Estonia, a consolidated democracy on Europe’s Baltic fringe, remains a world leader in internet freedom. Widely known for its pioneering approach to e-government, Estonia is home to few limitations on internet access, fewer limitations on online content, and robust protections for user rights. However, the country’s new government, inaugurated after parliamentary elections in March 2019, features a far-right party whose statements reveal an intention to put those protections to the test.
Democratic institutions are strong in Estonia, and political and civil rights are widely respected. A challenge facing the country is inequality, with important socio-economic differences between different parts of the country.
- Many users took to social media to express their grievances over the far-right Conservative People’s Party of Estonia (EKRE) being included in government (see B8).
- EKRE’s inclusion in government prompted the resignation of at least two journalists who claimed they were pressured to moderate their coverage of the party (see B4).
- Parliament voted to increase the military’s surveillance powers in certain emergency situations, although the President rejected the measure (see C5)
- The Supreme Court made a referral for a preliminary ruling to the Court of Justice of the European Union (CJEU) to clarify whether EU law prevents the state from using people’s metadata in the course of investigations into crimes other than serious crimes. The case is pending (see C6).
Estonia continues to be one of the most connected countries in the world, and users generally face few obstacles to accessing the internet. In January 2019, Estonia’s telecommunications regulator was merged with the consumer protection regulator.
|Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections?||6.006 6.006|
In general, there are no infrastructural limitations to internet access in Estonia. As of 2018, approximately 90 percent of households had access to the internet, according to European Union (EU) and International Telecommunications Union (ITU) data.1 According to the EU’s latest Digital Economy and Society Index, the country’s household fixed broadband penetration rate was 81percent in 2018, while its mobile broadband penetration rate was 144 percent.2 Both rates outperform EU averages.
The government continues to enhance infrastructure. The EstWin project, an initiative run by the government-established Estonian Broadband Development Foundation, works to improve fixed broadband access, and aims to achieve the country’s goal of having 98 percent of households no more than 1.5 km from a fiber-optic access point by 2020.3 The Consumer Protection and Technical Regulatory Authority (TTJA), Estonia’s telecommunications regulator, produces an online map that shows what services are available at any location in Estonia.4
Public Wi-Fi access remains strong. Estonia has numerous free, certified Wi-Fi hotspots meant for public use, including at cafes, hotels, hospitals, schools, and gas stations.5
Three mobile operators cover the country with 3G and 3.5G services, and 4G services cover over 99 percent of Estonia.6 In December 2018, the first 5G network was opened at the Tallinn University of Technology campus, though 5G services were not commercially available during the coverage period.7
Speeds are steadily improving. In 2018, 83 percent of households had access to broadband connections of 30 Mbps or more.8 The government has set a target of 100 percent high-speed (30 Mbps or more) broadband coverage by 2020.9 According to a May 2019 survey from the internet intelligence service Ookla, Estonia ranked 22 in the world for mobile broadband speeds (with an average download speed of 44.07 Mbps) and 43 for fixed broadband speeds (with an average download speed of 57.18 Mbps).10
- 1. https://appsso.eurostat.ec.europa.eu/nui/show.do?dataset=isoc_ci_in_h&l…; https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=59894; https://www.itu.int/net4/itu-d/icteye/CountryProfileReport.aspx?country…
- 2. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=59894
- 3. https://ec.europa.eu/digital-single-market/en/country-information-eston…
- 4. www.netikaart.ee
- 5. Public Wi-Fi Hotspot database in Estonia, http://wifi.ee
- 6. Annual report of the Estonian Technical Regulatory Authority 2016 https://www.ttja.ee/sites/default/files/content-editors/TJA/Aastaraamat… (p. 15)
- 7. http://www.pealinn.ee/tagid/koik/tallinnas-avati-tana-esimene-5g-vork-n…
- 8. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=59894
- 9. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=59894
- 10. http://web.archive.org/web/20190629201034/https://speedtest.net/global-…
|Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons?||3.003 3.003|
There are no significant digital divides in the country.
