Browsing by Title

As the esports scene has grown in the past ten years, so has the legal problems surrounding it. Because esports does not have the same kind of structure surrounding it as other sports, it lacks the committees and bylaws that could help in solving different legal issues. Instead esports relies on the more common legal avenues to solve problems that might be completely unheard of in other sports. This study will consider the contractual and legal relationships between different parties in an event where an unauthorized party is using a third party program to ‘rebroadcast’ the gameplay footage of a professional esports player on a streaming site. To thoroughly consider all the angles in an event like this, the author has to consider legal standing of all the parties involved. However, the study will focus on the legality and possible ramifications that an event like this might cause. As most of the more important service providers to date, especially the ones focused on streaming esports, have their base of operations in the United States, the study will focus on the legislation and the case law of the United States. Some legal points from foreign intellectual property legislations will be introduced, and the broader effects of different harmonization processes of international copyright treaties will be explained, but for the sake of clarity, the focus will be locked on the legislation of the United States and especially the Digital millennium copyright act and the Lanham Act. Also some watershed cases from U.S. case law will also be introduced to give some intelligibility to the actual applicability of the legal points that are made. As the contractual relationships between the video game developer, the professional videogame player (esports player) and the creator of the third party software are among the most important parts of the study, there is a separate chapter for the Terms of service agreements (TOS) and the End user license agreements (EULA). This is done to give the reader a basic understanding of the ways that video game companies establish and impose control over their intellectual property in the video game industry. Case law and interpretations of different court cases regarding the Terms of service agreements and End user license agreements will be introduced. As the subject matter is unavoidably intertwined with the use of worldwide web, it is important to look at the current legislation that is used to control things like e-commerce, and converse on the different aspects of intellectual property protection used in the digital age. For the reader to understand the basics of the harmonization of different intellectual property legislations in the internet age, the study will introduce some of the most important international intellectual property treaties, which form the basis for harmonized intellectual property protection in different countries worldwide. For clarity’s sake, a real life event where an individual used a third party program to stream a pro esports player’s gameplay on a streaming site will be introduced. The legal actions of each legal subject will be covered and the legal validity of their actions will be analyzed and used as a base for broader legal analysis on the subject of rebroadcasting via third party programs.

Trademark functions have acquired a central part of EU trademark law during the last few decades along with the development of the so-called adverse effects doctrine, also known as the functions theory. It has been established by the Court of Justice of the European Union (CJEU) in its case law concerning the interpretation of the double-identity rule found in EU trademarks directive. A corresponding provision is also contained in the EU trademarks regulation. The provision entitles the trademark holder to prevent unauthorised use of a sign which an average consumer perceives as being identical with the trademark where it is also used in relation to goods and services which are identical with goods and services covered by the trademark (double-identity). It is however established case law that the trademark holder can oppose the use of an identical sign on the basis of the double-identity rule only where it also affects or is liable to affect one of the functions of the trademark. The scope of legally protected functions is not limited to the trademark´s essential function of indicating origin (origin function) but covers the functions of quality-guarantee, communication, investment and advertising (additional functions). This thesis examines the role of the adverse effects doctrine in current EU trademark law. The topic is relevant since the exact content of the doctrine has previously been considered unclear, especially insofar the additional functions are concerned. In this respect, the discussion is mostly attributable to the case L´Oréal v. Bellure where the CJEU held that adverse effect on the additional functions, even in the absence of harm to the origin function, could be invoked as a