Section 26 of the Constitution protects the inviolability of private and family life. In addition to the Constitution, processing of personal data is regulated by the European Union General Data Protection Regulation, which on the national level is further specified by the Personal Data Protection Act entering into force on 15 January 2019.

The state may interfere with a person’s private life (e.g. process their personal data) only in cases laid down by legislation. Any interference must be justified; it must be limited to what is strictly necessary. To ensure a balance, control mechanisms should be provided that help to detect and, where possible, redress possible violations.

Interest in processing and protecting personal data is constantly on the increase. Proof of this is the increasing number of petitions submitted to the Chancellor on this very topic. The Chancellor helps to resolve problems if possible and, where necessary, provides explanations and guidance on better protection of rights. 

Protection of personal data

On 12 November 2018, the Draft Implementing Act of the Personal Data Protection Act failed at the final vote in the Riigikogu. The Chancellor had previously drawn the attention of the Riigikogu Constitutional Committee to the fact that between parliamentary readings amendments concerning the Imprisonment Act had been added to the draft without substantive debate and approval (see pages 74–82 of the Draft Act) that would have granted the prison service an unlimited right to collect and retain personal data. Opposition to that intention was also expressed by the Minister of Education and Research in her letter to the Minister of Justice.

According to the Draft Act, the prison service would have obtained an unlimited and unsupervised right to collect and retain data on all people (and, in turn, on people connected with them) who either directly or indirectly provide services to prisons or have to apply for authorisation to enter a prison zone. This would have entailed unjustified and uncontrolled interference with the privacy of an unidentified number of people. Persons concerned would have included, for example, teachers, medical staff, ministers of religion, lawyers and consular workers visiting a prison for work-related duties, as well as their next of kin.

In the Chancellor’s opinion, the intended legislative amendments contravened several constitutional principles, including the duty to ensure protection of people’s private and family life (§ 26). Certainly, those fulfilling the functions of a public authority in prison should be reliable. This ensures attainment of the aims of imprisonment and security in prison. However, this does not mean that the prison could begin to arbitrarily collect and retain personal data in cases and to an extent not clearly defined, under the mere pretext of ensuring prison security. The prison service can employ other and even more effective measures (e.g. a search) to ensure security in prison.

The Chancellor also criticised the manner whereby an extensive package of amendments is submitted to the responsible Riigikogu committee immediately before the second reading of the Draft Act. That way, members of the committee and factions are deprived of the opportunity to thoroughly consider the legality and necessity of the added rules. Government representatives who brought the amendments to the Riigikogu committee thus also circumvented all the rules of procedure agreed by the Government for dealing with draft legislation (e.g. approvals, constitutionality check, impact analysis). Such aberrant law-making is not compatible with the nature of a democratic state governed by the rule of law.

The Draft Implementing Act of the Personal Data Protection Act was passed by the Riigikogu on 20 February 2019 without amendments to the Imprisonment Act. 

Data concerning punishment and the “right to be forgotten”

Article 17 of the European Union General Data Protection Regulation sets out the conditions where a person may request erasure of their personal data without delay. On that basis, the Chancellor has received several requests with the wish to “be forgotten”. The Chancellor has also been asked when that right arises and where its limits lie. Specifically, people wish to use that right in the case of information concerning the punishments of a person where public availability (e.g. via a search engine) may, for example, affect getting or losing a job. 

In the Chancellor’s opinion, judicial conviction is, by nature, a temporary legal status which ends with the expiry or annulment of the punishment. During the term of a punishment, a person’s offence is condemned by society and, where justified, their rights may be restricted somewhat more extensively by law on account of their punishment. 

If a person’s punishment has expired, the right to inviolability of private life outweighs condemnation by society and stigmatisation. Thus, expiry of a punishment entails the aim of resocialisation (the opportunity to start with a clean slate), so that, as a rule, an individual’s rights and freedoms may not be restricted on account of their previous punishment.

