On May 20, 2013, the Estonian Data Protection Inspectorate issued its Annual Report 2012 (the “Report,” summary available in English). The number of inquiries, complaints and supervision proceedings have remained the same over the last few years. The main topics of complaints include employment relations, CCTV, electronic direct marketing and social media. The Inspectorate stated that its primary goal is to stop violations of the law, not to impose sanctions. According to the Report, the Inspectorate issued orders regarding compliance in 48 cases and imposed fines in 39 cases.
Two topics of concern highlighted in the Report include: (1) the misuse of the Population Register and (2) publication of private individuals’ debt information by debt collecting and credit companies on the Internet. According to the Report, only 2 out of 66 companies monitored in 2012 were publishing private debt data on their websites in full compliance with the Estonian Personal Data Protection Act. The Report indicated that the Inspectorate ordered five debt collecting and credit companies to remove lists of private individuals from their websites.
With respect to international cooperation, the Inspectorate voted against and submitted a dissenting opinion to the Article 29 Working Party’s Opinion 01/2012 on the data protection reform proposals because of uncertainty regarding whether the proposed reform package is in line with the declared purposes.
The Estonian Data Protection Inspectorate presents its report to the Parliament’s Constitutional Committee and the Chancellor of Justice regarding how private and public organizations comply with the Personal Data Protection Act and the Public Information Act on an annual basis.