Security
The Chancellor supervises whether security and law enforcement agencies (the Estonian Internal Security Service, the Police and Border Guard Board, the prosecutor’s office, and others) respect fundamental rights and freedoms when covertly collecting and processing personal data. The Chancellor carries out that supervision on the basis of petitions as well as on her own initiative. Under the law, the Chancellor has access to closed surveillance files. That is, she does not intervene in ongoing surveillance.
The Chancellor’s supervision focuses on whether covert measures were justified, whether they were carried out in compliance with the law and in a manner that respects people’s fundamental rights. Such control offers people a sense of security that no one is wiretapped or followed without justification and that no mass covert surveillance of people takes place in Estonia.
The Chancellor’s work is largely affected by events and crises in society. Thus, during the reporting year the Chancellor was busy dealing with problems of reception of people fleeing Ukraine because of the war and monitor that the fundamental rights of foreigners reaching Estonia are ensured.
The Chancellor received many petitions from refugees reaching Estonia or their relatives already previously staying here who were worried about their loved ones. Issues arose in connection with the possibilities for temporary protection of people fleeing the war. In general, an explanation was sufficient but there were also instances where the work of state agencies had been unsatisfactory. The main concern was lack of simple explanations about how to protect one’s rights.
On the basis of a Government order arising from a European Commission regulation, the right to temporary protection was granted only to those Ukrainian residents who left Ukraine because of the war after 24 February 2022. Therefore, initially temporary protection was not granted to those who for some reason had left Ukraine earlier but could not return there because of the war. For instance, people who had gone on a tourist trip immediately before the war broke out or who had come to visit their relatives in Estonia. No explanation was offered to these people that even though they were not entitled to temporary protection they do have the right to apply for international protection under the general procedure. Probably a certain role in this was played by the fact that the authorities had to cope with a sharp increase in their workload and adapt to new rules.
Many petitions were also received in connection with restrictions imposed by the Government on Russian and Belarusian citizens entering and staying in Estonia. First and foremost, these concerned people with next of kin in Estonia or already studying in Estonia before the war. In August 2022, the Government nevertheless decided to establish exceptions for people wishing to visit their children or elderly parents living in Estonia.
Covert processing of personal data
The Chancellor of Justice checks the work of those state agencies that organise interception of phone calls and conversations, surveillance of correspondence, and otherwise covertly collect, process and use personal data. Supervision focuses on whether covert measures were justified, whether they were carried out in compliance with applicable norms and in a manner that respects people’s fundamental rights. Even when the actions of the relevant agencies are formally lawful, the Chancellor always tries to ensure that people’s fundamental rights are reckoned with to the maximum possible extent.
It is important to alleviate people’s fear of unjustified surveillance.
On 13 May 2020, the Riigikogu adopted the Act amending the Defence Forces Organisation Act, the Security Authorities Act, and the Chancellor of Justice Act , by which § 29 of the Security Authorities Act was also thoroughly amended. This section lays down the cases in which non-notification of people about a measure for collecting information is allowed. Section 1 of the Chancellor of Justice Act was supplemented with subsection (91) under which the Chancellor was tasked with verifying at least every two years whether non-notification of persons under § 29(2) of the Security Authorities Act and § 40(2) of the Defence Forces Organisation Act about measures for collecting information was justified.
In 2021−2022, the Chancellor’s advisers checked compliance with these requirements by security agencies (the Estonian Internal Security Service and the Estonian Foreign Intelligence Service) and the Military Intelligence Centre.
Through in-house guidelines, security agencies have set the general requirements for implementing § 29 of the Security Authorities Act. Based on the results of the check, the Chancellor considered it necessary to offer some proposals to ensure better protection of fundamental rights of persons.
The Chancellor’s advisers also checked surveillance files processed by Tallinn, Tartu and Viru Prisons and the lawfulness of surveillance measures described therein. Primarily the check focused on justifications offered for opening a surveillance file and surveillance authorisations (the principle of ultima ratio, the necessity of a specific measure), whether surveillance had been carried out lawfully (including protection of fundamental rights of third parties), and compliance with the requirement to notify surveillance.
Detailed summaries of inspection visits to security and surveillance agencies are not public since they contain information classified as state secrets or for internal use only. The summaries are sent to supervised agencies as well as public authorities (e.g. the court, as well as the Security Authorities Surveillance Select Committee of the Riigikogu) which are responsible for the legality of activities of surveillance and security agencies.
