A Helsinki administrative court has overturned a €2.4 million data protection fine against Finland's national postal service. The Data Protection Ombudsman imposed the penalty nearly a year ago after finding the company's Omaposti service violated privacy regulations.
The substantial fine was influenced by Posti's annual turnover at that time.
Posti had automatically created electronic mailboxes for customers without their consent. Officials determined this breached personal data processing rules.
Companies can only process personal data under contract when absolutely necessary for delivering core services. The Data Protection Ombudsman found the postal service could have operated without automatically creating these mailboxes.
Customers also couldn't delete their electronic mailbox without losing access to other connected services.
Data Protection Ombudsman Anu Talus justified the original penalty by noting customers might have unknowingly received bills through the electronic system. Posti had also provided inadequate information to customers about the new digital mailbox feature.
The court maintained the finding about insufficient customer notification in its Monday decision.
This case highlights ongoing tensions between digital service convenience and privacy rights across Nordic countries. Finnish authorities appear willing to challenge major corporations over data protection violations, though courts provide necessary oversight on penalty assessments.