Frequently asked questions
- The speed of my broadband connection is not what I as promised. What should I do?
- My broadband connection is disconnected. What are my rights?
- Can a telecom operator refuse to provide a broadband connection to me?
- I would like to remove a picture or some other content from the internet. What do I do? Can FICORA help?
- What sort of identification data can be handled for the purpose of the corporate subscriber’s internal billing?
- Can an employer store an employee’s e-mail address and e-mail account after the employment relationship has ceased in case the employee possibly still receives messages related to the employer’s activities?
- Can a corporate subscriber restrict the users’ access to a certain website, for example?
- Is an operator allowed to handle identification data in order to find out which subscriber’s subscriber connection is the source of messages or spam containing malicious software?
- In which way are black lists suited for filtering e-mail communications that is implemented by a telecom operator?
- What is meant by 'procedures to restrict e-mail communication from consumer subscriptions'?
- I use another service providers' e-mail service, not my internet service provider's. How is the sending of e-mail affected by e-mail communication restrictions?
Answers
The speed of my broadband connection is not what I as promised. What should I do?
There is an error in the service if the quality of the product or the method of delivery does not correspond to what has been agreed. First, you should contact the operator and ask them to correct the error. If the error is not corrected within reasonable time, you may be entitled to a price reduction. Also, you may be entitled to compensation due to a damage resulting from the error.
If the breach of agreement is of major significance, you have the right to terminate the agreement. You have to report the error within reasonable time if you plan to invoke an error. If you cannot reach an understanding with your operator regarding the correction of the error, you can contact your consumer adviser. Consumer advisers can assist in negotiations and if necessary, assist in filing a complaint to the Consumer Disputes Board. More information on the website of the Finnish Consumer Agency.
My broadband connection is disconnected. What are my rights?
As above, the problem may be due to an error in the service. Short interruptions are not errors, but the interruption must be uninterrupted or repeated. The difference to the previous questions lies in that when the error results in interruption of service, you may be entitled to a standard compensation. It amounts to at least 15 euros for each week or part of week the service was interrupted, but not to more than 120 euros. However, it is good to notice that operators have the right to temporarily interrupt the service due to necessary network construction and maintenance work. In this case, customers are not entitled to standard compensation. But, if the service is interrupted for a total of 48 hours in a calendar month due to such a reason, you can request the operator to compensate a month's basic rate.
Can a telecom operator refuse to provide a broadband connection to me?
Universal service means services considered as staple commodities, and which every consumer and company must have access to. The content of universal services with regard to internet access services is laid down in the Communications Market Act. Summer houses fall outside the scope of the regulation.
As of 1 July 2010, a broadband connection with a minimum speed of 1 Mbit/s, on the average, for incoming traffic is deemed to pertain to the universal service. However, it is sufficient that the average minimum speed of the connection is 750 kbit/s over a measurement period lasting 24 hours and 500 kbit/s over any 4-hour measurement period. The subscription provided to the customer can be fixed or wireless as long as it fulfils the above-mentioned quality requirements for the speed of the connection.
FICORA has obliged one or more telecom operators to provide universal service in areas where not enough provision has emerged on commercial basis. When a universal service provider has been designated to a certain area, it is obliged to provide a broadband connection fulfilling the above-mentioned speed requirements in its universal service area at a reasonable price and within a reasonable delivery time. The universal service decisions FICORA has issued on the internet are available from the authority's website for professionals. Use FICORA's search engine to check whether a universal service operator has been designated in your region for the provision of internet access services.
A universal service operator has the right to refuse to enter into an agreement for a subscriber connection referred to in subsection 1 with a user that is being prosecuted or has been sentenced in the past year for disrupting communications using a telecommunications operator’s subscriber connection or has outstanding, matured indisputable debts incurred from the use of another universal service operator’s subscriber connection.
I would like to remove a picture or some other content from the internet. What do I do? Can FICORA help?
FICORA is not authorized to intervene.
