JUDGMENT …

                                              JUDGMENT



                                             STRASBOURG

                                              17 July 2008


This judgment will become final in the circumstances set out in Article 44 § 2 of the Convention. It may be
subject to editorial revision.
In the case of I v. Finland,
   The European Court of Human Rights (Fourth Section), sitting as a Chamber composed of:
        Nicolas Bratza, President,
 Lech Garlicki,
 Ljiljana Mijovic,
 David Thór Björgvinsson,
 Ján Sikuta,
 Päivi Hirvelä,
 Mihai Poalelungi, judges,
and Lawrence Early, Section Registrar,
   Having deliberated in private on 24 June 2008,
   Delivers the following judgment, which was adopted on that date:



PROCEDURE
   1. The case originated in an application (no. 20511/03) against the Republic of Finland
lodged with the Court under Article 34 of the Convention for the Protection of Human Rights
and Fundamental Freedoms ("the Convention") by a Finnish national ("the applicant") on 20
June 2003. The President of the Chamber acceded to the applicant's request not to have her name
disclosed (Rule 47 § 3 of the Rules of Court).
   2. The applicant was represented by Mr S. Heikinheimo, a lawyer practising in Helsinki. The
Finnish Government ("the Government") were represented by their Agent, Mr Arto Kosonen of
the Ministry for Foreign Affairs.
   3. The applicant alleged, in particular, a violation of Article 8 of the Convention.
   4. On 19 January 2006 the President of the Fourth Section of the Court decided to give notice
of the application to the Government. Under the provisions of Article 29 § 3 of the Convention,
it was decided to examine the merits of the application at the same time as its admissibility.



THE FACTS

I. THE CIRCUMSTANCES OF THE CASE

   5. The applicant was born in 1960.
   6. Between 1989 and 1994 the applicant worked on fixed-term contracts as a nurse in the
polyclinic for eye diseases in a public hospital. From 1987 she paid regular visits to the
polyclinic for infectious diseases of the same hospital, having been diagnosed as HIV-positive.
   7. Early in 1992 the applicant began to suspect that her colleagues were aware of her illness.
At that time hospital staff had free access to the patient register which contained information on
patients' diagnoses and treating doctors. Having confided her suspicions to her doctor in summer
1992, the hospital's register was amended so that henceforth only the treating clinic's personnel
had access to its patients' records. The applicant was registered in the patient register under a
false name. Apparently later her identity was changed once again and she was given a new social
security number.
   8. In 1995 the applicant changed her job as her temporary contract was not renewed.
   9. On 25 November 1996, the applicant complained to the County Administrative Board
(lääninhallitus, länsstyrelsen), requesting it to examine who had accessed her confidential
patient record. Upon request, the director in charge of the hospital's archives filed a statement
with the County Administrative Board, according to which it was not possible to find out who, if
anyone, had accessed the applicant's patient record as the data system revealed only the five
most recent consultations (by working unit and not by person) and even this information was
deleted once the file was returned to the archives.
   10. In its decision of 20 October 1997 the County Administrative Board held that:
      "Section 12 of the Patient's Status and Rights Act (laki potilaan asemasta ja oikeuksista, lag om patientens
    ställning och rättigheter) provides that the health authorities and staff have to comply with the regulations
    issued by the Ministry for Social Affairs and Health (sosiaali- ja terveysministeriö, social- och
    hälsovårdsministeriet, "the Ministry") when preparing and processing patient records. Pursuant to this section
    the Ministry has issued, on 25 February 1993, Regulation no. 16/02/93.
      In the said Regulation it is noted that patients records must be prepared having due regard to the secrecy
    regulations and the protection obligation and the duty to take care pursuant to the Personal Files Act
    (henkilörekisterilaki, personregisterlagen; Act no. 471/1987). According to the duty to take care, precaution
    and good registering practices must be observed when gathering, depositing, using and delivering data and
    these must be done in a manner so as not to infringe unnecessarily the right to privacy of the registered person
    or his or her benefits and rights. The protection obligation means that data in patient records must be duly
    protected against unauthorised processing, use, destruction, amendment and theft (sections 3 and 26 of the
    Personal Files Act).
      In the said Regulation it is also noted that the patient records must form an entity to ensure that outsiders
    cannot gain unauthorised access to them and that, in addition to the said obligations, in accordance with the
    Personal Files Act, the purpose of use of the said data can be taken into account. This way it can be made sure
    that requisite patient data are only given to the personnel participating in the treatment of the patient.
      [The applicant] has in her representations alleged that [X], who is working for [the hospital] has ordered up
    the case history of [the applicant's ex-husband] and that someone else has ordered up her file or visited the
    archives and read her file and/or that of [her son] and that the data have been transmitted to [Y] and other staff
    mentioned in [the applicant's] representations.
      [X] has contested having proceeded erroneously. The other persons mentioned in [the applicant's]
    representations have contested having had knowledge of the data mentioned therein concerning [the applicant]
    and her family.
     According to the director in charge of [the hospital's] archives it is not possible to retroactively clarify the use
    of patient records. The data system reveals only the five most recent consultations (by working unit and not by
    person) but this information is deleted once the file has been returned to the archives.
     Therefore, the County Administrative Board cannot further rule on whether information contained in the
    patient records has been used by or given to an outsider.
      Having regard to the foregoing, the County Administrative Board however finds that the system should
    record any consultation of patient files as a safeguard of privacy in order to ensure that the responsibility for a
    possible leak of information can be individualised. For the future, the County Administrative Board draws the
    hospital's attention to the protection obligation and the duty to take care provided by the Personal Files Act,
    and further, to the need to ensure that privacy protection is not put at risk when processing medical data within
    the hospital. ..."