ground for infringement action based on the double-identity rule. Although double-identity situations may encompass different types of unauthorised use, this thesis is mainly focused on referential uses. The most typical (and important) form of referential use is the use of a competitor´s trademark in the context of comparative advertising, which is also governed by the EU Directive on Misleading and Comparative Advertising (MCAD). While comparative advertising can be considered as one form of referential use, not all referential uses contain an element of comparison. For this reason, this thesis divides the concept of “referential use” into three different categories: (1) use in comparative advertising, (2) use to indicate the intended use of goods and services, and (3) use for purposes other than indicating the intended purpose of goods and services. The double-identity rule is formulated and has been interpreted by the CJEU so that most often these modes of use fall within its scope. EU trademark law underwent a comprehensive reform during the second half of 2010s with the previous Directive 2008/95/EC having been repealed with effect from 15 January 2019. In addition to introducing a number of other amendments and clarifications to the old directive, the recast Directive (EU) 2015/2436 also brought changes to the articles concerning the content of the rights conferred by a trademark and limitation of the effects of a trademark. The transposition period for the recast directive expired on 14 January 2019. In Finland, the necessary changes were transposed into national law as part of the overall reform of the Finnish Trademarks Act. For one, the reform broadened the narrow spare parts exemption under the old directive so that the new Art. 14(1)(c) TMD now also covers use of the trademark for the purpose of identifying or referring to goods or services as those of the trademark holder. Furthermore, the use of a competitor´s trademark in unlawful comparative advertising has been added to the nonexhaustive list of uses in Art. 10(3) TMD which the trademark holder may, in particular, prohibit if the conditions for infringement are met. Unlike before, the preamble to the directive now also refers explicitly to the respect of fundamental rights and freedoms, as well as the freedom of expression. The legislative debate that took place at EU level is however more complex than the minor amendments to the old directive would seem to suggest. Most importantly, the content of the adverse effects doctrine and the scope of legally protected functions under the double identity rule was not changed, despite the Commission´s proposal to that effect. This means that the requirement of adverse effect on the trademark functions remains as an unwritten a requirement of double identity infringement even after the reform. With the updated trademark framework now in place, this thesis examines whether the adverse effect doctrine still has practical relevance after the reform, and if so, to what extent. First, it examines the development of the doctrine in the CJEU´s case law as well as the various approaches offered by recent literature to understanding its role in EU trademark law. Secondly, this thesis examines in more detail the effect which the amendments introduced by the reform have on the practical relevance of the adverse effects requirement through comparison and contrast between the manner in which certain types of referential use were assessed before and after the reform. The question is approached from the perspective of the different mechanisms for limiting the effect of the exclusive trademark rights from within and outside trademark law. This thesis concludes that the adverse effects doctrine still has a role in the post-reform EU trademark law, although a slightly more limited one. Referential use in the context of lawful comparative advertising is covered by the “comparative advertising exception” that follows indirectly from Art. 10(3)(f) TMD; whereas use of a competitor´s trademark in unlawful comparative advertising may be found infringing if it adversely affects one of the mark´s functions. To this end, this revision clarifies the dynamic between comparative advertising and trademark infringement in accordance with the principles established already in the CJEU´s case law pre-dating the reform. The second category of referential uses, on the other hand, was already captured by the narrow spare parts exception in the old directive. After the reform, referential use for indicating the intended purpose the goods and services, such as spare parts or accessories, forms one of the main areas of application of the broadened exception in Art. 14(1)(c) TMD. The third category of referential uses can be perceived as the “new” part of Art. 14(1)(c) TMD or, alternatively, as the extension to the old spare parts exception. As regard the latter, the new directive however seems to leave room for interpretation, and consequently room for applying the adverse effects doctrine.