Inspection visits to security agencies and the Military Intelligence Centre of the Defence Forces
The Chancellor’s advisers checked arrangements for compliance with the requirements established for non-notification of covert measures (§ 29 Security Authorities Act and § 40 Defence Forces Organisation Act) at the Estonian Internal Security Service, the Foreign Intelligence Service, and the Military Intelligence Centre of the Defence Forces.
As a result of the inspection visits, the Chancellor considered it necessary to offer some proposals to the security agencies and the Military Intelligence Centre concerning further elaboration of regulations and future development of administrative practice.
Supervision of the activities of security agencies and the Military Intelligence Centre of the Defence Forces is vital because current law and practice leave little possibility for information collection activities by these agencies coming under scrutiny by superior courts. Prior judicial review does not even apply to some types of information collection.
Notifying an individual about measures (including covert measures) carried out in respect of them falls within the scope of protection of § 44(3) of the Constitution since it creates the prerequisite for an individual to examine the data held about them by a state agency. This is a fundamental right, which, under the law, may be restricted, inter alia, in order to protect the rights and freedoms of other people and to combat a criminal offence. However, notification may be postponed only as long as the above reasons outweigh the restriction on fundamental rights resulting from the measure.
All the inspected agencies have established in-house guidelines containing requirements on how to draw up, register and store the documents (including various approvals) necessary for carrying out information collection measures, as well as making sure that the measures are carried out lawfully. All this is necessary for ensuring people’s fundamental rights.
Security agencies must notify people if they have:
- restricted a person’s right to the confidentiality of messages (§ 25(3) Security Authorities Act), i.e. examined their postal item(s); wiretapped, observed or recorded messages or other information transmitted over an electronic communications network; wiretapped, observed or recorded information communicated by other means;
- covertly entered a person’s premises, building, enclosed area, vehicle or computer system for the purposes of covertly collecting or recording information, or for installing and removing technical aids necessary for such purposes;
- carried out covert surveillance of a person;
- covertly examined an item and, if necessary, covertly altered, damaged or replaced the item.
For carrying out the first two of these measures, authorisation is granted by the court and, for the remaining two, authorisation must be sought from the head of a security agency or from an official authorised by them.
The Defence Forces must notify an individual if they have carried out covert surveillance of that individual under the grounds set out in the Defence Forces Organisation Act, collected information by means of signals intelligence, or sought professional assistance from the Foreign Intelligence Service involving, inter alia, exercise of the powers laid down by §§ 23, 25 and 26 of the Security Authorities Act.
Security agencies and the Defence Forces must notify an individual if they have collected information about that individual by using the above methods or significantly restricted the individual’s rights by collecting that information. An individual must be notified about the type of measure and when it was carried out. Notification must take place immediately after the information collected under the measure is no longer confidential. Non-notification of an individual is allowed if notifying would harm other people or compromise the work of the security agency.
Security agencies and the Defence Forces must assess whether grounds exist not to notify the individual. Where such grounds do exist, notification may be postponed by one year. If grounds for postponing notification still exist even a year after declassification, a decision may be made not to notify the individual of the measures at all. This decision is made by the same body that authorised the information collection measure: the court, the agency head or the person authorised by the head.
State secrets by nature means information requiring protection from disclosure in the interests of national security or foreign relations of the Republic of Estonia. As a rule, information collected by using the above methods is classified for years, so that most of the information collected by these methods in a re-independent Estonia still remains classified. Thus, mostly people have not been notified about information collection measures carried out in respect of them.
The law enables premature declassification of state secrets. If this decision is made concerning measures carried out in respect of people, this also brings closer the deadline for the duty of notification. This possibility has been used in isolated cases, for instance in the event of intention to use information collected under the Security Authorities Act as evidence in criminal proceedings. To date, no other considerations have been invoked to declassify information as state secrets.
Control of surveillance files
When inspecting the Ministry of Justice Department of Prisons, the Chancellor’s advisers examined surveillance files opened in 2018–2021 in Tallinn, Tartu, and Viru Prisons for which active proceedings had ended by the time of inspection. During the inspection visit, the advisers spoke with officials from the Department of Prisons and all three prisons. Prison service working arrangements concerning surveillance measures were also examined.
