1. e-Government Centre Moldova
Digital security for better governance
and public services
Digital information security trainings
2013
Chisinau
12.03.2013
2. e-Government Centre Moldova
Role of Data Protection Inspectorate -
protecting civic rights
Hannes Astok
Senior Expert
eGovernmance Academy
12.03.2013
3. Based on the lecture of
Dr. Viljar Peep
Director General
Estonian Data
Protection Inspectorate
4. What DPI protects?
1. Right to privacy (incl. right to limitation of usage of
your personal information)
2. Right to access your personal information held by
public and private entities
3. Right to ask for information about activities of public
entities
4. Right to see important information of public sector
on the web
4
5. Right to privacy
Right to privacy: limitations to usage of personal
information
Right to access your personal information
- Convention, Directive, Constitution, national
legislation (Personal Data Protection Act)
- Direct marketing, e-commerce: special directives,
national legislation
5
6. Privacy limitations to usage of personal
data
Right to give consent for processing of personal data, unless
provided otherwise:
- media, credit data, science and statistical researches etc.
Right to appoint purposes of processing and transfer of data to third
persons
Right to prohibit direct marketing or in some cases only with prior
consent
Right to be informed about the data processing, if the data source is
other than data subject
Right to access personal data
Right to demand for correction, deleting, termination of disclosing
personal data etc.
6
7. Freedom of information
1st generation law: right to ask for information
2nd generation law: right to see on the web
- Convention, PSI directive, constitution, national
legislation (Public Information Act)
7
8. Organization of DPI
A supervisory authority for privacy and for Freedom of
Information (FOI)
Staff: 18 civil servants, mostly lawyers.
Director General – appointed by Govt, 5-year term, judge-like
position.
Legislative drafting and financial audit in competence of
Ministry of Justice.
Independency in supervision activities. Active power:
precepts, penalties etc.
Right to direct reporting to Ombudsman (Legal Chancellor)
and Constitutional Committee of Parliament.
8
9. How DPI works
1.Legal assistance, formation of good practice:
– explanations (individual and public),
– guidelines, recommendations,
– round tables and conferences:
–incl. the permanent round table of high level
experts.
9
10. How DPI works
2. Supervision:
– complaint-based or ex officio,
– right to demand explanations,
– right to inspect on the spot,
– right to access to the equipment, documents and
databases,
– right to issue precepts.
10
11. How DPI works
3. Enforcement and punishment:
– compulsion payments (repeatedly),
– urgency measures on expense of personal data
processor,
– misdemeanour procedure: fine as financial
penalty (DPI is also quasi-judicative body).
11
12. How DPI works
4. Authorisation:
– processing of sensitive personal data,
– approval of public sector databases,
– scientific data processing without the consent
of the person,
– transmission of personal data to foreign
countries with insufficient level of privacy
protection.
12
13. Some annual figures
– Explanations: thousands (paper- and e-mails, duty
officer phone, public guidelines…)
– Regist. of sensitive data processing: 960/1460
– Approval of public sector databases 91/265
– Complaints 358/306
– Inspections on the spot 71/53
– Warnings, precepts 247/508
– Misdemeanour procedures 23/46
– Penalties, fines 14/12
13
14. Topics in privacy protection
• Commerce – using personal data without consent.
Unwanted sales calls and spam emails. Debtors disclosure.
• Politics – using personal data without consent. Unwanted
campaign calls and spam emails.
• New media – using pictures without consent. Disclosure
of private life. Web cams. Identity theft
• Administration – police database, Schengen IS. use of
databases for political purposes. Unclear retention terms.
14
15. Freedom of Information topics
• Laziness of holders of public information:
- requests are not answered within 1 week,
- web-based document register (index of records) is not kept
properly,
- required information is not published on website.
• Legal disputes:
- should the FOI Act be applied or not?
- are restrictions applied correctly?
• A general problem – weak or missing unification of public sector
information on the web.
15
16. How is provided the availability of public
sector information?
Main tools:
• Documents’ register of the authority
• Webpage of the authority
• Estonian State Portal, www.eesti.ee
Ways to receive the information:
• Request for information (to answer in 5 working days)
• Direct access through documents’ register (in case of
digital documents)
• The information is made available on the webpage of the
authority or www.eesti.ee
• Emergency information through the mass media
16
17. Q&A
Learn more
http://www.aki.ee/eng/
Hannes Astok
www.ega.ee | hannes@astok.ee| +372 5091366 | hannesastok
E-Governance Academy | Tõnismägi 2, 10112 Tallinn, Estonia
Presentation Title 12.03.2013