Avhandlingen behandlar regleringen av medicinsk forskning och utgår från den systematik som återfinns i lagen om medicinsk forskning (forskningslagen). Särskilt behandlas medicinsk forskning på minderåriga. Avhandlingen inleds med en kort översikt över rättsprinciper och mänskliga rättigheter som är relevanta inom det medicinskrättsliga området och som är tillämpliga på medicinsk forskning. Därefter beskrivs processen för inledande och genomförande av medicinsk forskning i huvuddrag. I det följande avsnittet görs en djupare analys av reglerna gällande samtycke. Det repressiva rättsskyddet ges sedan utrymme, och då framför allt skadeståndsskyddet. De nämnda avsnitten underbygger avsnittet gällande medicinsk forskning på minderåriga. De frågor som tas upp gäller minderåriga som samtidigt även hör till andra specialgrupper såsom exempelvis handikappade, frågan om representation av minderåriga samt frågan om beaktande av den minderårigas åsikt. I avhandlingen görs inte en heltäckande granskning av regleringen av medicinsk forskning på minderåriga, utan de frågor som granskas har valts på den grund att den synvinkel de representerar inte tidigare har behandlats i den finska rättslitteraturen eller därför att ytterligare rättspraxis har framkommit inom området. Den minderåriga har rätt att själv fatta beslut gällande samtycke från 15 års ålder, men den minderårigas samtycke krävs tillsammans med vårdnadshavarna ifall den minderåriga förmår förstå forskningens betydelse. Specialsituationer gällande vem som har rätt att samtycka ifall där fråga är om en minderårigs minderåriga barns deltagande i forskning medför en krävande balansgång mellan olika intressen. Gällande minderåriga gravida och ammande mödrar rekommenderas i avhandlingen att även forskning som är till nytta för det ofödda barnets hälsa borde kunna tillåtas när en moder som har förmågan att samtycka ger sitt samtycke till det. I avhandlingen diskuteras hur en minderårigs åsikt ska beaktas och hur den minderåriga ska informeras gällande forskningen. I samband med denna diskussion framkom i undersökningen att forskningslagens 7 § 4 mom., gällande beaktande av handikappade personers åsikt när de deltar i forskning, att ifrågavarande paragraf gäller vuxna och inte är tillämplig på minderåriga. Detta kan vara av vikt eftersom stadgandena gällande beaktande av forskningsobjektets åsikt inte är de samma i forskningslagens 8 § 5 mom gällande forskning på minderåriga. Representationen av minderåriga undersöks, vilken enligt gällande rätt förutsätter att båda vårdnadshavarna ger sitt samtycke i de situationer där vårdnadshavarna är två. Endast ifall ärendet ifråga inte har en stor betydelse för barnets framtid, den andra vårdnadshavaren är förhindrad och ärendet är brådskande kan en vårdnadshavare i allmänhet ensam fatta beslut. Inom medicinsk forskning har det i rättspraxis och rättslitteraturen ansetts tillräckligt med samtycke av en förälder ifall åtgärden som samtycket gäller är rutinmässig. Ingen reglering existerar vad gäller vilket lagrum som ska ges företräde i fall där flera av forskningslagens stadganden gällande specialgrupper är tillämpliga på samma individ. I avhandlingen framförs förslag till tolkning av forskningslagens stadganden gällande minderåriga i samband med stadganden gällande andra specialgrupper. Tolkningen utgår från att forskningslagen beaktas i samband med Oviedokonventionen och barnkonventionen. Den tolkning som förordas ger företräde åt den reglering som gäller specifikt minderåriga, när dessa saknar förmåga att samtycka till deltagande i forskning. Regleringen gällande minderåriga ska då tillämpas i sin helhet med företräde för annan specialgrupp. Den andra tolkningsregel som föreslås är att den reglering som ger det större skyddet för individen bör väljas, exempelvis så att ett lagrum som kräver obetydlig risk ska tillämpas framom ett lagrum där risken tillåts vara större, ifall båda stadgandena skulle vara tillämpliga på den minderårigas deltagande.

