Finnish Energy represents approximately 270 companies that produce, acquire, transmit and sell electricity, gas, district heat and district cooling and offer related services in Finland. The main messages of Finnish Energy regarding the Digital Fitness Check are as follows:
Welcoming simplification measures while refraining from any new digital legislation
Finnish Energy supports the objective of Digital Fitness Check to create a simplified, clearer, and more coherent legal framework for digitalization. A significant amount of digital rules have already been introduced in recent years, and these rules have only recently begun to apply.
As the regulations have only recently started to apply, their full impact will become apparent over time. This also requires allowing companies, organizations, and authorities sufficient time to adapt to and implement the recently adopted regulatory frameworks. As the full effects of given regulation will emerge over time, Finnish Energy considers it essential to prioritise effective enforcement and a thorough assessment of existing legislation before introducing any new regulatory measures.
Need for a careful and targeted assessment of remaining regulatory uncertainties
It is essential that the EU carefully and systematically addresses which aspects of the digital regulatory framework are genuinely unclear and which are already legally well established. A targeted approach is therefore needed to ensure that efforts focus on actual challenges, thereby enhancing clarity and efficiency for all stakeholders.
The relationship between the GDPR and the Data Act could be further clarified. While it is clear that the GDPR continues to apply, it should be explicitly stated that data sharing obligations under the Data Act do not remove the requirement to have a valid legal basis under the GDPR, and that personal data cannot be shared without such a basis.
By contrast, within the energy sector there has been ongoing discussion suggesting potential uncertainty regarding the relationship between the Data Act and the sector‑specific Implementing Regulation on metering and consumption data. Finnish Energy does not, however, identify an actual legal conflict between these instruments, as the Implementing Regulation applies as lex specialis. Nevertheless, for the sake of legal certainty and to address differing interpretations in practice, this relationship could be explicitly acknowledged in sector‑specific guidance for the energy sector.
The comprehension revision of the GDPR is needed
A comprehensive revision of the GDPR is needed, as the current legislative framework creates legal uncertainty and imposes a substantial administrative burden. This, in turn, hampers the development of a competitive European data economy. While the measures proposed under the Digital Omnibus are welcome, they are not sufficient on their own to address these underlying structural challenges.
One concrete example concerns the GDPR requirements related to transfer impact assessments (TIAs), which are disproportionate particularly for SMEs. Requiring individual controllers—often SMEs—to assess entire third‑country legal systems, including multilateral and bilateral international agreements, places an unrealistic and excessive compliance burden on them. To improve legal certainty and reduce unnecessary administrative costs, adequacy assessments for third‑country data transfers should be centralised and carried out by public authorities, ensuring consistency and predictability while significantly alleviating the burden on individual controllers.
Another concrete example demonstrating the need for a revision of the GDPR relates to its data transfer rules. Thirdcountry companies acting as controllers and collecting personal data directly from individuals are not subject to the same additional safeguards as EUbased controllers transferring data to third countries. This creates competitive distortions and may incentivise corporate groups to restructure data flows in order to circumvent stricter compliance requirements, thereby undermining the level playing field within the internal market.
Our experts on this topic
Legal advice, debt collection, digital and data legislation (incl. data protection)
