Transparency, security, and safety lie at the foundation of governance in the 21st century. As most data points we create during our lifetime are stored online, this automatically raises a question of security and trust between the government and its citizens. An effective e-governance system requires the population to trust government information systems properly. If there is a lack of trust, citizens would most likely refuse to provide any pieces of personal information for governmental systems or institutions to process them.
Estonians take privacy very seriously. We have developed e-government services to improve economic stability, quality of life, and the availability of essential resources. To build trust, Estonia uses transparency, digital signatures, and personal message encryption. But, who is the actual owner of the data that has been stored by governmental institutions? I have some fantastic news for you – it’s actually the citizens themselves! One can use his/her ID card as the key to government information systems, enabling him/her to keep track of who has accessed their data and, in the case of personal medical data, for instance, to allow or deny access at different levels for doctors. Only yesterday the news broke that an Estonian police officer and a medic were punished for inappropriately looking at citizen data. Adam Rang, a well-known British journalist living in Estonia wrote well on the subject: “The police officer checked the record of his future wife-to-be. The medic checked why an ambulance had been called to a specific address at the request of a nosy neighbour. Both were caught because our data is digital and access by officials is controlled through our digital ID system and logged through public ledger technology. Citizens own their own data in Estonia and have the right to challenge officials who look at it inappropriately. Both the police officer and the medic quickly admitted their wrongdoing, were judged to have shown remorse and have paid a fine.” He also, correctly, posed a question to the many people elsewhere in the world still thinking digital is riskier than paper: So how do you know who is looking at your paper records right at this moment?
In Estonia, confidentiality, integrity, and availability are the key aspects of the e-services. To acknowledge it better, individuals can see and control only their data. All the rules are public, and data must be protected. Governmental institutions are firmly accountable for all the data processing and security to provide the highest protection for their citizens. From the start, Estonia’s main aim was to create “a clean state” where trust would be a fundamental element. Therefore, governmental information systems were set up so they could not abuse individual citizens’ rights or society as a whole. Crucially, the Estonian government was fully aware that one instance of failing to maintain privacy would likely cause the collapse of trust in general and could hamper the development of new solutions in the future. Quite frankly, we couldn’t afford to fail.
But it was not enough to protect data stored in government information systems. We also had to protect data in transit, meaning between the user and the government’s database. Therefore, integration between information systems and components was needed, and it included both the transport and transit of data. That is also one reason Estonia started using the data exchange platform X-road to provide a once-only policy and exchange data securely.
This leaves the question of who is responsible for ensuring the privacy of data in Estonia? That’s where the Data Inspectorate comes in. Exchanging and processing information without a legal basis has always been forbidden. Government institutions cannot build new information systems or create new data exchange procedures without explicitly justifying these plans based on Estonian law. At any second, we have the right to know and control what happens to our data and inform the Data Inspectorate if we have any concerns about it. We have a complete record of everyone who has ever looked through our data, including medical records.
Data protection has to be the government’s top priority, and data security management clearly has become one of the state’s strategic functions. No compromises. One thing is clear; data belongs to us, and it is the government’s responsibility to provide the highest level of security and trust. Otherwise, you can’t call it 21st-century e-governance. (In Estonia, we are lucky to be able to do just that.)
Today, e-governance and e-services have become a necessity in every country. e-Estonia Briefing Centre – the gateway to Estonian expertise in e-governance, invites you to connect with the Estonian IT companies directly responsible for the successful functioning of the e-state even during a pandemic. Get in touch with us to set up your custom virtual programme with the best partners: firstname.lastname@example.org