  11. Subsequently, in March 1998, the hospital's register was amended in that it became
possible retrospectively to identify any person who had accessed a patient record.
  12. On 15 May 2000, the applicant instituted civil proceedings against the District Health
Authority (sairaanhoitopiirin kuntayhtymä, samkommunen för sjukvårdsdistriktet), which was
responsible for the hospital's patient register, claiming non-pecuniary and pecuniary damage for
the alleged failure to keep her patient record confidential.
   13. On 10 April 2001, the District Court (käräjäoikeus, tingsrätten), having held an oral
hearing, rejected the action. Having assessed the evidence before it, including five witness
statements, the decision of the County Administrative Board and a statement of the Data
Protection Ombudsman (tietosuojavaltuutettu, dataombudsmannen), the court did not find firm
evidence that the applicant's patient record had been unlawfully consulted.
   14. The applicant appealed to the Court of Appeal (hovioikeus, hovrätten), maintaining her
claim that the hospital had not complied with the domestic law, in breach of her right to respect
for her private life.
   15. On 7 March 2002, the Court of Appeal, having held an oral hearing, considered that the
applicant's testimony about the events, such as her colleagues' hints and remarks about her HIV
infection, was reliable and credible. Like the District Court it did not, however, find firm
evidence that her patient record had been unlawfully consulted. It ordered the applicant to
reimburse the respondent's legal expenses before the District Court and the Court of Appeal,
amounting to 2,000 euros (EUR) and EUR 3,271.80 plus interest, respectively.
   16. In her application for leave to appeal to the Supreme Court (korkein oikeus), the applicant
claimed inter alia that there had been a violation of her right to respect for her private life.
   17. On 23 December 2002 the Supreme Court refused leave to appeal.

