’s view that:
Processing biometric data requires strict purpose limitation.
Experimental surveillance technology must meet GDPR requirements.
The police lacked sufficient impact assessment.
Relevance
Predictive policing systems often rely on biometric and video analytics.
This case establishes that:
Experimental AI must undergo DPIA (Data Protection Impact Assessment) in Finland.
Testing cannot circumvent privacy law, even if the ultimate goal is crime prevention.
3. Finnish Parliamentary Ombudsman Decision (EOAK 2019/4025) — Algorithmic Profiling Concerns
Facts
The Ombudsman reviewed police practices involving manual profiling of individuals considered “risk persons” (e.g., gang-related) without clear statutory basis.
Finding
The Ombudsman criticized:
Use of loose, subjective criteria.
Lack of transparency.
Possible discrimination.
Importance for predictive policing
Predictive policing automates profiling, which intensifies these concerns.
The decision signals that:
Statutory legitimacy must be exact and explicit.
Risk-scoring individuals (e.g., repeat offender prediction) is legally problematic unless regulated carefully.
4. CJEU — Digital Rights Ireland (Joined Cases C-293/12 & C-594/12)
Key Principle
Mass retention of communications data was struck down due to disproportionality.
Why it shapes Finnish predictive policing
Predictive tools often rely on bulk communications, mobility, or geolocation data.
The ruling implies:
Bulk data collection for predictive purposes is unconstitutional in the EU context.
Any Finnish predictive-policing system must be based on targeted, not generalized, surveillance.
Finnish courts consistently interpret constitutional privacy rights in harmony with this ruling.
5. CJEU — La Quadrature du Net (C-511/18, C-512/18, C-520/18)
Issue
Retention and algorithmic analysis of telecom metadata by police and intelligence agencies.
Ruling
Court held that:
General and indiscriminate retention or algorithmic analysis of population-wide data is unlawful.
Only narrowly targeted data analysis is permitted.
Impact on Finland
Predictive policing systems that analyze broad mobility or behavioral data would likely be unlawful in Finland unless:
Strong necessity is proven.
Measures are strictly targeted.
Judicial oversight exists.
6. ECHR — S. and Marper v. United Kingdom (2008)
Core Facts
Retention of fingerprints and DNA of non-convicted individuals.
Judgment
The ECHR ruled the practice violated Article 8 (privacy).
Effect on Finnish predictive policing debate
Predictive systems often require:
Keeping profiles of individuals not convicted or even suspected.
After S. and Marper, Finnish authorities emphasize:
Predictive policing cannot collect or retain data on innocent individuals.
Algorithmic datasets must be strictly limited.
This case is frequently cited in Finnish government reports evaluating new policing technologies.
7. ECHR — Zakharov v. Russia (2015) — Surveillance Safeguards Case
Relevance
Though involving wiretapping, the court established strict principles:
Surveillance must have foreseeable, clear legal basis.
Must include effective independent oversight.
Must not be arbitrary or secretive.
Why it matters
Predictive policing algorithms often operate with low transparency.
This case is used in Finland to argue that:
Black-box algorithms violate the requirement of foreseeability and accountability.
Individuals must have the ability to challenge automated decisions.
Synthesis: What These Cases Mean for Predictive Policing in Finland
Legal Constraints
Based on the cases above, Finland faces the following constraints:
No mass data retention — predictive policing cannot rely on bulk data.
High transparency obligations — “secret algorithms” are incompatible with Finnish and EU privacy law.
No profiling without clear statutory basis — risk scoring individuals would likely require new legislation.
Strong anti-discrimination protections — datasets must be bias-audited and justified.
Requirement for Data Protection Impact Assessments — for any experimental AI or analytics.
Practical Outcome
Finland is likely to allow:
Hotspot prediction (geographical forecasting)
But not:
Individual risk prediction (offender lists, risk scores)
Predictive surveillance using telecom or biometric data
Unless substantial new legislation is passed.
RELATED Blog
comments