In general, internet connections are affordable. The 2019 Inclusive Internet Index report ranks Estonia 20 out of 100 countries in terms of the affordability of prices for connections.1 A variety of packages offering internet connections are offered at low prices, while very high-speed connections are available at somewhat higher prices. According to 2017 ITU data, monthly entry-level fixed broadband subscriptions cost 1.2 percent of GNI per capita,2 while a mobile broadband plan offering 1 GB of data per month cost 0.6 percent of GNI per capita.3 According to EU studies, prices for fixed and mobile broadband plans in Estonia are below the bloc’s averages.4 The EU’s abolition of roaming charges in 2017 has helped lower the cost of internet services. Additionally, the government-created Internet Home Project, launched in 2017, aims to provide households and offices in most parts of the country with fiber-optic connections at a subsidized price (150 euros for the last mile).5
Internet connectivity is limited in sparsely-populated rural areas. According to 2017 data, while over 80 percent of Estonians have access to internet connections of 30 Mbps or more, only 40 percent of those living in rural areas do.6
Internet usage is high among both men (87.9 percent) and women (88.3 percent), as of 2017.7 There is a larger gap in usage along age: 100 percent of 16-to-24-year-olds use the internet, while just 59 percent of 65-74-year-olds do, according to official figures from 2018.8
- 1. https://theinclusiveinternet.eiu.com/explore/countries/EE/performance/i…
- 2. https://www.itu.int/en/ITU-D/Statistics/ICTprices/Pages/default.aspx
- 3. https://www.itu.int/en/ITU-D/Statistics/ICTprices/Pages/default.aspx
- 4. https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=55892; https://ec.europa.eu/newsroom/dae/document.cfm?doc_id=57336
- 5. https://www.internetkoju.ee/
- 6. https://www.eca.europa.eu/Lists/ECADocuments/SR18_12/SR_BROADBAND_EN.pdf
- 7. ITU, accessed 24 April 2019 http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
- 8. https://www.stat.ee/news-release-2018-100
|Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity?||6.006 6.006|
The government does not exercise technical or legal control over the domestic internet. There were no government-imposed restrictions on or disruptions to internet connectivity during the coverage period. The government does not have explicit legal authority to shut off internet connections, even in states of emergency.1
|Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers?||6.006 6.006|
There are no undue legal, regulatory, or economic restrictions on Estonia’s information and communication technology (ICT) market. The Electronic Communications Act aims to develop and promote a free market and fair competition in telecommunication services.1 Information society services, meaning economic or professional activities involving the processing, storage, or transmission of information by electronic means upon a recipients’ request, are regulated by the Information Society Services Act.2 There have not been any substantive changes to the laws or to the ICT market during the coverage period.
There are over 200 operators offering telecommunications services, including six mobile operators and numerous internet service providers (ISPs). The ICT market is relatively diverse with no significantly dominant companies. However, according to the 2019 Inclusive Internet Index report, Estonia’s mobile market is “moderately concentrated,”3 while its fixed broadband market is “highly concentrated.”4 Sweden’s Telia Company is the leading mobile and fixed broadband service provider, controlling 47 percent of the mobile market and 53 percent of the fixed broadband market, according to its 2018 annual report.5
Service providers are required to register with the TTJA. There is normally no registration fee, and companies can register online.6
- 1. Electronic Communications Act RT I 2004, 87, 593. In force 1 January 2005 (major amendments 2014). For English text see: https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/521082017008/consol…
- 2. https://www.riigiteataja.ee/en/eli/504112013008/consolide
- 3. https://theinclusiveinternet.eiu.com/explore/countries/performance/affo…
- 4. https://theinclusiveinternet.eiu.com/explore/countries/performance/affo…
- 5. https://www.teliacompany.com/globalassets/telia-company/documents/repor…
- 6. Statistics of economic activities, https://mtr.mkm.ee/statistika/yld?m=157
|Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner?||4.004 4.004|
The main regulatory bodies for the ICT sector are the TTJA and the Competition Authority. In January 2019, the TTJA was created out of the merger of the Consumer Protection Authority and the Technical Surveillance Authority. The TTJA operates under the Ministry of Economic Affairs and Communications, while the Competition Authority operates under the Ministry of Justice. Both are led by directors appointed by the relevant minister after a pubic call for applications. Directors may be reappointed but are term-limited. The two entities have a reputation for professionalism and independence. There have been no reported cases of undue interference in the ICT sector or abuse of power by these regulatory bodies.