II. RELEVANT DOMESTIC LAW AND PRACTICE

   18. The Finnish Constitution Act (Suomen hallitusmuoto, Regeringsform för Finland; Act
no. 94/1919, as amended by Act no. 969/1995) was in force until 1 March 2000. Its section 8
corresponded to Article 10 of the current Finnish Constitution (Suomen perustuslaki, Finlands
grundlag; Act no. 731/1999), which provides that everyone's right to private life is guaranteed.
   19. Until 1 June 1999, the rules governing the use and confidentiality of personal data were
laid down in the Personal Files Act of 1987. Sections 6 and 7 of the Act prohibited the
processing of sensitive personal data, including information on a person's health and medical
treatment, except within the health authorities. Unauthorised disclosure of personal data was
prohibited under section 18 and illegal use of disclosed data was prohibited under section 21.
Pursuant to section 26 the data controller had to ensure that personal data and information
contained therein were appropriately secured against any unlawful processing, use, destruction,
amendment and theft. In this regard, the explanatory report of the Government Bill (no. 49/1986)
for the enactment of the Personal Files Act stated that the mere existence of legal provisions did
not suffice to guarantee the protection of privacy. In addition, the data controller had to make
sure that data were protected de facto. When planning the physical protection of the data system
regard must be had to, inter alia, whether the system was manual or automated. The delicate
nature of the information naturally affected the scope of the protection obligation. Under section
42, the data controller was liable to compensate pecuniary damage suffered as a result of the use
or disclosure of incorrect personal data or of unlawful use or disclosure of personal data.
   20. On 1 June 1999, a new Personal Data Act (henkilötietolaki, personuppgiftslag; Act no.
523/1999) entered into force. Section 11 of the Act prohibits processing of sensitive personal
data. However, under section 12, health care professionals may process data relating to a
person's state of health, illness, handicap or treatment if they are indispensable in his/her
treatment. Section 32 provides that the data controller shall carry out the technical and
organisational measures necessary for securing personal data against unauthorised access,
accidental or unlawful destruction, manipulation, disclosure and transfer as well as against other
unlawful processing. Section 33 lays down a secrecy obligation for those who have gained
knowledge of someone's personal circumstances. Under section 47, the data controller is liable
to compensate pecuniary and other damage suffered by the data subject or another person as a
result of the processing of personal data in violation of the provisions of the Act.
   21. The Patient's Status and Rights Act entered into force on 1 March 1993. Section 12, as in
force until 1 August 2000, provided that the health authorities had to comply with the regulations
issued by the Ministry for Social Affairs and Health ("the Ministry") when creating and
processing patients' personal and medical data.
   22. According to the Ministry's Regulation no. 16/02/93, issued on 25 February 1993, a
patient's privacy had to be secured when creating and processing his/her patient record. The data
controller had to make sure that outsiders could not gain unauthorised access to sensitive
personal data and that only the personnel treating a patient had access to his/her patient register.
   23. Section 13 of the Patient's Status and Rights Act provided that health care professionals
or other persons working in a health care unit were not allowed to reveal to an outsider (that is a
person not participating in the treatment of the patient) information contained in the patient
documents without the written consent of the patient. The said section has been amended as of 1
August 2000 (Act no. 653/2000) to the effect that it must be recorded in the data file if patient
records have been revealed as well as the grounds for the disclosure.
   24. Further, the Health Care Professionals Act (laki terveydenhuollon ammattihenkilöistä, lag
om yrkesutbildade personer inom hälso- och sjukvården; Act no. 559/1994) contains provisions
on the retention of patient documents and their confidentiality (section 16) and on the obligation
of secrecy (section 17).
   25. Finally, the new Electronic Processing of Client Information Act (laki sosiaali- ja
terveydenhuollon asiakastietojen sähköisestä käsittelystä, lag om elektronisk behandling av
klientuppgifter inom social- och hälsovården; Act no. 159/2007) entered into force on 1 July
2007. The aim of this Act is to further enforce patients' rights in the context of the processing of
electronic personal data within the social and health care.



THE LAW

I. ALLEGED VIOLATION OF ARTICLE 8 OF THE CONVENTION

   26. The applicant complained that the district health authority had failed in its duties to
establish a register from which her confidential patient information could not be disclosed.
   Article 8 of the Convention reads as follows:
     "1. Everyone has the right to respect for his private and family life, his home and his correspondence.
      2. There shall be no interference by a public authority with the exercise of this right except such as is in
    accordance with the law and is necessary in a democratic society in the interests of national security, public
    safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of
    health or morals, or for the protection of the rights and freedoms of others."
  27. The Government contested that argument.
  A. Admissibility

   28. The Court notes that the application is not manifestly ill-founded within the meaning of
Article 35 § 3 of the Convention. It further notes that it is not inadmissible on any other grounds.
It must therefore be declared admissible.