The Chancellor was contacted by an individual who had served a sentence imposed for a crime committed in the past and whose punishment data in the criminal records database had been expunged. Despite this, the person’s criminal past was displayed on the homepage of the Internal Security Service, thus also making it available through search engines. The Chancellor asked the Internal Security Service to assess whether publication of personalised court judgments on its website was compatible with the general principles arising from Article 5 of the General Data Protection Regulation (including lawfulness, intended purpose) and to decide whether and to what extent disclosure of someone’s punishment data is justified after punishment has expired. The Internal Security Service removed the person’s full name from its homepage.

​​​​​​​Release of data in the event of a legitimate interest

Due to legal ambiguity that has lasted for years, obtaining the contact data of persons who have failed to pay for parking in private car parks has been unreasonably complicated if not impossible. The Chancellor has recommended that, under § 184(4) of the Traffic Act, the Road Administration should release to private car parks the contact data of the owner or authorised user of a vehicle in the event of failure to pay for parking. Violators of a parking agreement cannot enjoy a legitimate expectation of a free service or confidentiality of their name and contact data. 

On 20 September 2018, Tallinn Court of Appeal decided that a private car park has a legitimate interest to know the data of their contract partner, i.e. the person parking a vehicle. The provisions of the General Data Protection Regulation or the Traffic Act do not prevent release of the contact data of a vehicle owner or its authorised user. Proceeding from the judgment, the Road Administration promised to release to private car parks the data of violators of parking conditions in future. Hopefully, this will reduce the desire of violators to consciously avoid payment for parking and will resolve a problem that has persisted for years.

​​​​​​​Processing personal data to comply with a duty arising from law

A company providing roadworthiness tests for vehicles asked the Chancellor to assess whether the Road Administration may process personal data when exercising supervision over testing centres.

When processing data in the traffic register, the Road Administration found a violation − a worker at a testing centre had carried out a test on a vehicle that they owned or were the authorised user of, thus breaching the principle of impartiality. Such processing of personal data is admissible: personal data may be processed for fulfilling duties arising from law if all the relevant principles of processing personal data are observed. 

​​​​​​​Personal data when buying a lottery ticket

The Chancellor was asked once again whether it was compatible with the Constitution for the seller of a lottery ticket to use a personal identity document to verify whether the buyer is on the list of persons with restrictions on gambling.

Regarding this issue, the Chancellor maintained her position expressed in 2016: this rule is not unconstitutional as such processing of personal data legitimately combats gambling addiction. 

​​​​​​​Personal data in supervision by the Language Inspectorate

The Chancellor was contacted by the head of a catering establishment asking to assess the activity of the Language Inspectorate in checking the language proficiency of workers.

The Chancellor did not find the unequal treatment for which the Language Inspectorate had been blamed. However, it was found that, in the opinion of the Inspectorate, all employers whose workers are subject to the Estonian language proficiency requirement should collect all the documents proving a worker’s required level of language proficiency when hiring them. 

In the Chancellor’s opinion, the Language Act does not require such processing of personal data. It is sufficient for an employer to be satisfied, for example in the course of a job interview, that the worker has the required level of proficiency of the official language. In the event of doubt, they may check documents proving language proficiency. The Chancellor also drew the attention of the Language Inspectorate to the fact that questioning and request for documents should be based on the Law Enforcement Act and not the institution’s internal rules.

​​​​​​​24-hour filming of a child

The Chancellor was asked whether a parent violates the rights of a child when filming all the child’s activities at home round the clock. 

The Chancellor explained that under the Constitution everyone is entitled to inviolability of private and family life. That is, the privacy of every family member – including a child – must also be ensured within the family. Constant video monitoring that exceeds the customary recording of family memories fails to respect a child’s right to privacy.

​​​​​​​Public accessibility of the land register

In Estonia, the principle of extensive public access to the land register applies, meaning that everyone is entitled to obtain any data entered in the land register, including data on immovable property and its owners. Based on this principle, it is possible to make an unlimited number of person-related queries of interest through the electronic land register. Based on the queries, it is possible to find out whether, where and how many immovables a particular person owns. 

The Chancellor has been asked whether such intense interference with a person’s privacy is in balance with the benefit arising from public accessibility of the land register. By autumn 2019, the Centre of Registers and Information Systems plans to complete a development that enables only authenticated users to carry out a search based on a person’s name and personal identification code. Those searches are recorded and if the owner of an immovable wishes they can find out from the Centre of Registers and Information Systems who has accessed their data. The Chancellor monitors that the development of the land register also constantly keeps in mind the balance between the principles of privacy and public accessibility of the land register.