Transition to a more sustainable economy plays a major role in tackling climate change. Some estimates suggest that at least the amount of 180 billion euros per year should be channelled to sustainable investments to achieve the European Union’s 2030 targets as agreed in the Paris Agreement. To support the transition to a greener economy, the European Commission published in March 2018 the action plan for financing sustainable growth. Pursuant to Action 8 of the action plan, “the Commission will explore the feasibility of the inclusion of risks associated with climate and other environmental factors in institutions' risk management policies and the potential calibration of capital requirements of banks as part of the Capital Requirement Regulation and Directive.” In practice, this would mean either a more favourable capital treatment to ‘green’ or sustainable assets (a green supporting factor) or imposing higher capital requirements for ‘brown’ or unsustainable assets (a brown penalising factor). This thesis examines the feasibility of calibrating capital requirements of banks to better reflect climate-related financial risks and to boost transition to a greener economy. As risks deriving from climate change are still highly unpredictable and subject to several uncertainties, traditional risk-management techniques that mainly rely on historical data are ill-suited to assessing them. Therefore, this thesis also examines whether the precautionary principle could be applied in the bank regulation framework. The aim is to find the most suitable solution to reconcile the need for rapid climate action and safeguarding financial stability.

Sharing Economy is a growing market and it contains many types of companies. Ridesourcing companies are platform-based companies, which provide an intermediator service connecting the drivers and the passengers. However, some scholars, governments and local taxi unions do not totally agree with this definition and claim that ridesourcing companies are de facto also providing the underlying transport service. The most famous ridesourcing company Uber was founded in the United States in 2009 and it expanded to Europe in 2011. Several other companies have followed in Uber’s steps, but the definition of the nature of their operations has not yet been clarified on the European Union level. Many Member States have banned the operations of ridesourcing companies and there is legislation regarding them for example in France. Some Member States, however, determine ridesourcing companies as digital services and allow their operations. Due to the unclear situation, three preliminary ruling requests have been submitted to the European Court of Justice regarding the definition of Uber. The Spanish and the French request are still pending. Hopefully, the decisions will determine whether Uber is a digital or a transport service provider. The employment status of the drivers of ridesourcing companies is not clear either. The companies deny having an employment relationship with the drivers and instead classify them as partners or clients and as self-employed transport service providers. Many cases have emerged globally where the drivers are trying to receive the employee status and the benefits which come with it. This thesis will present a case of the UK Employment Tribunal which determines first the nature of Uber’s operations and then the employment status of the drivers. That case will be compared with the two cases of Helsinki Court of Appeal where Uber drivers sentenced for providing an unlicensed taxi service. This thesis will argue that the definition of Uber was the difference which led to opposite decisions about the employment status of the drivers. Comparing the UK and the Finnish employment law and case law regarding Uber drivers show how fragmented the situation is in EU.

The European telecommunications sector has witnessed a period of change in the last decades. Starting with the liberalisation process of the 1990s, the successive introduction of sector-specific regulation has resulted in a move from state-owned monopolies to privatisation and competition in the industry. Presented as a temporary instrument, the sectoral regime was intended to phase out and gradually be replaced by general competition law as a sufficient degree of competition emerged in the markets. Such transition has not taken place yet. After three decades of regulatory reforms, and a considerable degree of competition has emerged in most telecommunications markets, the sector now faces new challenges. In particular, telecommunications operators face growing competition from a new market actor providing services Over-The-Top of the Internet. These ‘OTT’ service providers offer communications services that increasingly substitute traditional telecommunications services. Yet they are not subject to the sectoral telecommunications framework. Whereas telecommunications operators must comply with a dual regulatory regime, OTT undertakings are subject to horizontal legislation only. The purpose of this thesis is to is to examine the necessity and appropriate scope of sector-specific telecommunications regulation at the EU level. To this aim, two closely related research questions are investigated, including 1) whether (or to what extent) sector-specific regulation is still needed to regulate telecommunications networks and services, and 2) whether (or to what extent) the scope of sector-specific regulation should be extended to also cover OTT services. These are timely questions as the European Commission proposed an overhaul of the telecommunications rules in September 2016. As far as the first research question is concerned, this thesis concludes that many of the sector-specific rules should be withdrawn since they are already covered by horizontal legislation. To reduce the risk of obsolete provisions as well as inconsistent and overlapping legislation, priority should be given to horizontal over sectoral legislation whenever possible. The sector-specific obligations should instead be minimised to provisions that are absolutely necessary for promoting competition and protecting end users. This is at least the case for the sectoral rules on interconnection and emergency services. As far as the second research question is concerned, this thesis concludes that the scope of the sector-specific rules should not be extended to also cover OTT services. At present, the technical and economic characteristics of these services do not warrant specific rules in addition to the horizontal rules in place. An extension of the sector-specific rules on interconnection and emergency services would instead cause significant additional cost for OTT providers and constitute a serious threat to innovation. These findings must however be reviewed in a few years as the market for OTT services has continued to mature.