  B. Merits

    1. The parties' submissions
   29. The applicant submitted that the measures taken by the domestic authorities to safeguard
her right to respect for her private life had not been sufficient. At the relevant time, at the
beginning of the 1990s, the hospital's data system was not controlled as provided in the law.
Anyone working in the hospital could have accessed her patient record as the hospital register
retained only the five most recent users' identification data (usually not the users' names but
only their working units). Furthermore, the data were deleted after the file was returned to the
archives. It was only after the decision of the County Administrative Board of 20 October 1997
that the hospital's data system was changed.
   30. In her view a retrospective control would have been of vital importance. The data system
should have indicated who had accessed her patient record so as to make it possible to find out
whether access had been lawful. The domestic courts rejected her claim for compensation for the
reason that she could not identify a person who had obtained information about her illness from
her patient record. She was, however, unable to prove her claims only because the data control
system in the hospital was inadequate at the relevant time.
   31. The Government considered that there was no violation of the applicant's right within the
meaning of Article 8 as the Finnish legislation at the time guaranteed the secrecy of a person's
health information and, in principle, all patient information was kept secret. Only those
participating in the patient's treatment were entitled to process data concerning him or her.
   32. Further, the data controller was obliged to ensure that unauthorised persons could not see
and process personal data. The controller was responsible for protecting personal data and had as
a matter of strict liability to compensate any damage caused. Furthermore, although the
legislation did not contain any detailed provisions on the keeping and retention of log-in files, the
data controller had a general legal obligation to control the use of personal data files.
   33. As to the instant case, the Government admitted that in the early 1990s the use of the
patient register in the hospital concerned was controlled by storing the identification data of the
five most recent users of a patient record. Later, in 1998, the management system was changed
so that each consultation of a patient record was logged and stored.
   34. The Government further stressed that a hospital's system for recording and retrieving
patient information could only be based on detailed instructions and their observance, the high
moral standards of the personnel, and a statutory secrecy obligation. Relevant detailed
instructions had been drafted at the hospital; the personnel were allowed to obtain information
from the register only for strictly limited purposes. It would not have been possible for the
hospital to create a system verifying in advance the authenticity of each request for information
as patient records were often needed urgently and immediately. Finally, the Government pointed
out that the procedural guarantees were fulfilled in that the applicant had the right to initiate
court proceedings in the event of any defective handling of her patient data.
    2. The Court's assessment
   35. The hospital was a public hospital for whose acts the State is responsible for the purposes
of the Convention (see Glass v. the United Kingdom, no. 61827/00, § 71, ECHR 2004-II). The
processing of information relating to an individual's private life comes within the scope of
Article 8 § 1 (see Rotaru v. Romania [GC], no. 28341/95, § 43, ECHR 2000-V, Leander v.
Sweden, judgment of 26 March 1987, Series A no. 116, § 48). Personal information relating to a
patient undoubtedly belongs to his or her private life. Article 8 is therefore applicable in the
instant case. Indeed, this has not been contested by the parties.
   36. Although the object of Article 8 is essentially that of protecting the individual against
arbitrary interference by the public authorities, it does not merely compel the State to abstain
from such interference: in addition to this primarily negative undertaking, there may be positive
obligations inherent in an effective respect for private or family life (see Airey v. Ireland,
judgment of 9 October 1979, Series A no. 32, p. 17, § 32). These obligations may involve the
adoption of measures designed to secure respect for private life even in the sphere of the
relations of individuals between themselves (see X and Y v. the Netherlands, judgment of 26
March 1985, Series A no. 91, p. 11, § 23; Odièvre v. France [GC], no. 42326/98, ECHR 2003-
III).
   37. The Court observes that it has not been contended before it that there was any deliberate
unauthorised disclosure of the applicant's medical data such as to constitute an interference with
her right to respect for her private life. Nor has the applicant challenged the fact of compilation
and storage of her medical data. She complains rather that there was a failure on the part of the
hospital to guarantee the security of her data against unauthorised access, or, in Convention
terms, a breach of the State's positive obligation to secure respect for her private life by means of
a system of data protection rules and safeguards. The Court will examine the case on that basis,
having regard in particular to the fact that in the domestic proceedings the onus was on the
applicant to prove the truth of her assertion.
   38. The protection of personal data, in particular medical data, is of fundamental importance
to a person's enjoyment of his or her right to respect for private and family life as guaranteed by
Article 8 of the Convention. Respecting the confidentiality of health data is a vital principle in
the legal systems of all the Contracting Parties to the Convention. It is crucial not only to respect