​​​​​​​Information systems and electronic services

The Chancellor was contacted by an individual to whom the e-environment of the Estonian Unemployment Insurance Fund displayed the data on their dead child in the list of persons they represent. The error originated in the data exchange system of the population register and the Estonian Unemployment Insurance Fund which lacked data about the time of death of the persons represented. To resolve the problem, the Chancellor contacted the Estonian Unemployment Insurance Fund and the Ministry of the Interior. 

The information technology and development centre of the Ministry of the Interior prepared an update to the information exchange service which helped to swiftly resolve the problem. It is regrettable and unacceptable that the state reminded someone about the loss of their child in such a way, but thanks to a petition by the individual and an appropriate response by the Estonian Unemployment Insurance Fund the problem found a solution. 

Another petitioner also drew the Chancellor’s attention to an error in an information system. The Chancellor was contacted by an individual who was interested why the contact address of their trustee in bankruptcy had been recorded in the population register rather than their own contact details. 

Change of contact details had been caused by an error originating in the internal taxpayer management system of the Tax and Customs Board. After declaration of bankruptcy of a natural person, the Tax and Customs Board changed the person’s contact details (until 10 August 2018) in the register of taxable persons and replaced them with the contact details of the trustee in bankruptcy until the end of the bankruptcy proceedings. When the Tax and Customs Board replaced the person’s contact details in the register of taxable persons with the contact details of the trustee in bankruptcy, the contact details of the trustee in bankruptcy were also forwarded to the population register through online processing. No legal basis for that entry existed.

The Tax and Customs Board resolved the problem. Since 10 September 2018, a person’s contact details are no longer changed in the register of taxable persons after a natural person is declared bankrupt. The contact details that had been changed erroneously were corrected.

​​​​​​​Access restrictions in a document register

The Chancellor addressed all kindergartens and schools with a request to take particular care when processing children’s data. The Chancellor’s address was prompted by a situation where the information system for the management of Estonian schools had allowed documents containing personal data of children to be freely accessible to the public. The Chancellor emphasised that the law prohibits third persons from gaining access to documents describing children’s health, special needs, academic achievements, and other personal data. This information may cause bullying and result in subsequent poorer treatment as to choice of a school or profession. 

The same principles also apply to processing the data of school and kindergarten staff and parents. The Chancellor drew attention to the preparation of documents and pointed out the grounds for restricting access to documents. She also emphasised that publicly accessible information in a document register should not disclose in the title of a document a person’s name or other data enabling an understanding of whom the document deals with.

​​​​​​​Public accessibility to information on wages of staff in public universities

Under § 36(1) clause 9 of the Public Information Act, a legal person in public law may not classify documents as information intended for internal use if those documents concern use of their budgetary funds and wages paid to persons employed under employment contracts and other remuneration and compensation paid from the budget. The Chancellor was contacted by an individual asking to verify whether interpretation of that provision according to which information on wages of staff in public universities must be disclosed in personalised form when responding to a request for information (so-called passive disclosure) was compatible with the Constitution.

The Supreme Court has previously said that personalised disclosure of wages ensures control over whether the choice of an employee, the size of their remuneration and additional remuneration received may have been affected by inadmissible considerations. In the end, the issue boils down to using public money and exercising public control to prevent possible violations. The Supreme Court emphasised that the judgment at issue only dealt with wages of local authority staff. Consequently, the conclusions of the judgment do not directly extend to university staff.

Different provisions of the Public Information Act require simultaneously a guarantee of privacy and compliance with the conditions of public access to information on budgets (including wages paid). The Chancellor found that under current law a public university may decide whether disclosure of personalised wage information of staff in a specific case is proportional to restriction of privacy involved in disclosure. Where possible, a solution less interfering with privacy should be found.