Surrogacy is a debated way of having children. It divides people, and jurisdictions in those who endorse it and those who do not accept it. Just within Europe there are multiple approaches adopted on its regulation, alternating between permissive take on it to total bans and criminal sanctions. Globalisation, advancement of medicine and digitalisation have contributed to enabling the providers of surrogacy services in countries where it is legal with the people in the countries where it is not permitted at all or where they are not eligible to take part in such an agreement, who want to have a child through a surrogacy arrangement. This has created a completely unregulated global market of service providers and cross-border reproductive patients circumventing domestic legislation. The diversity of regulatory approaches in national legislation in Europe combined with the total absence of international regulation create a robust foundation to exploitation and human rights infringements in surrogacy cases. Most European states have ratified the European Convention on Human Rights, and have to accommodate its requirements in their legislation and practices concerning surrogacy. Consequently, this thesis aspires to map out the different legislative ways that European countries have adopted in regulating surrogacy, and evaluate their compatibility with the European Convention on Human Rights as well as their felicity in ensuring the realisation of the human rights of the surrogate mothers. In addition to that, the thesis discusses the historical development of medically assisted reproduction and surrogacy. Cross-border surrogacy has led to litigation on both domestic courts and in the European Court of Human Rights. The case law from both of this are shaping the developing understanding of the scope of national legislation regarding surrogacy. Cross-border reproductive tourism has put the scope of national law in test, invoking questions about whether national regulation on the subject will prove to be redundant when the circumvention of national is increasingly affordable and accessible. Judging these cases, the courts have to take into account not only domestic legislation, but also international conventions the states have contracted and the principles, such as the priority of the best interest of the child, stemming from them. This thesis has a detailed review of the cross-border surrogacy cases of the European Court of Human Rights, and analyses case law’s impact on the current and the future development of national and international regulation, their effect on the predictability and legal stability of domestic law. Lastly, the thesis maps out the current endeavours on international level to draft international regulation on surrogacy. There are some similarities between the development of the international adoption regulation to ongoing developments of surrogacy in practice and in regulation. The thesis provides a brief review of present situation of international regulation, and aspires on its part to contribute data to analysing the best regulatory options for both national and international regulation on surrogacy.

Tiivistelmä – Referat – Abstract Post the financial crisis of 2008, European Union has introduced a plethora of laws to reform the financial system and make it further resilient. While the crisis led to financial reforms that have created heavy load of compliance, it also created a field for innovation led financial services called Fintech. In the post-Covid-19 era, the need for financial institutions and supervisors to speedily and efficiently deal with compliance has become more pronounced, as they brace for the impact of pandemic and focus on other critical tasks. The combination of regulatory compliance load on one side and innovation on other side have made the role of AI critical to regulatory compliance and supervision. On this premise, the thesis discusses existing role of AI and the challenges in successful deployment of AI where it can be scaled to exploit all its abilities. The challenges in deployment of AI are two fold – one that relate to its role in compliance with financial governance framework including AML, PSD2, MiFID II and GDPR etc. requirements, and other that deals with the role of AI within compliance procedures such as reporting, following up with regulatory requirements and policies etc. The discussion aims to identify the gaps in technology such as black box problem and inductive bias in AI, as well as regulatory framework that hamper the deployment and exploitation of AI in compliance and supervision of financial institutions. At the same time, innovations such as RegTech and SupTech enable AI to provide fast solutions to banks, Fintech and supervisory authorities. The technological and regulatory challenges of AI are identified by doing empirical research and applying legal dogmatics, as well as considering socio-economic factors affecting the financial industry. The discussion also notes the vision of a Digital Europe and how the recently announced policy discussions such as the AI strategy, Data Strategy, Cloud Initiative, Digital Finance Strategy etc make a profound impact on the gaps identified, but also leave exposure to other possibilities such as lengthy process of adoption, implementation and testing of these policies. The discussion concludes that successful adoption of the proposed laws, provisions for financial industry in the AI strategy and new and innovative methods such as data ethnography can together solve the technological and regulatory challenges identified as hinderance to scaling up AI role in regulatory compliance.

