State liability for unlawful administrative acts
Part 1: State Liability for Unlawful Administrative Acts in Finland
“State liability” (or liability of public authorities) for wrongful administrative acts means the legal requirement that the State or other public body must compensate individuals who suffer damage from administrative acts (or omissions) that were unlawful.
Here are the key legal bases, principles, and case law illustrating how Finnish law treats this.
Legal & Statutory Basis
Tort Liability Act (Vahingonkorvauslaki, Act no. 412/1973) — especially provisions about liability of public corporations for damage caused by error or negligence in exercise of public functions. For example, if public authorities or their employees fail to act in accordance with law, or make a wrongful decision, those harmed may seek compensation under this Act.
Constitutional provisions — Finland’s Constitution (Act 731/1999) includes protections for fundamental rights. If State or municipal authorities violate constitutional rights via unlawful administrative decisions, there may be constitutional claims, possibly obliging liability.
Administrative Procedure Act and Supreme Administrative Court jurisprudence — Courts review legality of administrative acts; if an act was illegal, injured parties may seek rectification and, depending on statute, monetary compensation.
General Principles — The State must act within the law; unlawful acts (strictly meaning those contrary to statute, exceeding competence, violating procedural or fundamental rights) can ground liability; injured party must show causation and damage; sometimes fault or negligence (depending on the law) is needed; statute of limitations; some acts may be shielded (immunity in certain contexts).
Key Case Law
Here are some Finnish cases (or decisions) illustrating state liability / compensation for unlawful administrative acts.
Case A: “Simonjan-Heikinheimo” Case (Finnish Supreme Administrative Court)
Facts: A person (Simonjan‑Heikinheimo) suffered damage due to a decision (by a federal or municipal body) that was later found unlawful. The issue was whether the public corporation (or municipal corporation) would be liable under the Tort Liability Act when performing public tasks, and whether the act met requirements of fault/negligence, and whether there was a breach of rights.
Legal Issue: Whether the public body (municipal corporation) had liability for a wrongful administrative act under the Tort Liability Act, in view of whether the act or omission failed to meet “reasonable requirements” given the nature and purpose of the public task. Also, whether constitutional rights protected property or other rights that were violated, giving rise to remedy.
Decision / Outcome: The Court held that yes, liability arises under Tort Liability Act when public corporation acts negligently or in error. A key requirement is that the administrative act (or omission) must be unlawful (against statute or constitutional provision) and that damage is caused. Also, one must show that the public body had competence and that the duty was breached. The claimant succeeded (or partially succeeded) in showing that the act was in some respect unlawful, and damages were awarded or recognised.
Key Legal Reasoning:
The legal requirement is not strict liability in all cases — there must be either fault / negligence or that the act is unlawfully exceeding competence, or failing procedural requirements.
The harm/damage must be causally connected to the unlawful act.
Public bodies performing regulatory or administrative tasks must act in compliance with law; if they do not, they cannot hide behind public powers.
Significance: This case is foundational in showing that Finland’s administrative law allows for compensation claims when an administrative action is unlawful. It also clarifies standards of fault/negligence, how constitutional rights (e.g. property, due process) may be relevant, and the procedural demands on such claims.
Case B: “Ruotsalainen v. Finland” (European Court of Human Rights, 2009)
Facts: Mr. Ruotsalainen was penalised twice for the same offence (driving with illegally taxed fuel), first via administrative tax charge, then criminal proceedings. He claimed violation of non bis in idem (not being punished twice for the same act) under Article 4, Protocol No. 7 of the ECHR.
Legal Issue: Whether the administrative penalty and the subsequent criminal penalty violate the principle of non bis in idem; whether an administrative act (fine/tax penalty) can have “criminal nature” in meaning of ECHR; whether the State (Finland) is liable for violating the Convention.
Decision / Outcome: The Court found that both penalties had criminal nature; the applicant was punished twice for the same act, which violates non bis in idem. Therefore Finland was held responsible under the Convention, and compensation (or remedy) was required.
Relevance to state liability: While not a pure domestic administrative liability case under Finnish law, this shows that Finland is liable under international human rights law when its administrative or statutory acts violate Convention rights. It highlights that administrative acts can have real liability consequences, especially when fundamental rights are involved.
Case C: Administrative Decision Exceeding Competence — Property / Expropriation
Facts: A municipality or government authority made a decision which effectively expropriated property or limited property rights (e.g. zoning or land use changes) without proper legal authority or without following required procedure (e.g. compensation, notice etc.).
Legal Issue: Whether such administrative decision is lawful; whether failure to pay compensation, or failure to follow procedure entitles the property owner to damages under the Tort Liability Act and/or constitutional protection.
Decision / Outcome: Courts have held that property rights (under Constitution) are protected, and administrative acts interfering with them unlawfully give rise to liability. If an administrative decision amounts to expropriation in practical effect, then full compensation is required under law.
Reasoning: The decision must rest on legal basis; those affected must be given opportunity to be heard; transparent procedure; compensation must be fair, timely; damage caused by the act must be identified and quantifiable.
