Technology and new tools open wide the doors to new possibilities in e-governance, that’s out of doubt. Equally relevant, however, is to subscribe to basic principles guiding the journey of citizens and governments in a digital society. Transparency, and the privacy of people’s personal information in data exchange, are among those principles. They are fundamental to foster trust in the effective functioning of the whole system.
The right to the protection of personal data and the right to public information figure in the Estonian constitution. In the event of violations, the agency to turn to is the national Data Protection Inspectorate. But, in the meantime, the Information System Authority (RIA) has made another ally available to citizens – the data tracker.
We always know who sends the query
Since 2017, the tool gives citizens the possibility to always keep an eye on who is accessing their data, and for what reasons. In this way, anyone with an eID can log in to the state portal eesti.ee and review the full list of queries concerning their personal information.
Today, four major government agencies participate in the project, making possible the automatic tracking of personal data usage by subject. They are:
- The Population Register, under the jurisdiction of the Ministry of the Interior;
- The Health Insurance Fund;
- Eesti Töötukassa, the Estonian Unemployment Insurance Fund;
- The Social Insurance Board.
Sander Randorg is Product Owner of the data tracker at the Information System Authority (RIA). He told us how this level of transparency is necessary to enhance trust in both public and private actors.
“The inner workings of state IT systems can remain quite a mystery to the average citizen. Even more, when it comes to the knowledge of how their personal data is being used. How can the data usage monitor shed some light on this matter? By giving a detailed overview of the events in which their data was either shared to another party or processed internally,” Randorg explains.
Transparency enhances trust in institutions
At the time of launch, several government agencies were already offering a similar service, although in a pretty siloed way. The new data tracker allowed the implementation of a universal solution, adaptable to different databases and agencies. Moreover, the adoption of a ready-made solution lowered the cost of implementation in a wide area of different use cases. From the users’ side, it also made their experience more homogeneous when navigating access logs to their data across different government databases.
“We are now trying to achieve a situation where people can connect real-life events with data exchange logs on the computer screen. Even if there has not been a specific event, the behind-the-scenes should be as transparent as possible. This would prevent any kind of doubt or distrust towards the data processors. We have been blessed by relatively high citizen trust, and it is with this kind of efforts that we have to constantly maintain that bar high,” Randorg states.
People’s right to know who is using their data is also stated in the Estonian Data Protection Law and the European GDPR. As Randorg highlights, “Automating the process of using that right will definitely affect the overall state of personal data related matters in a positive way.” The data tracker is an important tool in increasing awareness about personal data use in the national IT system. “In some cases, law enforcement authorities – such as the Data Protection Inspectorate – can also benefit from the information people acquire from such tools, and can even track down possible offenders,” Randorg continues.
Everything flows on our digital highway
It should not come as a surprise that we are so careful about the way we handle data. 479 institutions and enterprises rely on the national data exchange layer X-Road – and over a million Estonian citizens and residents. Four core databases are currently covered by data access tracking, providing observers with an initial understanding of the volume of information exchange taking place every day on X-Road.
Among the five most popular service providers, as per number of queries received only in the last month, we can find indeed:
- The Employment Register (11 767 330 queries);
- The Health Information System (8 828 045 queries);
- The Population Register (7 298 599 queries);
- The Health Insurance Fund (7 182 244 queries).
X-Road is active since 2001, placing Estonia globally at the forefront of efficient interoperability in the public administration. As of the beginning of this month, over 5 billion queries have been exchanged on the X-Road – and counting. Almost 986 million requests took place in 2018, confirming how much the functioning of our e-state relies on it.
On their part, Estonians would agree that, to efficiently run public services, technological developments are the way to go. They see it in boring tasks becoming quicker, interactions with government offices running smoothly. But they also know that four eyes are better than two. The data usage monitor is a simple tool, but its main strength may lie in something else than access logs. It empowers citizens to participate in the building of a digital society based on a core, necessary ingredient for life in communities – trust. And by enhancing trust, we generate more of it in return.