Tiivistelmä/Referat – Abstract Yhteiskunnan muutoksen ja teknologian kehityksen myötä henkilötietojen suojan merkitys on korostunut kasvavalla nopeudella viimeisten vuosikymmenten aikana. Henkilötietojen suoja on Euroopan unionin perusoikeuskirjassa vahvistettu perusoikeus, ja keväällä 2018 sovellettavaksi tulleen Euroopan unionin yleisen tietosuoja-asetuksen myötä henkilötietojen suojan merkitys kasvoi entisestään. Tutkielmassa keskitytään rekisterinpitäjän ja henkilötietojen käsittelijän määritelmien tulkintaan ja erityisesti niiden väliseen rajanvetoon. Tutkielmassa tarkastellaan myös yhteisrekisterinpitäjyyden määräytymistä. Tutkielman ensisijainen tutkimustavoite on tarkentaa edellä mainittujen määritelmien soveltamiskriteerejä ja tulkintaa. Rekisteröidyn oikeudet pidetään tarkastelussa mukana läpi työn. Lisäksi tarkastellaan määritelmien tulkinnan pohjalta esiin nousevia rekisterinpitäjä – henkilötietojen käsittelijä -konseptiin liittyviä oikeudellisia haasteita. Tutkimuksen menetelmällisenä lähestymistapana käytetään lähtökohtaisesti lainoppia. Rekisterinpitäjä – henkilötietojen käsittelijä -konsepti toimii EU-oikeudessa perustana tietosuojavastuiden allokoinnille. Tehokas tietosuojalainsäädäntö ja rekisteröidyn oikeudet edellyttävät, että henkilötietojen käsittelyyn osallistuvat toimijat tietävät velvoitteensa. Rekisterinpitäjän ja henkilötietojen käsittelijän määritelmien tulkintaa on oikeuskäytännössä ja muissa lähteissä kuvattu funktionaaliseksi. Funktionaalisuus voidaan nähdä keinona tai tietosuojaoikeuden tulkintaperiaatteena, jonka avulla rekisteröidyn oikeussuojan tarve ja tosiasiallisesti vastuussa oleva taho saadaan kohtaamaan. Yksi tutkielman keskeisistä havainnoista on, että rekisterinpitäjän ja henkilötietojen käsittelijän määritelmien tulkinta riippuu aina rekisteröidyn tapauskohtaisesta oikeussuojan tarpeesta, eikä tulkintaa näin ollen voida tarkoin sitoa tiettyihin määritelmien elementteihin. Vaikka rekisteröidyn tarve henkilötietojen suojaan on määräävä tekijä rekisterinpitäjän ja henkilötietojen käsittelijän määritelmien tulkinnassa, pyritään tutkielmassa tarkentamaan niitä kriteereitä, joiden pohjalta rekisterinpitäjän ja henkilötietojen käsittelijän määritelmiä tulkitaan. Oikeuskäytännön, oikeudellisen kirjallisuuden ja viranomaisohjeiden pohjalta on tunnistettavissa joitakin toistuvia kriteereitä sekä määrääviä tekijöitä rekisterinpitäjän ja henkilötietojen käsittelijän määritelmien välisen rajanvedon ja määritelmien yleisen tulkinnan selkeyttämiseksi. Laaja ja funktionaalinen tulkinta ei selkeytä rekisterinpitäjän ja henkilötietojen käsittelijän välistä rajanvetoa. Rekisterinpitäjän ja henkilötietojen käsittelijän näkökulmasta funktionaalisuus voi näyttäytyä ennakoimattomuutena. Tutkielman lopussa tarkastellaan rekisterinpitäjä – henkilötietojen käsittelijä -konseptia myös rekisterinpitäjän ja henkilötietojen käsittelijän näkökulmasta, arvioiden määritelmien tulkinnassa esiin nousseita haasteita.