​​​​​​​Personal data in the media 

Under § 4 of the Personal Data Protection Act, personal data may also be disclosed in the media without the person’s consent. In doing so, the media channel must be convinced that three main conditions are simultaneously fulfilled: public interest must exist in disclosure of the person’s data, the principles of journalism ethics must be observed, and excessive damage to the rights of the person may not be caused. Public interest does not mean only a matter arousing interest among the public, or in other words curiosity. Disclosure of personal data must contribute to debate on an important public issue.

The Chancellor does not control the activity of media publications nor does she exercise supervision over how media channels comply with the requirements of the Personal Data Protection Act (that duty rests with the Data Protection Inspectorate). However, the Chancellor can advise people on how best to protect their rights.

Someone who believes that a media publication has violated the requirements of journalism ethics may file an application with the Press Council. The Press Council is the media self-regulation body that provides an opportunity to find extra-judicial solutions to disagreements with the media.

In a situation where someone feels that a search engine (e.g. Google) displays links to websites that include outdated information about them (e.g. an outdated newspaper article containing information about punishments), the Chancellor has recommended contacting the search engine with an application to remove the link containing personal data from the list. However, the Chancellor cannot intervene in substantive resolution of the application.

​​​​​​​Processing communications data

During the reporting year, the Chancellor also assessed whether submission of the data set out in § 1111(2) and (3) of the Electronic Communications Act (ECA) has been requested from communications undertakings (Telia, Elisa, Tele2) and whether the data have been used lawfully. The review covered enquiries in 2017–2018 in misdemeanour and civil court procedure and under the laws listed in § 1111 clause 6 of the ECA (the Police and Border Guard Act, the Taxation Act, the Customs Act, the Witness Protection Act, the Weapons Act, and others). 

Analysis revealed that communications data set out in § 1111(2) and (3) of the ECA are mostly used in criminal proceedings and in collecting information under the Security Agencies Act (this time the Chancellor did not analyse the enquiries made for those purposes more closely). The proportion of enquiries with communications undertakings in the frame of other proceedings is relatively small. 

Closer analysis was carried out regarding use of communications data in civil proceedings. Misgivings about the need to collect communications data have been repeatedly expressed (including references to an unjustifiably large number of such enquiries) in particular in the case of civil disputes which pose no threat to national security and public policy. Therefore, all the enquiries made by courts in the course of civil proceedings from the beginning of 2017 to November 2018 were assessed as to substance. It was found that the number of cases where communications data had been used was not high (during the review period communications data had been requested in the frame of 26 court cases) and mostly they related to the need to ascertain the author of anonymous comment in order to lodge a claim for damages for defamation of honour and good name against them. 

Mostly, in those cases, it may be agreed that apart from use of communications data no better or less restrictive measure in terms of privacy exists to attain the legal aim (establishing the essential facts in a specific civil case). Nevertheless, two cases were found where a request for communications data had been questionable since the requests could not yield the evidence desired in civil proceedings or the request for communications data was superfluous. In one case, a request for communications data in civil proceedings actually sought to prove a criminal offence.

Communications data in misdemeanour cases are also requested relatively seldom: a total of 47 occasions in 2017–2018 (to November). Requests were made exceptionally with court authorisation. Analysis of misdemeanour proceedings revealed a different practice by the courts in authorising requests for communications data. Some court authorisations enabled requesting data to a larger extent than laid down by law for a single request.

Surveillance agencies may also request communications data set out in § 1111(2) and (3) of the Electronic Communications Act for purposes outside criminal proceedings in cases laid down under the Organisation of the Defence Forces Act, the Taxation Act, the Police and Border Guard Act, the Weapons Act, the Strategic Goods Act, the Customs Act, the Witness Protection Act, the Security Act, the Imprisonment Act and the Aliens Act.

From the beginning of 2017 to November 2018, communications data under those Acts were requested on 352 occasions. The Tax and Customs Board requested data under the Taxation Act and the Customs Act on 157 occasions, and the remaining 196 requests were made by structural units of the Police and Border Guard Board under the Police and Border Guard Act, the Weapons Act and the Witness Protection Act. 

Based on a random sample, the Chancellor’s advisers verified the legality of the requests by the Tax and Customs Board and the Police and Border Guard Board. In all the cases verified, the request had been justified, had been made with the person’s prior consent and with authorisation from the head of the institution or the prosecutor’s office.