The Estonian Internet Foundation was established in 2009 to manage Estonia’s top level domain, “.ee,” and is a member of the Council of European National Top Level Domain Registries (CENTR).1 The organization represents a broad group of stakeholders in the Estonian internet community and oversees various internet governance issues.
Estonians have access to a wide range of content online, and very few resources are blocked or filtered by the government. Following a 2015 rulings on intermediary liability for third-party comments, some Estonian media outlets have modified their policies regarding commenting on their portals. The inclusion of the far-right EKRE in government has raised new fears of both content manipulation and self-censorship.
|Does the state block or filter, or compel service providers to block or filter, internet content?||5.005 6.006|
There are very few blocked websites in Estonia, and political, social, and cultural content is freely available to users.
The primary restriction on internet content remains a ban of online illegal gambling websites (see B3). As of June 2019, the Estonian Tax and Customs Board had more than 1,400 URLs on its list of illegal online gambling sites that Estonian ISPs are required to block.1
- 1. The list of restricted websites can be found on the Estonian Tax and Customs Board website: “Blokeeritud hasartmängu internetileheküljed” (Blocked gambling internet pages), Tax and Customs Board, https://www.emta.ee/et/eraklient/maa-soiduk-mets-hasartmang/blokeeritud…
|Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content?||3.003 4.004|
There have been some instances of online content being removed, although this is not a widespread issue. Many of these instances involve civil court orders to remove comments that are defamatory or otherwise damaging, pursuant to a landmark 2015 case establishing intermediary liability for third-party comments (see B3).
In addition, comments on news websites or discussion boards are sometimes removed by administrations. Most popular websites have code of conducts for the responsible and ethical use of their services and enforcement policies that allow certain content to be taken down.
According to its latest transparency report, Facebook removed seven items of content between July and December 2018 in response to requests from the government and other domestic entities. In one case, the company restricted access to content containing hate speech after the Estonian Human Rights Centre, an NGO, reported it.1 Meanwhile, the government sent five removal requests to Google between July and December 2018, targeting content relating to defamation, drug abuse, or national security.2 The company only removed content in response to two of these requests. The government did not send any removal requests to Twitter during the same period.3
Russian social media platforms Odnoklassniki (OK) and VKontakte (VK) are also popular in Estonia, but their parent companies do not release data about content removal requests.
|Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process?||4.004 4.004|
Restrictions on online content are transparent and grounded in the law. The Gambling Act, one of the few laws that imposes restrictions, requires domestic and foreign gambling sites to obtain a special license.1 Unlicensed sites are subject to blocking (see B1). The Tax and Customs Board’s list of blocked websites is transparent and available to the public.
Under the Information Society Service Act and pursuant to the EU E-Commerce Directive, service providers are generally not liable for illegal content transmitted by users.2
However, in 2015, the European Court of Human Rights (ECtHR) upheld a controversial 2009 Estonian Supreme Court decision establishing intermediary liability for third-party defamatory comments on news websites.3 The ECtHR confirmed that holding intermediaries responsible for third-party content published on their website or forum is not against Article 10 of the European Convention on Human Rights guaranteeing freedom of expression.
The EU-level Directive on Copyright in the Digital Single Market,4 which was approved in April 2019, must now be incorporated into Estonian law. Despite opposing the directive at the European Council,5 the government is bound by this obligation. The directive, among other things, establishes ancillary copyright for digital publishers and makes "online content sharing service providers" partially liable for copyright violations on their platforms.6
- 1. Gambling Act, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/507122016002/consol…
- 2. https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?d…
- 3. https://globalfreedomofexpression.columbia.edu/cases/delfi-as-v-estonia/
- 4. https://eur-lex.europa.eu/eli/dir/2019/790/oj
- 5. https://news.err.ee/930334/estonia-not-supporting-eu-copyright-directiv…
- 6. https://eur-lex.europa.eu/eli/dir/2019/790/oj
|Do online journalists, commentators, and ordinary users practice self-censorship?||4.004 4.004|
In general, self-censorship is not prevalent, and online debates are active and open.