Euroopan unionin yleisen tietosuoja-asetuksen (2016/679) tavoitteena on varmistaa luonnollisten henkilöiden yhdenmukainen ja korkeatasoinen suoja henkilötietojen käsittelyssä koko EU:n alueella, sekä henkilötietojen vapaan liikkuvuus. Asetus on osa komission digitaalisten sisämarkkinoiden strategiaa, joka tähtää Euroopan digitaalitalouden kilpailukyvyn parantamiseen. Asetuksella pyritään lisäämään kuluttajien luottamusta digitaalisiin palveluihin tarjoamalla heille tehokasta suojaa, ja mahdollisuus valvoa henkilötietojen käsittelyä. Tietosuoja-asetus päivittää henkilötietodirektiivin 95/46/EY aikaiset säännökset vastaamaan paremmin digitalisoituvan yhteiskunnan tarpeisiin. Tietosuoja-asetuksen 6 artiklan 1 kohdan f alakohta sisältää rekisterinpitäjän tai kolmannen osapuolen oikeutettua etua koskevan käsittelyn oikeusperusteen, eli oikeutetun edun edellytyksen. Säännöksen mukaan henkilötietojen käsittely on lainmukaista, jos käsittely on tarpeen rekisterinpitäjän tai kolmannen osapuolen oikeutettujen etujen toteuttamiseksi, paitsi milloin henkilötietojen suojaa edellyttävät rekisteröidyn edut tai perusoikeudet ja -vapaudet syrjäyttävät tällaiset edut. Säännös on sanamuodoltaan avoin, ja asetuksen johdanto-osasta on löydettävissä vain muutamia ohjeita sen soveltamiseen. Oikeutetun edun edellytys on herättänyt keskustelua niin Suomessa kuin muissakin jäsenmaissa. Henkilötietodirektiivin 7 artiklan f kohdan vastaavaa säännöstä koskeva Euroopan unionin tuomioistuimen oikeuskäytäntö on vähäistä, ja säännöksen kansallisen implementoinnin ja soveltamiskäytännön välillä on selviä eroja. Suomi on ainoa jäsenmaa, jossa oikeutetun edun edellytykseen sisältyvän arvioinnin on tehnyt rekisterinpitäjien sijaan viranomainen, eli tietosuojalautakunta. Tarve säännöksen sisällön selventämiseen onkin suuri etenkin Suomessa, sillä tietosuoja-asetuksen soveltamisen alkamisen myötä 25.5.2018 rekisterinpitäjät arvioivat ensi kädessä itse, voivatko he käsitellä henkilötietoja oikeutetun edun edellytyksen nojalla. Tutkielmassa on pyritty vastaamaan tähän tietotarpeeseen selvittämällä, millaisia edellytyksiä tietosuoja-asetuksen oikeutetun edun edellytys asettaa henkilötietojen käsittelyn lainmukaisuudelle. Tarkastelu on keskittynyt erityisesti juuri rekisterinpitäjän oikeutettuun etuun. Tämän lisäksi tutkielmassa on selvitetty, vastaako henkilötietolain 7 artiklan f kohdalle kansallisessa laissa ja tietosuojalautakunnan soveltamiskäytännössä annettu sisältö tutkielmassa esitettyjä tietosuoja-asetuksen säännöksen edellytyksiä. Kysymykseen saadun vastauksen perusteella on mahdollista tehdä alustavia arvioita siitä, voivatko oikeutetun edun edellytykseen perustuvien henkilötietolain säännösten ja tietosuojalautakunnan käsittelyä koskevien lupien nojalla henkilötietoja käsittelevät reksiterinpitäjät jatkaa henkilötietojen käsittelyä