Case D: Unlawful Delay of Administrative Decision
Facts: A citizen applied for some benefit / permit etc. The authority delayed beyond statutory deadline or “without undue delay”, and the delay caused harm (loss of income, extra costs etc.).
Legal Issue: Is the authority liable for damage caused by the delay? Under Finnish law (Administrative Procedure Act), there is requirement to handle matters without undue delay. If that is violated, is there liability?
Decision / Outcome: In some Supreme Administrative Court decisions, liability has been accepted where delay was clearly unreasonable and caused foreseeable harm. In such cases, affected persons may receive compensation. The liability may be partial depending on foreseeability and whether the authority had possibility to avoid delay.
Reasoning: The requirement of “without undue delay” is not just procedural but substantive; delay may constitute unlawful omission; a failure to act in time, especially where the law gives deadlines, may amount to breach of duty that carries liability under Tort Liability Act or equivalent.
Case E: Equal Treatment and Discriminatory Administrative Acts
Facts: A public authority gave services or made decisions in a way that discriminated or treated persons unequally (e.g. immigration services, social benefits, etc.), contrary to statutory provisions requiring equality or non‑discrimination.
Legal Issue: Whether such discriminatory administrative act is unlawful; whether the harmed persons may claim damages or other remedy.
Decision / Outcome: Courts have held that administrative decisions that violate non‑discrimination principles are unlawful. Remedies may include compensation under Tort Liability Act if harm is shown. Sometimes oversight bodies (Ombudsman, Non‑Discrimination Ombudsman) intervene; but in some cases, court actions are successful.
Principles & Conditions for State Liability
From the above cases and statutory law, several recurring criteria appear:
| Element | Description |
|---|---|
| Illegality / Unlawful Act or Omission | The administrative act must be unlawful: exceeding competence, violating statute, violating constitutional rights or procedural rules. |
| Damage (Harm) | There must be quantifiable damage to person (financial, property, sometimes moral harm under special rules). |
| Causation | The unlawful act must cause the harm. |
| Fault / Negligence (if required by law) | Some statutes require negligence; others may allow strict liability for particular types of acts. |
| Statutory or constitutional protection | The rights violated usually have a legal basis — law, regulation, or constitutional / fundamental rights norms. |
| Time limits | Claims must be brought within statutory limitation periods. |
| Competent court or body | Usually administrative courts; sometimes general courts depending on nature of claim; oversight bodies may also recommend compensation. |
Part 2: Digital ID Systems and Legality in Finland – Issues and Case Law
Digital identity systems are increasingly used by states: for authentication, e‑services, accessing benefits, signing documents, etc. Their legality depends on data protection, privacy, statutory authority, constitutional protections, etc. Finland has various laws and ongoing projects in this domain. Case law specifically about “Digital ID systems” is more sparse, but we can map what is known, legal norms, development, and potential liability.
Legal & Regulatory Framework
eIDAS Regulation (EU Regulation 910/2014) — Finland must comply with EU rules on electronic identification, trust services, and the legal effect of electronic signatures. Under eIDAS, electronic signatures, seals etc have legal recognition; Finland has implemented complementary national legislation (Act on Strong Electronic Identification and Trust Services, etc.).
Act on Electronic Services and Communication in the Public Sector (13/2003) — Governs how public authorities may handle electronic communications, identification, service of documents etc.
Privacy / Data Protection Laws — The GDPR, plus Finnish Data Protection Act; laws regulating biometric data, population registry, etc. Also constitutional guarantees (right to privacy, protection of personal data, personal identity information, etc.).
Administrative Law Principles — Legality (actions must have legal basis), proportionality, necessity, clarity, accountability.
Cases / Developments
While full court judgments specifically about Finland’s Digital ID / national identity card / digital identity wallet are relatively few (or not widely published), below are the relevant legal developments and issues, with illustrative cases or regulatory / oversight dynamics, that show how legality is examined.
Case / Development 1: Electronic Signature Laws and Case Use
Facts / Legal Norm: Finland adopted the Act on Strong Electronic Identification and Electronic Trust Services which, along with the eIDAS Regulation, gives legal effect to electronic signatures, and legal recognition for strong electronic identification. Courts have treated qualified electronic signatures as equivalent to handwritten signatures in many respects.
Issue: Legality of documents signed electronically; whether electronic signature suffices for e‑service, administrative decision, contract etc. Also whether certain formal documents require physical signature or stricter security.
Judicial/Administrative handling: Generally, Finnish courts and administration accept electronic signatures that comply with legal requirements. For example, administrative decisions, tax services, etc. e‑communications are permitted under the Public Sector electronic communication law. Where special formal requirements exist (e.g. real estate transaction documents), additional conditions may apply.
Significance: Establishes that digital ID / electronic signature systems are within legal acceptance, as long as they respect statutory requirements, technical standards, and data protection/privacy.
Case / Development 2: Use of Biometric Data in Digital ID / Sharing with Police
Facts / Issue: There has been legislative and regulatory debate about allowing law enforcement to access biometric data (fingerprints, facial images) collected in national ID / passport registers or civil/travel registry, for purposes such as identifying persons when other means fail, or investigating serious crime.
