Incoming head of Data Protection Inspectorate fails ISS security check

The Ministry of Justice announced this week that Marko Aavik, who was appointed by the Estonian government to take over as director general of the Estonian Data Protection Inspectorate as of 1 October, voluntarily turned down the position. In reality, however, the ministry's longtime deputy secretary general failed the security check of the Estonian Internal Security Service (ISS), daily Postimees reports.
The ISS declined to comment regarding why they were unable to grant Aavik, who worked as deputy secretary general of the Ministry of Justice for 11 years, have access to the state secret.
"It was established during the security check that I had not properly informed the Ministry of Justice about one of my side activities — participating in international cooperation as an expert of the Council of Europe," Aavik said.
He explained that he had informed the ministry verbally and the ministry was aware that he was participating in international cooperation as a Council of Europe expert, but as he had not submitted a written notification, he assumed responsibility and voluntarily declined the position of director general of the Data Protection Inspectorate.
According to Postimees, the refusal to grant Aavik access to the state secret was connected to his activity in the Council of Europe, but it was clear the ISS does not fail anyone lightly in the security check, indicating that there must have been something in Aavik's work that kept him from being granted access to the state secret.
After turning down the position of director general of the inspectorate, Aavik chose to depart the country. "I reject the claim that I am leaving the country in relation to circumstances that arose during the security check," he said. "I am also confirming that I plan to return to Estonia."
Further concerns surrounding appointment
Further concerns regarding the appointment of a director general of the Estonian Data Protection Inspectorate, however.
According to the Personal Data Protection Act, a candidate must pass the security check prior to being appointed. Aavik was appointed director general on 21 June already, though, before his check had been concluded.
According to the Ministry of Justice, different laws contradict one another in this case. According to the Civil Service Act, the competition to fill the position of director general of the Data Protection Inspectorate is considered to have failed if no one has been appointed to the post within 120 days of the application deadline. Thus, this 120-day period must include the review of documents, interviews and test rounds, and as a result, situations may arise in which an individual is appointed before passing the security check, as otherwise there would not be enough time.
The Government Office admitted the issue concerning competitions to fill top managerial posts.
"We admit that when it comes to competitions requiring security checks, the deadline set by the law is an issue," said Kristiina Tiimus, head of communications at the Government Office. "The committee for the selection of top managers will discuss how to solve this situation before announcing the new competition for the position of director general of the Estonian Data Protection Inspectorate."
Editor: Aili Vahtla
Source: BNS