The rhetoric of one of the parties in Estonia’s new government, the far-right EKRE, has targeted critical journalists. Within a week of the new government’s inauguration, for example, two journalists who also published their work online -- one from the newspaper Postimees and the other from the public broadcaster ERR -- resigned due to what they claimed was pressure from their editors to alter their coverage of the party.1 EKRE’s rhetoric has not yet had a chilling effect on the digital public sphere. However, given the close links between traditional and digital media, observers are concerned that the resignation of the two journalists could negatively impact online reporting.
|Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest?||3.003 4.004|
Manipulation of the online information landscape was not a significant issue during the coverage period, though EKRE has openly called for critical voices to be stifled. For example, in March 2019, EKRE vice-chair Martin Helme, who sits on the board of the public broadcaster ERR, asked his fellow board members to sanction ERR employees who criticized his party.1 The other members of Estonia’s government coalition did not support these calls.
Russian information campaigns attempt to manipulate public opinion in Estonia.2 In January 2019, Facebook removed a number of Estonia-focused accounts and pages linked to Sputnik, the Russian-backed news agency, for engaging in “coordinated inauthentic behavior.”3 In late 2018, the anti-disinformation blog Propastop observed an effort to spread the anti-EU hashtag #ESTExitEU using fake social media accounts linked to Russia.4
However, Propastop did not detect any efforts to interfere in Estonia’s March 2019 parliamentary elections.5 Similarly, Russian information campaigns did not appear to specifically target the country during the May 2019 EU parliamentary elections, though the bloc found evidence of “continued and sustained disinformation activity by Russian sources aiming to suppress turnout and influence voter preferences.”6
While press freedom remains strong in Estonia, the civil society group Reporters Sans Frontières (RSF) has expressed concern over editorial interference in the operations of leading newspaper Postimees, which also published online.7 Margus Linnamäe, the owner of the paper and member of one of the parties in the current coalition government, has presided over the resignation of five top editors since 2018 in his efforts to, according to RSF, turn Postimees into “a propaganda mouthpiece for his conservative and nationalist opinions.”8 In November 2019, the paper’s much-criticized editor-in-chief resigned due to pressure from journalists, who regarded him as interfering in their independent journalistic work.
- 1. https://www.delfi.ee/news/paevauudised/eesti/martin-helme-nouab-err-ilt…
- 2. The yearbook of the Estonian Internal Security Service (KAPO), pg. 9. https://www.kapo.ee/sites/default/files/public/content_page/Aastaraamat…
- 3. https://newsroom.fb.com/news/2019/01/removing-cib-from-russia/
- 4. https://www.propastop.org/eng/2018/12/20/attention-provocative-fake-new…; https://www.propastop.org/eng/2019/01/04/hashtag-estexiteu-is-being-dis…
- 5. https://www.propastop.org/eng/2019/03/12/did-foreign-sources-influence-…
- 6. https://eeas.europa.eu/sites/eeas/files/joint_report_on_disinformation…, pg. 3
- 7. https://rsf.org/en/estonia
- 8. https://rsf.org/en/news/editors-abandon-estonias-leading-daily-because-…
|Are there economic or regulatory constraints that negatively affect users’ ability to publish content online?||3.003 3.003|
There are few economic or regulatory barriers to posting content online. Online news websites do not need to register with the government to operate.1
In line with the EU, Estonia supports net neutrality. Providers found to be in violation can be fined up to 9,600 euros ($10,700).2
|Does the online information landscape lack diversity?||4.004 4.004|
A diverse range of content is available online. The most popular website is Google, followed by YouTube and Facebook. The major Estonian news portals Delfi and Postimees are the fourth and fifth most popular sites, respectively.1 Estonians use the internet for uploading and sharing original content such as photographs, music, and text, more than the average in the EU.2 Knowledge of foreign languages among Estonians is high, which facilitates access to diverse content.3
- 1. See: https://www.similarweb.com/top-websites/estonia, accessed 26 April 2019.
