At the beginning of June 2018, the Finnish Transport Safety Agency (TRAFI) presented an online service that enables a search for information on individuals’ driving license, based on basic information: name or place of residence. Driving license reveals such personal information like document validity status or the date of last renewal. Disclosed information might indicate medical details as well (read more on processing medical data).
Previously this information was obtainable only by request or for the payment. However, the Finnish law required that driving license information would be available for the public. Therefore, all the data became available and easily accessible online to everyone. After several complaints and concerns raised on the possible privacy implications, TRAFI promptly shut all their online services. To determine whether the service was illegal or not and if GDPR was violated. The public outcry was followed by the resignation of the head of TRAFI.
Currently, an investigation is underway on how the data should be made available to the public without undermining the individual’s right to privacy and data protection. Whereas the information on driving licenses isn’t damaging as such, it allows the users of the online service to combine information on the individuals that might turn out to be sensitive information.