If it is punishable to keep the published content available or there is a threat of liability for damages, the court of law can order the removal of the content based on the provisions below. A decision issued by a Finnish court will not necessarily be successful in the removal of content placed on foreign sites. It is also possible to contact the webmaster of the site and ask for removal of information.
About FICORA's responsibilities:
The objective of FICORA’s operations is to ensure that the communications markets are functional and effective and promote the technical functionality and safety of communications networks. Also, the objective is to make sure that there is competition in the communications market and to guarantee that all users have access to trouble-free and safe communications connections. FICORA acts in the best interest of the citizen and the consumer in the framework of its mandate.
FICORA is responsible for monitoring that the telecom operators providing data transmission services (i.e. communications services) comply, in their operations, with the requirements set for them in the Communications Market Act (393/2003) and the Act on the Protection of Privacy in Electronic Communications (516/2004). Maintaining a discussion forum on the internet does not mean the provision of a communications service. Neither has the legislation pertaining to FICORA's mandate any statements about the lawfulness of website content or the rights/obligations of the party maintaining a discussion forum with respect to the content to be published.
FICORA has no mandate to decide what sort of content can be placed on the internet. The legislation does not either authorize FICORA to assess the lawfulness of website content or to order it to be removed or replaced. FICORA is not either authorized to oblige parties maintaining discussion forums to return usernames/pseudonyms back to the users.
Regulation regarding the removal of content:
According to the Act on the Exercise of Freedom of Expression in Mass Media (460/2003), messages posted on websites are regarded as network messages, in other words mass communications. According to Section 18 of the Act: "On the request of the public prosecutor, the head of a pre-trial investigation, or the injured party, a court may order that the publisher, public broadcaster or keeper of a transmitter, server or other comparable device is to cease the distribution of a published network message, if it is evident on the basis of the contents of the message that providing it to the public is a criminal offence. The court shall deal with the message as a matter of urgency. Before issuing a cease order, the court shall reserve the intended addressee of the order and the sender of the network message an opportunity to be heard, unless the urgency of the matter otherwise necessitates."
Respectively, Section 16 of the Act on the provision of information society services (458/2002) lays down as follows:
On application by a public prosecutor or a person in charge of inquiries or on application by a party whose right the matter concerns, a court may order the service provider, referred to in Section 15, to disable access to the information stored by him/her if the information is clearly such that keeping its content available to the public or its transmission is prescribed punishable or as a basis for civil liability. The court must urgently process the application. The application cannot be approved without reserving for the service provider and the content producer an opportunity to be consulted except if the consultation cannot be arranged as quickly as the urgency of the matter so necessarily requires."
In other words, if it is punishable to keep the published content available or there is a threat of liability for damages, the court of law can order the removal of the content based on the provisions above.
What sort of identification data can be handled for the purpose of the corporate subscriber’s internal billing?
Identification data may be handled only to the point, which is necessary for the purpose of handling. And, handling of information cannot restrict the confidentiality of communications or the protection of privacy any more than is necessary. In general, the handling of the amount of connections and their duration is sufficient for the purpose of internal billing. If it is necessary to handle such contact information as telephone numbers of B-subscribers for ensuring that the billing is carried out correctly, the information must in principle be handled in a way that the other party to the communication cannot be identified.
Can an employer store an employee’s e-mail address and e-mail account after the employment relationship has ceased in case the employee possibly still receives messages related to the employer’s activities?
Companies or organizations that process users’ confidential messages, identification data or location data in their communications networks, e.g. internal telephone or information network, are regarded as corporate subscribers. For example, a company that administers an e-mail server of its own, is a corporate subscriber.
Corporate subscribers have the right to handle the identification data in communications of corporate users for the purpose of using network and communications services for internal billing and ensuring information security in the service (PPEC). A corporate subscriber may process identification data for the purpose of detecting a technical fault or error as well as for the purpose of technical development of the service. In addition, identification data may be processed in certain cases of misuse, where any fee-based network service, communications service or value added service is used for free or unlawfully in any comparable way.
