When people talk about digital solutions and e-services in general, there are a number of doubts and fears that often pop up. Actually, it would even be better to call them myths. I would like to address three of the most common myths that we’re often asked about when discussing digitalisation.
1. There is a single database somewhere in Estonia where all the citizen data is stored
There is no such database anywhere. Our data has been decentralised by a large number of institutions and databases. The more data institutions have, the bigger their power and responsibility is. To disperse this, Estonia has a decentralised system. Institutions exchange information between each other over the public internet via a system called X-Road. This helps store information in a distributed way while securely communicating through a data exchange layer. The system ensures interoperability, confidentiality and integrity between institutions and platforms. The exchange authentication includes multi-level authorisation and processing logs. What is more, all data is encrypted and signed, and all of the included parties are strongly identifiable.
2. There is an institution or person who has access to all the citizen data
The biggest fear people have about digitalisation is the threat that someone can control and see all of their information – from salary information to medical records. This threat is also avoided thanks to the X-Road. In this case we have to address confidentiality: who can access the information and on what conditions. Once a new member joins the X-Road, case specific additional agreements about data exchange need to be signed. An institution is only able make limited requests to another member: they need to have a mutual agreement and every data request is logged and cannot be contested. Therefore, when institutions exchange our personal data, we can easily see all the logs in the state portal under the data-tracker. To make sure which agreement institutions have between each other, the Information System Authority has created a platform- X-Road visualiser shows which institutions are connected.
3. Private companies who provide e-solutions to Estonia can have access to our private information
The Estonian digital society relies strongly the private-public partnerships. For example, the infrastructure of X-Road for Estonia is provided and managed by the Information System Authority, while the technology behind it was built by several private sector companies. It is up to the state to provide a suitable framework for facilitating collaboration with private companies while at the same time making sure citizen data is appropriately protected.
To sum up, to avoid spreading misconceptions about digitalisation it is important that we talk openly about who owns the data, who has access to it and the purposes it’s used for. Awareness and education are the key to understanding and accepting.
Speaker at e-Estonia Briefing Centre