tietosuoja-asetuksen oikeutetun edun edellytyksen nojalla. Tutkielmassa osoitetaan, että oikeutetun edun edellytykseen sisältyy kaksi kumulatiivista edellytystä. Rekisterinpitäjällä on ensinnäkin oltava oikeutettu etu, jonka toteuttaminen edellyttää henkilötietojen käsittelyä. Lisäksi rekisterinpitäjän on arvioitava, syrjäyttääkö rekisteröidyn eduille sekä perusoikeuksille ja vapauksille käsittelystä aiheutuva haitta rekisterinpitäjän oikeutetun edun käsitellä henkilötietoja. Ollakseen tietosuoja-asetuksen säännöksen tarkoittamalla tavalla oikeutettu, rekisterinpitäjän edun on oltava lainmukainen ja asianmukainen. Tämä edellyttää muun muassa, että edun on oltava tarkasti määritelty, jotta etu on ulkopuolisten arvioitavissa. Oikeutetun edun määrittelemisen jälkeen rekisterinpitäjän on suoritettava intressipunninta oikeutetun etunsa ja rekisteröidyn henkilötietojen suojaa edellyttävien etujen ja perusoikeuksien välillä. Rekisteröidyn edut ja oikeudet on käsitettävä laajasti, sillä henkilötietojen käsittelyllä voi olla vaikutusta esimerkiksi rekisteröidyn yhdenvertaisuutta koskevaan oikeuteen. Tietosuoja-asetus suojaa kaikkia rekisteröidyn perusoikeuksia, eikä ainoastaan oikeutta henkilötietojen suojaan. Henkilötietojen käsittely on oikeutetun edun edellytyksen nojalla lainmukaista ainoastaan, jos intressipunninta osoittaa, että rekisterinpitäjän oikeutettu etu on asianmukaisessa tasapainossa rekisteröidyn etujen ja perusoikeuksien kanssa. Tietosuoja-asetuksen suurin ero henkilötietolain oikeutettuun etuun perustuviin säännöksiin on, että tietosuoja-asetus edellyttää tapauskohtaista intressipunnintaa, jota henkilötietolaki ei puolestaan ole mahdollistanut. Muilta osin edellytysten välillä ei näytä olevan suurta eroa. Myös tietosuojalautakunnan soveltamiskäytäntö näyttää vastaavan tutkielmassa tunnistettuja edellytyksiä asetuksen säännöksen soveltamiselle. Tietosuojalautakunta on esimerkiksi intressipunnintaa koskevassa arvioinnissaan kiinnittänyt huomiota oikeutetun edun ja käsittelyn luonteeseen, sekä sovellettaviin suojatoimiin. Vastaavien seikkojen on katsottu kuuluvan myös tietosuoja-asetuksen edellyttämään intressipunnintaan. Vaikuttaakin siltä, että henkilötietolain oikeutettuun etuun perustuvien säännösten ja tietosuojalautakunnan myöntämien lupien nojalla henkilötietoja käsittelevät rekisterinpitäjät voivat tietosuoja-asetuksen soveltamisen alettua lähtökohtaisesti jatkaa käsittelyä tietosuoja-asetuksen oikeutetun edun edellytyksen nojalla. Tämä edellyttää kuitenkin tapauskohtaisen intressipunninnan suorittamista, ja rekisteröityjen selkeää informointia siitä, mikä reksiterinpitäjän oikeutettu etu edellyttää henkilötietojen käsittelyä. Lisäksi rekisteröidyillä on tietosuoja-asetuksen myötä mahdollisuus milloin tahansa vastustaa oikeutetun edun edellytykseen perustuvaa henkilötietojen käsittelyä.