Transport administration sells personal data too easily, says inspectorate
According to the Data Protection Inspectorate, it is too easy for private companies in Estonia to access various registers. The inspectorate is conducting a supervisory procedure against the traffic register, which it says sells too much personal data to debt collection companies.
According to the Data Protection Inspectorate (AKI), the Transport Administration (Transpordiamet) shares data with private companies too easily.
"We have a case pending against the Transport Administration's traffic registry, where it turns out that private companies have direct access to traffic registry data. And if they want to find out who owns a car with a certain license plate, they make a request and get the information from there. And in 2022, if I'm not mistaken, [debt collection company ] Julianus Inkasso, for example, had made 73,000 (queries) to the traffic register," Liisa Ojangu, chief of supervision at the Data Protection Inspectorate, said.
Oliver Markvart, a member of the Julianus board, said that the figure of more than 70,000 traffic fines is true.
"The volume is not surprising – we have almost half a million claims pending in Estonia at any given time. From the traffic register we get a personal identification number or a registration number, and from the population register we get an address corresponding to the personal identification number, an e-mail address and in some cases maybe a telephone number, but that's all," Markvart said.
A large proportion of the claims are for small parking fines, while at the higher end there are also claims for consumer loans. According to Markvart, the data in Julianus is certainly not leaked and no one sells it on.
"To be honest, I can't imagine who they could be sold to or for, or who would be interested in them," he said.
"Unfortunately, we have a pending lawsuit in which we have found that Krediidiregister OÜ also passes on the information they obtain from the population register to the other debt collection companies," Ojangu said.
Until now, debt collection agencies in Estonia have not been subject to state control, but they will now have to apply for a license from the Estonian Financial Supervision and Resolution Authority (Finantsinspektsioon) by the end of the year.
The new law doesn't deal directly with data protection, but the financial supervisory authority will be able to monitor their activities.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Marko Tooming, Kristina Kersa
