Privacy win! Data retention law to be overhauled in Estonia

Responding to long-time pressure by the Estonian Human Rights Centre and others, the Ministry of Justice has drafted a proposal for a new draft law to amend the provisions of Electronic Communications Act that require mass communications metadata retention. Estonian Human Rights Centre has called upon the rules to be changed since 2014-s CJEU decision which declared the data retention directive, based on which Estonian law was adopted, invalid. It should be noted that in Estonia, communications metadata (including sensitive location data) is used not only to fight serious crime, but also for minor crimes and misdemeanours as well as in civil lawsuits.

The proposal confirms that the current system of communications data retention is not in compliance with the case law of the Court of Justice of the European Union. The proposal includes a brief outline of a tiered, proportional system for retention and use of data, but is short on details.

The Estonian Human Rights Centre stated in our opinion to the proposal that nobody wins if human rights and internal security are set against each other. Mass-surveillance (including mass data retention) breaches trust between the citizenry and the state and thus should not be used in a democratic society.

We thus stated that there should not be a blanket and indiscriminate retention requirement for communications service providers and that the law should be limited to regulation of if, when and how can communications data already processed and stored by telecommunications providers can be accessed and used in case of individual cases. There, we emphasised the need for better oversight and notification.

We also raise the issue that the non-compliant provisions of the law should not be applied until new regulation is in place that safeguards against violations of human rights.

#humanrightsinestonia #privacy