The Act on the Protection of Privacy in Electronic Communications does not mention the employer’s right to read the employee’s e-mail in any detail. However, section 4 of the Act mentions the confidentiality of communications at a general level. And, according to the law, a party to the communication has the right to process its own communications. The motivation for the Act states that also a community, e.g. an employer company can be a party to communications when the communications solely concerns its activities and does not as such include any personal communications of the user employee.
The Act on the Protection of Privacy in Electronic Communications (759/2004) governs situations in which the employer can gain access to the employee’s e-mail system and open messages. The objective is not to endanger the secrecy of the employee’s confidential e-mails and that messages belonging to the employer can be used by the employer while the employee is prevented. The purpose of regulation is that finding and opening messages sent to the employee or the ones sent by the employee, but belonging to the employer organization would be based on the consent of the employer. However, the law represents an appropriate framework for the employer to find out the messages belonging to its activities in situations where it is not possible to obtain the consent and where it is necessary for ensuring the continuation of the employer’s activities to obtain information.
The above-mentioned laws do not expressly mention that an employee’s e-mail address should be removed after the employment relationship ceases, but this decision is in accordance with both laws. In case the e-mail address does not exist, the sender of the message usually receives an error message saying that the message could not be delivered.
Processing purposes in accordance with chapter 3 of the Act on the Protection of Privacy in Electronic Communications do not exist as to communications identification data related to the time after the employee’s employment has ceased. According to section 4 of the Act on the Protection of Privacy in Electronic Communications, messages (e.g. e-mail) are confidential. The above gives reason to think that it is right that, after an employment relationship ceases, an e-mail address can be closed so that it cannot receive messages anymore. Any deviation from this procedure must separately be discussed with the employee.
According to the Act on the Protection of Privacy in Working Life and the Personal Data Act, the employer has the right to only process required personal data of the employee. Therefore, the employer would not have the right to process messages sent to the employee after the employment relationship has ceased. The Data Protection Ombudsman monitors the compliance with the Personal Data Act and the Act on the Protection of Privacy in Working Life.
Can a corporate subscriber restrict the users’ access to a certain website, for example?
If the method for filtering communications is analysis of content or identification data, the filtering and the processing of identification data must be in accordance with the Act on the Protection of Privacy in Electronic Communications i.e. the filtering must be carried out in order to ensure the information security of the communications service. The content of communications or identification data cannot either be processed for other purposes than those governed by the law, unless the user has given his permission.
If the filtering means that not all domain names/IP addresses are “advertised” in name servers i.e. they are in a way non-existent for users, the Act on the Protection of Privacy in Electronic Communications does not set any barriers for activities since this concerns the right to the freedom of expression (provisions on the freedom of expression are included in, for example, Section 12 of the Constitution of Finland and the Act on the Exercise of Freedom of Expression in Mass Media). However, the provisions of the Act on the Protection of Privacy in Electronic Communications restrict the processing of the information, which is possibly saved, on which user has tried to access a non-existent IP address. In principle, this sort of information serves no legal purpose of processing under the Act on the Protection of Privacy in Electronic Communications, and therefore, the information should not be saved.
Is an operator allowed to handle identification data in order to find out which subscriber’s subscriber connection is the source of messages or spam containing malicious software?
Identification data may only be handled to the extent necessary for the purpose of the provision and use of a network service, communications service or value added service and for the purpose of ensuring information security in these services (PPEC 9). In order to combat violations of information security and to remove information security disruptions, a telecommunications operator has the right to undertake necessary measures in order to prevent the transmitting and receiving of e-mail messages, text messages and other similar messages and to remove from the messages malicious software (PPEC 20). In other words, identification data may in principle be handled for the purpose of discovering who the sender of malicious software is as well as stopping spam mail if that endangers the usability and information security of the communications service.