- 2. “Individuals Using the Internet for Uploading Self-Created Content” Eurostat, accessed 26 April 2019. http://ec.europa.eu/eurostat/tgm/refreshTableAction.do?tab=table&plugin…
- 3. http://www.studyinestonia.ee/estonia-ranks-high-english-proficiency
|Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues?||6.006 6.006|
Estonians use social media platforms to share news and information, as well as generate public discussion about current political issues. Online petitions are also popular. There were no restrictions on mobilization tools during the coverage period.
There has been a strong counter-reaction online to the inclusion of EKRE in government. The movement “Kõigi Eesti” or “My Estonia Too” (which uses the hashtags #KõigiEesti, #MyEstoniaToo, and # ОбщаяЭстония) is the main vehicle for this counter-reaction.1 Kõigi Eesti’s online activism has contributed to offline action: in April 2019, 10,000 people attended a concert organized by the movement.2
The state runs a website that enables people to compile, send, and monitor initiatives with at least 1,000 digital signatures to the parliament.3 Since 2013, citizens have been able to engage online as well as offline in a “people’s assembly” focusing on issues of and ideas for active aging.4
- 1. https://news.err.ee/922982/koigi-eesti-movement-launched-by-concerned-r…
- 2. https://news.err.ee/930511/gallery-koigi-eesti-laul-concert-brings-10-0…
- 3. Rahvaalagatus (Citizens initiative), accessed 10 May 2018 https://rahvaalgatus.ee/
- 4. Rahvaalgatus, accessed 10 May 2018 https://uuseakus.rahvaalgatus.ee/
Freedom of expression online is protected by the constitution and by the country’s obligations as an EU member state. Anonymity is unrestricted, as is the use of encryption. However, concerns about the government’s retention of metadata persist. The state has succeeded in reducing the number and severity of cyberattacks against its infrastructure.
|Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence?||6.006 6.006|
All citizens have the constitutional rights to freely obtain information and to freely disseminate ideas, opinions, beliefs, and other information.1 There are no obstacles to people exercising their right to freedom of expression online.
The judiciary in Estonia is independent, and there have not been any instances of political interference with the judiciary. Over 60 percent of Estonian trust the judiciary, according to 2018 survey data.2
Protections for journalists, which include the right to confidentiality of sources, are strong.3
|Are there laws that assign criminal penalties or civil liability for online activities?||3.003 4.004|
In practice, there are few limits on freedom of expression online. Speech that publicly incites hatred, violence, or discrimination on the basis of nationality, race, color, gender, language, origin, religion, sexual orientation, political opinion, or financial or social status is punishable by a fine of up to 3,200 under the penal code.1 Such speech is also punishable by up to three years in prison if it leads to the “death of a person or results in damage to health or other serious consequences.”2
In October 2017, the CJEU sought to clarify EU law in a case on internet jurisdiction at the request of the Estonian Supreme Court.6 The ruling considered whether a defamation case can be brought before a court in Estonia if the company affected is based domestically, despite the infringing content being published on a Swedish website. The EU Court clarified that the party affected may sue in the country where its center of interest resides, but noted that it is not possible to bring cases in any country where the online information is accessible.7
- 1. Article 151 Penal Code, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/519012017002/consol…
- 2. Article 151 Penal Code, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/519012017002/consol…
- 3. The amended Penal Code was adopted in 2001 and entered into force in 2002.
- 4. RT I 2001, 81, 487; in force 1 July 2002. In English at https://www.riigiteataja.ee/en/eli/524012017002/consolide
- 5. Cases from the Estonian Supreme Court are available at http://www.nc.ee/?id=194
- 6. Regulation 1215/2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters.
- 7. Judgement of the Court 17 October 2017 in Case C-194/16 Bolagsupplysningen OÜ and Ingrid Ilsjan v. Svensk Bolagsuppkysning AB. Available at https://curia.europa.eu
|Are individuals penalized for online activities?||6.006 6.006|
There were no cases of prosecutions or detentions for online activities during the coverage period.
|Does the government place restrictions on anonymous communication or encryption?||4.004 4.004|
There are no governmental restrictions on anonymous communication or encryption. There are no SIM card registration requirements.1
Some major news sites have limited anonymous commenting on their articles in reaction to the establishment of intermediary liability for third-party defamatory comments on internet news portals (see B3).
|Does state surveillance of internet activities infringe on users’ right to privacy?||6.006 6.006|
Government surveillance is not intrusive, and the constitution guarantees the right to the confidentiality of messages sent or received.1
Parliament’s Security Authorities Surveillance Select Committee oversees surveillance and security agencies. The committee monitors the activities of theses bodies to ensure conformity with the constitution, the Security Authorities Act,2 and other regulations, which include necessity and proportionality requirements.