the sense of privacy of a patient but also to preserve his or her confidence in the medical
profession and in the health services in general. The above considerations are especially valid as
regards protection of the confidentiality of information about a person's HIV infection, given the
sensitive issues surrounding this disease. The domestic law must afford appropriate safeguards to
prevent any such communication or disclosure of personal health data as may be inconsistent
with the guarantees in Article 8 of the Convention (see Z v. Finland, judgment of 25 February
1997, Reports of Judgments and Decisions 1997-I, §§ 95-96).
   39. The Court notes that at the beginning of the 1990s there were general provisions in
Finnish legislation aiming at protecting sensitive personal data. The Court attaches particular
relevance to the existence and scope of the Personal Files Act of 1987 (see paragraph 19 above).
It notes that the data controller had to ensure under section 26 that personal data were
appropriately secured against, among other things, unlawful access. The data controller also had
to make sure that only the personnel treating a patient had access to his or her patient record.
   40. Undoubtedly, the aim of the provisions was to secure personal data against the risk of
unauthorised access. As noted in Z v. Finland, the need for sufficient guarantees is particularly
important when processing highly intimate and sensitive data, as in the instant case, where, in
addition, the applicant worked in the same hospital where she was treated. The strict application
of the law would therefore have constituted a substantial safeguard for the applicant's right
secured by Article 8 of the Convention, making it possible, in particular, to police strictly access
to an disclosure of health records.
   41. However, the County Administrative Board found that, as regards the hospital in issue,
the impugned health records system was such that it was not possible to retroactively clarify the
use of patient records as it revealed only the five most recent consultations and that this
information was deleted once the file had been returned to the archives. Therefore, the County
Administrative Board could not determine whether information contained in the patient records
of the applicant and her family had been given to or accessed by an unauthorised third person
(see paragraph 10 above). This finding was later upheld by the Court of Appeal following the
applicant's civil action. The Court for its part would also note that it is not in dispute that at the
material time the prevailing regime in the hospital allowed for the records to be read also by staff
not directly involved in the applicant's treatment.
   42. It is to be observed that the hospital took ad hoc measures to protect the applicant against
unauthorised disclosure of her sensitive health information by amending the patient register in
summer 1992 so that only the treating personnel had access to her patient record and the
applicant was registered in the system under a false name and social security number (see
paragraph 7 above). However, these mechanisms came too late for the applicant.
   43. The Court of Appeal found that the applicant's testimony about the events, such as her
colleagues' hints and remarks beginning in 1992 about her HIV infection, was reliable and
credible. However, it did not find firm evidence that her patient record had been unlawfully
consulted (see paragraph 15 above).
   44. The Court notes that the applicant lost her civil action because she was unable to prove on
the facts a causal connection between the deficiencies in the access security rules and the
dissemination of information about her medical condition. However, to place such a burden of
proof on the applicant is to overlook the acknowledged deficiencies in the hospital's record
keeping at the material time. It is plain that had the hospital provided a greater control over
access to health records by restricting access to health professionals directly involved in the
applicant's treatment or by maintaining a log of all persons who had accessed the applicant's
medical file, the applicant would have been placed in a less disadvantaged position before the
domestic courts. For the Court, what is decisive is that the records system in place in the hospital
was clearly not in accordance with the legal requirements contained in section 26 of the Personal
Files Act, a fact that was not given due weight by the domestic courts.
   45. The Government have not explained why the guarantees provided by the domestic law
were not observed in the instant hospital. The Court notes that it was only in 1992, following the
applicant's suspicions about an information leak, that only the treating clinic's personnel had
access to her medical records. The Court also observes that it was only after the applicant's
complaint to the County Administrative Board that a retrospective control of data access was
established (see paragraph 11 above).
   46. Consequently, the applicant's argument that her medical data were not adequately
secured against unauthorised access at the material time must be upheld.
   47. The Court notes that the mere fact that the domestic legislation provided the applicant
with an opportunity to claim compensation for damages caused by an alleged unlawful
disclosure of personal data was not sufficient to protect her private life. What is required in this
connection is practical and effective protection to exclude any possibility of unauthorised access
occurring in the first place. Such protection was not given here.
   48. The Court cannot but conclude that at the relevant time the State failed in its positive
obligation under Article 8 § 1 of the Convention to ensure respect for the applicant's private life.
   49. There has therefore been a violation of Article 8 of the Convention.