Telecom operators are also obliged to take measures to rectify interference of danger, and if necessary, isolate the communications network or device from the public communications network (CMA Section 131). Therefore, the subscriber connection may also be totally disconnected from the public communications network, if it is, at that moment, the only way to rectify the situation causing danger or disturbance.
In which way are black lists suited for filtering e-mail communications that is implemented by a telecom operator?
Black lists are an example of mechanisms used for filtering e-mail. The mechanism prevents usability and information security problems caused by malicious e-mail communication. Usually a black list is a database of network addresses, which are for example known to be infected by malware that sends e-mail or open mail relays.
Black lists can either be used as assistants for filtering content as the harmfulness of messages is assessed. On the other hand, on the basis of the black list, a message can be refused and the further delivery from the system on the black list is denied. Black lists are normally used for filtering communication, because the introduction of black lists is simple and they are an efficient way of preventing certain type of malicious e-mail communication.
When the e-mail account refuses to forward the message, the e-mail server sends an error message to the sender as agreed in the protocol. If the e-mail system refuses to forward a message due to the black list, there is no need to analyze the content of the message in any detail. Neither is it necessary to waist the resources of the e-mail system/server for storing malicious e-mail communication.
In addition to blocking an e-mail message directly, the e-mail system, on the basis of the black list, can simply mark the message as malicious and forward the message after the procedure. This avoids problems caused by false interpretations.
The e-mail service provider is responsible for the functionality of the black list and applicability to the filtering of its e-mail communication. The e-mail service provider makes the decision about the suitability of the black list to the filtering of e-mail communications. Because black lists are often maintained by private parties and may change their methods rather quickly, it is not possible to provide a detailed recommendation on black lists suitability for the purposes of telecom operators. However, such established black lists as Spamhaus SBL and XBL, which are used by major service providers, can be regarded as reliable.
When selecting black lists, it is not advisable to use black lists that are not recommended for large service providers, or such which do not clearly state the reasons for being mentioned on the list, or lists that mention no clear procedures for being removed from the list. Some of these black lists are suitable for being used as auxiliary content filters. Then, e-mail account users can have the possibility to adjust the filtering mechanism of e-mail communication regarding the receipt of e-mail.
What is meant by 'procedures to restrict e-mail communication from consumer subscriptions'?
In order to ensure the information security and usability of the service, telecom operators are obliged to prevent unrestricted outbound SMTP (Simple Mail Transfer Protocol) communication from consumer subscriptions elsewhere than via agreed servers intended for outbound SMTP traffic. Normally this means that, when e-mail is sent from a consumer connection to port 25, the delivery may only be directed to those servers of the telecom operator reserved for outbound e-mail communication.
Restriction measures do not have an affect on e-mail communication using other data communications ports. Therefore, outbound e-mail communication using username-based authentication and encryption directed to port 587 must be permitted to an external server. In addition, the measures implemented in accordance with the regulation have no effect on the functionality of protocols and applications meant for reading e-mail.
In addition to automatically restricting SMTP traffic, a telecom operator can provide its customers with subscriptions permitting unrestricted SMTP traffic to the external network. In this case, the subscriber must be informed of the risks related to open communications and particularly monitor the volume of outbound SMTP traffic from the subscriber connection in the communications network.
I use another service providers' e-mail service, not my internet service provider's. How is the sending of e-mail affected by e-mail communication restrictions?
You can send your e-mail via your internet service provider's e-mail servers by changing your e-mail account settings. Set your internet service provider's outbound e-mail server as your e-mail account's outbound e-mail server. You can still use your old e-mail address when you send messages.
The communication restriction does not concern delivery methods using other data communication ports. For example, those methods of sending e-mail supporting username-based authentication and encryption, which can be used for sending e-mail via an external service provider. For example, data communication port 587 has been reserved for the delivery method in question.
In addition, e-mail service providers often provide webmail, which is suitable for temporary usage. Restriction methods do not affect the functionality of applications or webmail meant for reading e-mail. For further details on the delivery settings of your e-mail account, please contact your e-mail service provider.