The prosecutor´s office monitors surveillance activities and reports regularly to the Select Committee. In an overview provided in February 2018, the chief prosecutor reported that during 2017, permission for surveillance was granted in 2 percent of cases where the law allowed. Surveillance was mainly used in cases concerning organized crime as well as crimes relating to drugs and taxes.3 More recent data is not yet available.
In February 2019, parliament voted to amend the Defence Forces Organisation Act to allow the military to access private data and surveil citizens under certain emergency circumstances.4 However, President Kersti Kaljulaid rejected the measure in March 2019, arguing that it trampled over basic rights. Parliament passed the amendment again, and Kaljulaid again vetoed it.5 The Supreme Court is expected to review the constitutionality of the proposed amendment in late 2019.6
- 1. https://www.president.ee/en/republic-of-estonia/the-constitution/
- 2. https://www.riigiteataja.ee/en/eli/522032019003/consolide
- 3. https://www.riigikogu.ee/pressiteated/julgeolekuasutuste-jarelvalve-eri…
- 4. https://news.err.ee/946931/riigikogu-backs-extension-of-military-survei…
- 5. https://news.err.ee/953694/supreme-court-to-decide-on-military-surveill…
- 6. https://news.err.ee/981023/president-and-riigikogu-to-meet-in-court-ove…
|Are service providers and other technology companies required to aid the government in monitoring the communications of their users?||4.004 6.006|
Estonia has strong laws protecting citizens’ personal information, although service providers are mandated to retain user data. The General Data Protection Regulation (GDPR), which came into force in all EU member states in May 2018,1 puts limits on how interested parties can use and store Estonians’ data.
Additionally, the Personal Data Protection Act (PDPA) was amended in 2018 and entered into force in January 2019.2 The law contains the provisions left by the GDPR to EU Member States' legislation, which includes certain exceptions like those identifying instances when the media can use personal data if it is in the public interest.
The Data Protection Inspectorate is the supervisory authority PDPA.3 In addition, the Chancellor of Justice (ombudsman) can make suggestions regarding data protection.
Service providers are required to collect and retain a substantial amount of metadata. These requirements were established under the Electronic Communications Act, which aligned with EU legislation. They were cast into doubt by the CJEU in April 2014, when the court found the European Data Retention Directive (2006/24/EC) to be invalid.4
Article 111 of the Electronic Communications Act outlines various restrictions on how this data can be stored and used. Data shall be kept for one year, unless there are special circumstances determined by the government that justify keeping it longer, such as maintaining public order and national safety. Article 112 regulates how requests by law enforcement authorities or other agencies can be made in relevant situations, such as criminal investigations, as provided by law. Judicial approval is not always required. These requests for data are kept by the requesting agency for two years. Article 112 also stipulates that operators shall inform the TTJA of requests made and measures undertaken. The Electronic Communications Act has been criticized for allowing requests for metadata in too many situations. While Estonia’s Chancellor of Justice has found that the system does not contradict constitutional guarantees, the office has questioned the proportionality of the law.5 Beyond the Electronic Communications Act, there are no other provisions requiring companies to monitor communications, and such requests are not routinely made by the government.
In November 2018, Estonia’s Supreme Court made a referral for a preliminary ruling to the Court of Justice of the European Union (CJEU) to find out whether EU law, such as the Charter of Fundamental Rights, prevents the state from using people’s metadata (such as origin and destination of a message, location, date, time, and type of device used) in the course of investigations into crimes other than serious crimes. The Court has asked for clarification on whether this sort of access to data is justified and proportional, and whether the process should include judicial review.6 The case is pending.