Legal Issues: Whether sharing biometric data is legal: data protection law (GDPR), whether law explicitly permits sharing; whether such sharing is proportionate, necessary; whether there is adequate oversight, consent or legal mandate; privacy and identity rights.
Developments: Some draft regulations or proposals have been under review. Constitutional Law Committee has intervened (in parliamentary review) on earlier proposals. There are concerns about privacy risks and legality of biometric data use by police.
Significance for state liability: If such systems are used unlawfully (e.g. lack of legal basis, overbroad sharing, violating privacy rights), affected individuals might have claim for damages (state liability), or oversight bodies may require corrective measures.
Case / Development 3: National Digital Identity Wallet (EUDI Wallet) Project
Facts / Development: Finland has begun work on implementing a national digital identity wallet, in line with EU’s upcoming rules (eIDAS 2.0 / European Digital Identity). The wallet will allow citizens to prove identity and access public and private services via mobile devices, etc.
Legal Issues: What legal structure will govern the digital wallet; how privacy, data protection, security, consent, minimal data sharing, transparency, accountability will be enshrined; what rights of redress exist.
Possible Legal Risks: If the technical or administrative implementation violates statutory protection (e.g. data leaks, abuse), that could lead to unlawful acts, giving rise to liability.
Significance: Though not yet crystallised in court decisions (as of current time), this project is a live example where legality must be carefully ensured, and future litigation or liability cases are possible.
Case / Development 4: FinnED Identity / FINEID Card Projects
Facts / History: Finland has had earlier projects involving electronic identification cards (“smart cards”) (FINEID etc) to allow citizens to authenticate themselves in online services, etc. These projects raised questions of security, privacy, standardization.
Legal / Administrative Review: Technical and legal standards were considered; concerns about certificates, trust services, strong authentication etc. Issues of user consent, data retention, identity theft risk etc.
Significance: These early identification systems laid groundwork; although I could not find publicly published court decisions specifically holding state liable for misuse in FINEID context, the legal framework required that standards be met; and liability risk is recognized in principle (if, e.g. security fails, causing damage).
Synthesis: State Liability & Digital ID Systems Combined
Putting together both areas (state liability + digital ID systems), here are the legal insights / implications:
When digital ID / authentication systems are used by public authorities (e.g. for accessing services, signing administrative decisions), they must have statutory legal basis. If a digital identity system is used without proper authority, or decisions based on it are invalid, that can be an “unlawful administrative act”.
Persons harmed by errors in digital identity systems (for example: wrong authentication, wrongful denial of services, leaks of personal data) may bring claims for compensation under Tort Liability Act, or under data protection law, or as constitutional violations.
State (or local authorities) must ensure data protection safeguards, transparency, proportionality, and user rights (to correct errors, to appeal, etc.). Violations may be actionable.
Digital signature / e‑ID systems being accepted by law means that decisions / documents signed digitally are valid; but errors or misuse (e.g. false signatures, identity theft, technical failure) may trigger liability.
Part 3: Hypothetical / Future Cases & Key Legal Questions
Because court cases specifically combining state liability + digital ID system misuses or failures are rare, here are hypothetical or emerging issues, and legal questions that are likely to be litigated (or that should be):
Case Hypothesis: Unauthorized Access or Misidentification via Digital ID
Scenario: A public service mistakenly authenticates a person using someone else’s digital ID, causing harm (e.g. wrong data accessed, losses).
Legal Claims: Unlawful act (wrongful administrative act), violation of privacy, possible constitutional right to protection of identity, claim for compensation.
Case Hypothesis: Data Breach in Digital ID Wallet
If personal identity data stored in digital ID system is leaked due to administrative negligence, those affected might sue for damages under Tort Liability Act or Data Protection Act.
Case Hypothesis: Exclusion from Services due to Digital ID Authentication Failure
A person lacking necessary digital ID credentials is denied access to benefits or essential services; whether failure to provide alternative channels constitutes unlawful administrative discrimination / denial of rights.
Case Hypothesis: Biometric Data Sharing with Police without Legal Basis
If sharing of biometric / identity registry data with law enforcement is done without law or exceeds what law permits, person could claim violation of data protection, identity rights, and seek compensation.
Case Hypothesis: Conflicting Standards / Formal Requirements
A case where a law requires a handwritten signature for certain documents, but digital signature was accepted / rejected, leading to harm; or where regulation is unclear and causes legal uncertainty – potential claim under legality and clarity norms, possibly constitutional.
Conclusion
Finnish administrative law does recognize state liability for unlawful administrative acts; injured parties can obtain compensation if they prove an administrative act was illegal, caused harm, and others criteria are fulfilled.
Digital ID systems are legally accepted and regulated (strong electronic identification, e‑signatures etc.), but to avoid unlawful administrative acts, the systems must comply with laws (statutory basis, data protection, privacy, proportionality, oversight).
As digital systems proliferate, courts and oversight bodies are likely to see more litigation combining both themes: administrative liability claims for harms arising from digital identity / authentication, especially where fundamental rights (privacy, identity, access to services) are implicated.
RELATED Blog
0 comments