Director General of the Estonian Data Protection Inspectorate (AKI) Viljar Peep sent a letter to Minister of Jutice Urmas Reinsalu this week expressing concern about extensive data processing by state agencies, first and foremost by the Estonian Tax and Customs Board (MTA).
An amendment to the Taxation Act entered into force on April 1 which granted the MTA access to a large number of databases for risk assessment, i.e. tax intelligence, purposes, reported daily Eesti Päevaleht (link in Estonian).
The tax authority primarily requests information from transaction databases of the Central Commercial Register, the Traffic Register and the Land Register. The Police and Border Guard (PPA) and the Estonian Road Administration have expressed interest in similar access to databases.
"In the initial bill, data processing was in no way hindered, meaning that the MTA could have even looked at a person's e-health data," Peep recalled. "Thankfully this was limited somewhat during proceedings."
According to the director general, the issue is that Estonia lacks legislation that would regulate mass data requests. "Yes, it is specified in the Law Enforcement Act and the misdemeanor procedure how to conduct inquiries regarding specific violations, however mass data processing cannot be conducted by the same rules," he stressed. "It is important that every authority not begin making up it own rules."
According to Peep, there is a big difference in whether general conclusions are drawn from the analyzed data or the MTA has a computer analyze all taxpayer data, seeking violations.
"Such fishing for potential errors should not be allowed," he said. "Mass data processing must occur according to certain rules; we don't want any amateur activity here."
Last fall, the Ministry of the Interior introduced a plan to transition from paper to electronic guest registries at accommodation establishments so that data on all hotel guests could be run and terrorism and criminal suspects be sifted out.
Editor: Aili Vahtla