The Chancellor’s advisers checked primarily whether, in each specific case, carrying out the surveillance measure while collecting information about a criminal offence had been lawful, including unavoidable and necessary, and how the prisons complied with requirements to notify people about surveillance.
Opening the surveillance files examined had been justified. As a rule, processing the files had been in compliance with the requirements of the Code of Criminal Procedure and the procedure established by the prison service for carrying out surveillance. The Chancellor’s earlier remarks and proposals for better protection of fundamental rights had been taken into account.
Surveillance had been carried out under authorisation by a prosecutor and a preliminary investigation judge by complying with the conditions and time limits set out in the authorisation. Surveillance authorisations contained the requisite reasoning as to the circumstances why surveillance measures were needed in a particular case. In several instances, preliminary investigation judges also refused to authorise surveillance, which shows that applications by the prosecutor’s office were reviewed in substance and competently.
In the majority of cases, people had been notified about surveillance in time and in compliance with the requirements of § 12613 of the Code of Criminal Procedure. Only one surveillance file indicated a delay in notifying the individuals.
For the purpose of more effective protection of fundamental rights (i.e. to enable effective supervision), some proposals were put forward to prisons and the prosecutor’s office for improving quality in organising surveillance measures.
Organisation of surveillance measures
The Chancellor’s advisers found no surveillance measures that had been carried out without authorisation by a preliminary investigation judge or a prosecutor and without compliance with the conditions set out in the authorisation. Surveillance authorisations were reasoned and issued in line with the so-called principle of a measure of last resort (ultima ratio).
Opening the surveillance files examined had been justified. Based on the files, it may be concluded that without surveillance and without interfering with people’s fundamental rights it would indeed have been complicated to gather the necessary evidence for proving suspicion of a criminal offence.
Notifying a surveillance measure
Under the Code of Criminal Procedure, a surveillance measure is notified to the persons on whom surveillance was carried out, as well as to persons identified during the proceedings whose right to inviolability of private or family life was significantly interfered with by the measure. Notification may be postponed or waived only in circumstances set out by law if permission for this by a prosecutor or the court exists.
Based on the surveillance files examined, it may be said that notification requirements were mostly complied with. People in respect of whom the prosecutor’s office or the court had authorised surveillance were mostly notified of the measure in time. The same can be said about the people identified during proceedings whose inviolability of private or family life was significantly interfered with by the measure.
Nevertheless, examination of a surveillance file revealed a case where notifying two people had been delayed for an unjustifiably long time (more than a year and five months). In the remaining cases (five people) the delay mostly lasted between two and six months.
Timely notification ensures effective protection of the fundamental rights of persons caught in the sphere of influence of surveillance. Inter alia, this provides the right to contest the lawfulness of surveillance measures for both suspects and accused.
Resolving petitions by individuals
Apart from carrying out supervision on her own initiative and regularly over the activities of surveillance and security agencies, the Chancellor also resolves complaints related to the activities of those agencies. Where necessary, the Chancellor also verifies other publicly raised allegations (e.g. in the media) about illegal or insufficiently reasoned surveillance.
Although providing legal explanations is not the Chancellor’s task, she has nevertheless offered general explanations about the underlying principles for the activities of surveillance and security agencies. Based on petitions received during the reporting period, the Chancellor identified no violations in the work of surveillance and security agencies.
Aliens
The war launched by Russia in Ukraine has resulted in an extensive flow of war refugees which also directly and immediately started affecting Estonia. In half a year, Estonia has accepted 52 000 Ukrainian war refugees, of whom 33 200 people have received temporary protection (data as of 23 August 2022). Temporary protection means that Ukrainian residents fleeing to Estonia from the war are entitled to receive assistance, education and work here.
The huge and to a large extent unexpected influx of war refugees put the Estonian people, and in particular our state agencies and local authorities, to the test. It is still too early to offer final assessments but in the Chancellor’s opinion, during the first half year, Estonia has coped with this challenge satisfactorily – even well in some respects. The Chancellor must monitor that war refugees in Estonia are treated in line with the rules agreed in the European Union and by respecting all international human rights protection norms and Estonian domestic legislation. In half a year, the Chancellor had to resolve numerous complaints caused primarily by the novelty of the situation and inexperience of officials, but sometimes also by shortcomings in human communication.
