/ Basic info / Legal instruments / Annual Reports / Forum / News / Internet & Privacy / Contacts / Links
Bulgaria / Czech Republic / Croatia / Estonia / Hungary / Lithuania / Latvia / Poland / Slovakia /
Data Protection in the Republic of Estonia

Contents:
  1. The Legal Grounds for the Protection
  2. The Legal Position of the Supervisory Authority
  3. The Legal Rights of the Supervisory Authority
  4. The Restrictions of the Activities of the Supervisory Authority
  5. Contacts
1. Legal Grounds for the Data Protection.

The legal grounds for the data protection are set in the Constitution of the Republic of Estonia (adopted on 28 June 1992), the Personal Data Protection Act (entered into force on 1 October 2003.), the Databases Act (entered into force on 19 April 1997), the Public Information Act (entered into force on 1 January 2001), the Information Society Service Act (entered into force on 1 May 2004.), as well as in the international agreements. For the full text of the Personal Data Protection Act and for other legal acts concerning data protection in Estonia, please refer to the link http://www.legaltext.ee

Constitution of the Republic of Estonia

Article 26
Everyone has the right to the inviolability of private and family life. State agencies, local governments, and their officials shall not interfere with the private or family life of any person, except in the cases and pursuant to procedure provided by law to protect health, morals, public order, or the rights and freedoms of others, to combat a criminal offence, or to apprehend a criminal offender.

Personal Data Protection Act
The new Personal Data Protection Act entered into force on 1 October 2003. After the Estonia's accession to the European Union the subsections about the transmission of personal data to Member States of the EU entered into force.

The purpose of this Act is the protection of the fundamental rights and freedoms of natural persons in accordance with public interests with regard to processing of personal data.

The protection of personal data is ensured by virtue of the fact that chief processors and authorized processors may process personal data only for purposes and under conditions which are specified in the Personal Data Protection Act. Also, the chief processor must register the processing of sensitive personal data with the Data Protection Inspectorate.

The Act divides personal data into three groups - private personal data, sensitive data and other. Private personal data are data which reveal details of family life, social services or an application for the provision of social assistance, mental or physical suffering endured by a person and data collected on a person during the process of taxation (except data concerning tax arrears). Sensitive data are personal data which reveal political opinions or religious or philosophical beliefs (except data relating to being a member of legal person in private law registered pursuant to the procedure provided by law), ethnic or racial origin, state of health or disability, genetic information, sexual life, membership in trade unions and information collected in criminal proceedings or in other proceedings to ascertain an offence before a public court session or before a judgment is made in a matter concerning an offence, or if this is necessary in order to protect public morality or the family and private life of persons, or where the interests of a minor, a victim, a witness or justice so require. Sensitive personal data may be processed only with the consent of the respective person, unless the Act provides otherwise. Full text: http://www.legaltext.ee/text/en/X70030.htm (Estonian Legal Language Centre)

2. Public Information Act.

The purpose of this Act, according to article 1, is to ensure that the public and every person has the opportunity to access information intended for public use, based on the principles of a democratic and social rule of law and an open society, and to create opportunities for the public to monitor the performance of public duties. The Public Information Act guarantees citizens' constitutional right for information; regulates what information on the administrative apparatus and its activities is offered to the public; asserts that all information is accessible also through the Internet.
Full text: http://www.legaltext.ee/text/en/X40095K2.htm (Estonian Legal Language Centre)

3. Databases Act.

The Act regulates the establishment and maintenance of state and local government agency registers and it contains rules for the collection and processing data.
Full text: http://www.legaltext.ee/text/en/X1060K6.htm (Estonian Legal Language Centre)

4. Information Society Services Act.

This Act provides for the requirements for information society service providers, the organisation of supervision and liability for violation of the Act.
Full text: http://www.legaltext.ee/text/en/X80043.htm (Estonian Legal Language Centre)

5. Contacts.

Data Protection Inspectorate

Väike-Ameerika 19,
10129 Tallinn
Estonia

Phone: +372 627 41 35
Fax: +372 627 41 37
e-mail: info@dp.gov.ee
web sites: www.dp.gov.ee


  The administrator of this web site is:
Inspector General for the Protection of Personal Data
ul. Stawki 2; PL-00-193 Warszawa
Phone: +48 22 8607081, Fax: +48 22 8607090