
Digital Rights
The right to privacy and protection of personal data is increasingly under threat in the information age. Both the country’s expanding databases and the data collected by Internet companies make it possible to create detailed profiles based on peoples attitudes and behaviour and exploit them. The surveillance activities of security agencies (including stalking) and the storage of communication data are just some of the challenges Estonia faces.
The Estonian Human Rights Centre has directed attention to the problems related to the protection of personal data in Estonia and covered privacy issues in the “Human Rights in Estonia” report. The Human Rights Centre also deals with data protection consulting and strategic advocacy including strategic litigation.

Counseling
Individual consulting and strategic litigation on topics related to privacy and data protection.

Every click counts!
Along with our data protection video campaign, we published materials to better understand how to navigate the web safely and privately.
Data protection rules
Each person has the right to control the data about them: personal data cannot be used with permission unless there is other legal basis for it.
There are strict rules regarding processing of personal data:
- personal data cannot be processed without legal basis or consent of the individual;
- personal data can only be processed for a specified purpose;
- you can only collect and process personal data that is strictly necessary for the purpose;
- personal data can be retained only as long as the purpose exists;
- personal data must be kept secure and protected against unauthorised processing or access (including leaks and hacking);
- the data controller must show that it respects the above principles, i.e. is accountable.
The person, whos data is processed (the data subject), has extensive rights:
- the right to be informed about processing and the controller;
- the right to access to their personal data and get a copy of it;
- the right of rectifiction of incorrect data;
- the right to erasure (so called “the right to be forgotten”);
- the right to data portability to another service provider (from May 2018);
- the right to object to processing of data, including for direct marketing purposes;
- the right to object to automated processing when it creates legal consequences for the individual.
On 25 May 2018, the General Data Protection Regulation becomes in force in all EU Member States, including Estonia. This replaces the previous Member State level legal acts, such as the Personal Data Protection Act in Estonia.
In case of breach of data protection rules, it is possible to turn to independent data protection authorities, in Estonia this is the Data Protection Inspectorate. In case of violation of personal data by state and security/surveillance authorities, the Chancellor of Justice can also help. It is also possible to turn to the courts.
News


Victory from Estonian Supreme Court: Restricting Communication Opportunities for Asylum Seekers Contravenes the Estonian Constitution
20. June 2023
Empowering Everyday Citizens: The International Project Bringing You into the EU Decision-Making Process
6. April 2023
Conference on AI and Human Rights on January 26
5. January 2023People

Mari-Liis Vähi
Digital Rights and Data Protection Specialist
mari-liis.vahi@humanrights.ee