Among the main shortcomings, petitions and complaints received by the Chancellor highlighted problems in the administrative practice of the Police and Border Guard Board (PBGB). That is, sometimes the PBGB declined to accept the necessary applications from people or failed to issue a decision on applications submitted. This, in turn, deprived the applicant of the possibility to exercise and protect their statutory rights. This concerned both recognition as an applicant for temporary protection as well as applying for international protection under the general conditions.
The Chancellor resolved a petition by an individual with Nigerian citizenship. The PBGB had detained a Nigerian citizen who was married to a Ukrainian citizen and accordingly entitled to temporary protection upon arrival in Estonia. However, PBGB officials reached the opinion that the person was not a beneficiary of temporary protection and declined to register their application at the border. Instead, the PBGB detained them as a person arriving in the country illegally even though they repeatedly explained to the officials that they were a spouse of a Ukrainian citizen and had come from Ukraine. Officials were intending to issue a precept to leave subject to compulsory enforcement and deport them from Estonia to Nigeria. Subsequently, the person applied for international protection.
According to the assessment of the PBGB officials, the person was not entitled to temporary protection as they did not arrive in Estonia together with their spouse who is a Ukrainian citizen. This position adopted by the PBGB was unlawful. Under different European Union and Estonian legislation, spouses need not arrive in Estonia simultaneously in order to qualify for temporary protection. In view of the Estonian law and provisions in European Union directives, it would even be impossible to impose the requirement that spouses must arrive in the country together in order to obtain temporary protection.
The Chancellor explained that if a person orally expresses the wish to receive temporary protection, the application must be considered as made. Further steps depend only on the PBGB: whether the person is able to draw up an application for a residence permit and when the PBGB decides on it. The Chancellor proposed to the Director General of the PBGB that the application for temporary protection should be immediately examined.
Later the PBGB issued a residence permit to the applicant but they were held in the detention centre for almost two months. The Chancellor also explained ways to claim compensation for damage caused by unlawful deprivation of liberty.
Accepting applications for temporary protection
Petitioners also noted that officials at PBGB service bureaus have declined to accept applications for temporary protection from people wishing to submit them, and have failed to issue a decision on refusal to grant temporary protection. This was due to officials’ assessment that a particular applicant was not entitled to temporary protection. This concerned situations where temporary protection was sought by people who had arrived in Estonia or departed from Ukraine before the start of the war or who held a visa issued by a European Union member state.
The Chancellor found that such conduct by the PBGB contravened the law. The reply from the PBGB showed that the Board had changed the practice concerned. According to the PBGB assessment, declining to accept an application for temporary protection is not in line with the rules of administrative procedure. The PBGB assured that applications for temporary protection will now be accepted and a notice of receipt of the application is issued to applicants. A decision with regard to the application will be made.
The petitioner also mentioned that the PBGB did not consider as entitled to temporary protection those people who held a European Union member state visa for work or study and who had previously stayed within the European Union but at the start of the war were residing in Ukraine. The PBGB conceded that refusing to grant temporary protection to people holding a European Union visa had been unjustified.
Legal status of people having left Ukraine before the war
Several petitioners asked the Chancellor what happens to people who arrived in Estonia or departed from Ukraine before the war started on 24 February 2022. They seemed not to be entitled to temporary protection although they had lost the possibility to return to Ukraine because of the war. Petitioners found that if the right to temporary protection depends merely on the date of departure from Ukraine, this may amount to discrimination.
The Chancellor explained that, under European Union law, temporary protection is granted to those Ukrainian citizens who had lived in Ukraine and were forced to leave their homeland after the war started.
However, European Union member states may also grant temporary protection to those who were on a trip at the start of the war and could no longer return home. No relevant obligation exists and the situation does not amount to discrimination but at the same time a solution should also be found for these refugees.
The Chancellor explained that people in this situation are entitled to apply for international protection under general procedure (subsidiary protection, see also the opinions on “The legal status of Ukrainian citizens arriving in Estonia before 24 February 2022” and “The legal status of people having departed Ukraine before 24 February 2024”).
Petitioners noted that PBGB officials had failed to explain the situation to them or had recommended working on the basis of regulatory arrangements for short-term employment. Some people had wanted to apply for international protection but PBGB officials recommended not doing so.