II. ALLEGED VIOLATIONS OF ARTICLES 6 AND 13 OF THE CONVENTION

   50. The applicant complained of a violation of Articles 6 and 13 as she, as a complainant,
bore the burden of proof to show that some of her colleagues had unlawfully accessed her patient
records but that she was unable to obtain evidence about this due to the deficient safeguards in
her data register.
   51. Having regard to the finding relating to Article 8, the Court considers that it is not
necessary to examine this aspect of the application (see, among other authorities, Sallinen and
Others v. Finland, no. 50882/99, § 102, 110, 27 September 2005, Copland, cited above, §§ 50-
51).

III. APPLICATION OF ARTICLE 41 OF THE CONVENTION

  52. Article 41 of the Convention provides:
      "If the Court finds that there has been a violation of the Convention or the Protocols thereto, and if the
    internal law of the High Contracting Party concerned allows only partial reparation to be made, the Court shall,
    if necessary, afford just satisfaction to the injured party."


  A. Damage

   53. Under the head of pecuniary damage the applicant claimed 38,115.53 euros (EUR) made
up of the following sums: EUR 20,000 for loss incurred following the hospital's refusal to renew
her work contract as a result of which she had been unemployed during the period 22 September
1993 to 1 June 1995; EUR 5,988.06 for legal costs which she was ordered to reimburse to the
hospital; EUR 446.79 for the costs of a private detective in order to uncover evidence for the
compensation proceedings; EUR 11,680.67 for economic loss flowing from the sale of her home
since she had to move house due to the rumours concerning her disease.
   Under the head of non-pecuniary damage she claimed EUR 30,000 for the distress caused by
the need to change her place of work and the fact that the rumours about her HIV infection had
affected her son's life.
   54. The Government admitted that the hospital's legal fees less an execution fee and interest
on overdue payment (EUR 216.26 in total), that is EUR 5,771.80 might be awarded under the
head of pecuniary damage.
   As to non-pecuniary damage, they submitted that only the applicant could be awarded
compensation and that it should not exceed EUR 3,000.
   55. The Court does not discern a sufficient causal link between the violation found and the
pecuniary damage alleged save for the hospital's actual legal costs of EUR 5,771.80 which the
applicant was ordered to reimburse in the domestic proceedings.
   The Court finds it established that the applicant must have suffered non-pecuniary damage as
a result of the State's failure to adequately secure her patient record against the risk of
unauthorised access. It considers that sufficient just satisfaction would not be provided solely by
the finding of a violation and that compensation has thus to be awarded. Deciding on an
equitable basis, it awards the applicant EUR 8,000 under this head.

  B. Costs and expenses

   56. The applicant also claimed EUR 15,758.25 for the costs and expenses incurred before the
domestic courts, including EUR 500 for her own expenses such as telephone and travel costs,
and EUR 5,570 for those incurred before the Court, including EUR 200 for her own expenses
such as those mentioned above.
   57. The Government considered that the award should not exceed EUR 12,000 (inclusive of
value-added tax).
   58. The Court reiterates that an award under this head may be made only in so far as the costs
and expenses were actually and necessarily incurred in order to avoid, or obtain redress for, the
violation found (see, among other authorities, Hertel v. Switzerland, judgment of 25 August
1998, Reports 1998-VI, p. 2334, § 63). Furthermore, the Court reiterates that under Article 41 of
the Convention no awards are made in respect of the time or work put into an application by the
applicant as this cannot be regarded as monetary costs actually incurred by him or her (see
Lehtinen v. Finland (no. 2), no. 41585/98, § 57, 8 June 2006). In the present case, regard being
had to the information in its possession and the above criteria, the Court considers it reasonable
to award the total sum of EUR 20,000 (inclusive of value-added tax) for costs and expenses in
the domestic proceedings and the proceedings before the Court.

  C. Default interest

   59. The Court considers it appropriate that the default interest should be based on the
marginal lending rate of the European Central Bank, to which should be added three percentage
points.



FOR THESE REASONS, THE COURT UNANIMOUSLY
1. Declares the application admissible;

2. Holds that there has been a violation of Article 8 of the Convention;

3. Holds that there is no need to examine the complaints under Articles 6 and 13 of the
   Convention;

4. Holds
   (a) that the respondent State is to pay the applicant, within three months from the date on
   which the judgment becomes final in accordance with Article 44 § 2 of the Convention, the
   following amounts:
   (i) EUR 5,771.80 (five thousand seven hundred and seventy-one euros and eighty cents),
   plus any tax that may be chargeable, in respect of pecuniary damage;
   (ii) EUR 8,000 (eight thousand euros), plus any tax that may be chargeable, in respect of
   non-pecuniary damage;
   (iii) EUR 20,000 (twenty thousand euros), plus any tax that may be chargeable to the
   applicant, in respect of costs and expenses;
   (b) that from the expiry of the above-mentioned three months until settlement simple interest
   shall be payable on the above amounts at a rate equal to the marginal lending rate of the
   European Central Bank during the default period plus three percentage points;

5. Dismisses the remainder of the applicant's claim for just satisfaction.

   Done in English, and notified in writing on 17 July 2008, pursuant to Rule 77 §§ 2 and 3 of
the Rules of Court.



       Lawrence Early Nicolas Bratza
Registrar President

       I v. FINLAND JUDGMENT

       I v. FINLAND JUDGMENT