- 1. Personal Data Protection Act, https://www.riigiteataja.ee/akt/104012019011
- 2. Regulation 2016/679 https://publications.europa.eu/en/publication-detail/-/publication/3e48…
- 3. https://www.aki.ee/en
- 4. The ECJ court ruling pertained to the cases Digital Rights Ireland Ltd (C-293/12) and Kärntner Landesregierung (C-594/12) and is available at http://bit.ly/1yF25p3.
- 5. https://www.oiguskantsler.ee/sites/default/files/field_document2/elektr…
- 6. Case I-16-6179, https://www.riigikohus.ee/et/lahendid?asjaNr=1-16-6179/85
|Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in retribution for their online activities?||5.005 5.005|
There have been no physical attacks against users or online journalists, though online discussions are sometimes inflammatory. Critics as well as supporters of EKRE have faced online harassment, including threats of violence, for their views.1
- 1. https://www.theguardian.com/world/2019/may/21/racism-sexism-nazi-econom… For cases, see complaints made to the Press Council regarding reporting about EKRE and organisations close to it (cases pending), https://www.eall.ee/pressinoukogu/kaebused.php
|Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack?||3.003 3.003|
According to the ITU’s Global Cybersecurity Index, Estonia ranks fifth in the world and fourth in Europe in regards to its commitment to ensuring cybersecurity.1 In 2018, the government allocated additional funds to advancing the country’s online security, as well as adopted a new Cyber Security Strategy for 2019-2022.2
Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defence League.3 With more than 150 experts participating, the league has simulated different security threat scenarios in defense exercises, with the aim of improving the technical resilience of telecommunication networks and other critical infrastructure.4
As an additional measure to ensure the security of public electronic data, Estonia has established the first of several planned “data embassies.” The first embassy, based in Luxembourg, stores public data and information systems in the cloud, enabling the Estonian state to function in the event of a cyberattack or other political crisis within the country. The agreement between the two governments to establish the embassy was signed in June 2017, and the embassy was completed in 2018. The data embassy is granted the same privileges bestowed upon traditional embassies.5
The Estonian e-governance infrastructure suffered one of its first major challenges in 2017, when a chip malfunction that could lead to potential security breaches was discovered in government-issued ID cards6 In response, the government recalled security certificates for more than 760,000 ID cards, which made their electronic use impossible until the certificates had been renewed. The issue was apparently discovered before any data was compromised. Despite delays in fixing the issue, the certificates were renewed, and the incident has not significantly affected the public’s trust in e-governance. 7
Parliament adopted a new cybersecurity law in May 2018. The law implements the EU Directive 2016/1148 on measures for a high common level of security of network and information systems.8 It includes requirements to have a computer security incident response team (CSIRT) and a competent national network and information security (NIS) authority (which Estonia previously had), and strengthens cooperation among EU member states. Businesses identified as operators of essential services will be required to take appropriate security measures and to notify serious incidents to the relevant national authority.9
The North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Center of Excellence is located in Tallinn. Since its founding, the center has supported awareness campaigns and academic research, and hosted several high-profile conferences, among other activities. The center organizes an annual International Conference on Cyber Conflict, or CyCon, bringing together international experts from governments, the private sector, and academia, with the goal of ensuring the development of a free and secure internet.
- 1. Global Cybersecurity Index 2018 https://www.itu.int/en/ITU-D/Cybersecurity/Documents/draft-18-00706_Glo…
- 2. https://www.ria.ee/sites/default/files/content-editors/kuberturve/kuber…
- 3. Cyber Security Strategy 2014-2017, https://www.mkm.ee/sites/default/files/cyber_security_strategy_2014-201…
- 4. “Estonian Defense League’s Cyber Unit,” Kaitseliit (Defence League), http://www.kaitseliit.ee/en/cyber-unit
- 5. https://www.riigikogu.ee/pressiteated/majanduskomisjon-et-et/majandusko…
- 6. https://www.id.ee/index.php?id=38176
- 7. https://www.id.ee/index.php?id=38176
- 8. https://www.riigikogu.ee/tegevus/eelnoud/eelnou/61815f7a-1025-4aea-9b0e…
- 9. https://ec.europa.eu/digital-single-market/en/network-and-information-s…
See all data, scores & information on this country or territory.See More
Global Freedom Score94 100 free
Internet Freedom Score94 100 free
Freedom in the World StatusFree