Later, the PBGB changed its practice and now, as a rule, applications for international protection by Ukrainian citizens are examined as quickly as possible.
The legal status of war refugees who are third-country nationals
The Chancellor was contacted by people who wished to be sent back to the European Union member state in which they had a legal basis for stay. They had first gone from Ukraine to Slovakia and obtained a permit to stay there for 62 days. From there, they continued their way to Estonia in order to look for opportunities to study here. The PBGB offered them the choice of either applying for international protection in Estonia or being deported to Nigeria. The petitioners applied for international protection while in actuality they wished the PBGB to return them back to Slovakia already from the border.
The Chancellor explained that under § 17(1) of the Obligation to Leave and Prohibition on Entry Act (OLPEA) an alien is expelled to the state from which they arrived in Estonia, to the country of their nationality or to their country of habitual residence, or to a third state with consent of the third state unless otherwise laid down in European Union legislation or an international agreement. If there is more than one option, the reasoned preference of the person to be expelled is the primary consideration, unless that preference significantly impedes enforcement of expulsion. Under § 17(3) of the OLPEA, as the primary option, a person is to be expelled to the member state of the Schengen Convention in which they have a legal basis for residence or temporary stay, but not to their country of nationality.
Virtual currencies
The Chancellor has been asked to assess the constitutionality of restrictions imposed on virtual currency service providers. Restrictions include the education requirement for members of the management board and a restriction on activities (including for compliance officers), and an additional audit requirement.
Under the Money Laundering and Terrorist Financing Prevention Act, a virtual currency means a value represented in digital form, which is digitally transferable, preservable or tradeable and which natural or legal persons accept as a payment instrument, but which is not the legal tender of any country or funds. With regard to a virtual currency, it should be kept in mind that its owner has no certainty whether at any time they can exchange it for an official currency. Every country regulates virtual currencies somewhat differently, but they attract special attention due to combating money laundering and terrorist financing.
The most well-known and currently probably the most successful virtual currency is Bitcoin with which it is possible to buy both virtual as well as real goods and services. Bitcoin is freely available to all.
All businesses operating on the financial market and offering their services must combat money laundering and terrorist financing. Services involving virtual currencies entail similar risks to services by financial institutions. Thus, service providers linked to a virtual currency are classified as financial market participants, so that some of the same provisions apply to them as to financial institutions (§ 2(5) Money Laundering and Terrorist Financing Prevention Act).
Users of these kinds of services have the right to presume that service providers possess the skills and knowledge as well as the opportunity to pay attention to details of their work and dedicate themselves to it. A client wants to be assured that the assets they entrust to a business are protected. Assurances can be provided by establishing restrictions on activities of management board members and compliance officers (§ 72⁵ Money Laundering and Terrorist Financing Prevention Act), which guarantees that persons dealing with virtual assets have the necessary preparation, that they do not fragment themselves by working simultaneously for several companies and can dedicate all their time and energy to clients.
In addition, virtual currency service providers must keep in mind the duty to impose international sanctions. Under § 20(1) clause 3 of the International Sanctions Act, a virtual currency service provider is a person with special obligations. This means that, to the extent prescribed by law, they have to verify clients and transactions in order to identify cases of circumventing sanctions. If a management board member of a compliance officer lacks the necessary knowledge or dedication for this, they cannot fulfil all the special obligations.
When selecting due diligence measures laid down by the Money Laundering and Terrorist Financing Prevention Act, a virtual currency service provider must proceed from rules of procedure and internal control rules (§ 14 of the Act), which, in turn, are based on risk assessment (§ 13 of the Act). When preparing their risk assessment, virtual currency service providers rely on national risk assessment (§ 11 of the Act). According to the national risk assessment, the greatest risks are linked to virtual currencies and virtual currency service providers, so that virtual currency service providers should take this into account. Thus, all obliged entities that have something to do with virtual currencies should apply due diligence measures strictly rather than leniently.
The Chancellor has repeatedly had to assess the constitutionality of additional requirements imposed by the Money Laundering and Terrorist Financing Prevention Act and explain that no reason exists to consider the higher education requirement for management board members and the restriction on activities (including restriction on the activities of a compliance officer) and the requirement of an additional audit as unconstitutional. It is important to protect the assets of clients more broadly and for this a service provider must be able to apply all the statutory measures.