|A Obstacles to Access||25 25|
|B Limits on Content||32 35|
|C Violations of User Rights||37 40|
During the coverage period, Estonia, a consolidated democracy and European Union (EU) Member State, remained a global leader in internet freedom. Widely known for its pioneering approach to e-government, the Estonian government places few limitations on internet access, fewer limitations on online content, and robust protections for user rights. This approach served Estonia well during the COVID-19 pandemic, as society was able to function with relatively little interruption by making use of digital public services.
Press freedom came under strain during the coverage period, however. The country’s leading newspaper was dogged by allegations of self-censorship, and two of its journalists were held personally liable for defamation in a novel civil case. Controversially, the government threatened to prosecute Estonian employees of Sputnik, an online news outlet sponsored by the Russian government, leading to the suspension of Sputnik’s in-country operations.
Democratic institutions are strong, and political and civil rights are widely respected in Estonia. Right-wing and Eurosceptic populist forces are, however, becoming increasingly vocal.
- Estonian internet users were largely able to access and benefit from e-government services, including distance learning and virtual court hearings, as the COVID-19 pandemic spread during the coverage period (see A2).
- In November 2019, the editor in chief of Estonia’s largest daily newspaper, Postimees, resigned after some of its reporters accused him of instructing them to soften their political coverage (see B4).
- In a novel November 2019 civil case, two Postimees journalists were held personally liable for defamation (along with the newspaper) for a 2017 article about a businessman (see C3).
- In January 2020, Sputnik, an online news outlet sponsored by the Russian government, suspended its operations in Estonia after the Estonian government threatened to prosecute its local employees for violating EU sanctions (see B6).
Estonia is among the most connected countries in the world, and users faced few obstacles to accessing the internet. During the coverage period, a legal dispute held up the development of 5G technology in the country.
|Do infrastructural limitations restrict access to the internet or the speed and quality of internet connections?||6.006 6.006|
In general, there are no infrastructural limitations to internet access in Estonia. According to Statistics Estonia, the state statistics agency, 90 percent of households have internet connections, while 98 percent of people aged 16 to 44 use the internet daily or almost daily.1 According to the EU’s latest Digital Economy and Society Index (DESI), 83 percent of households had fixed-line broadband connections in 2019, while mobile broadband penetration reached 152 percent.2 Both rates outperform EU averages.
The government continues to enhance information and communications technology (ICT) infrastructure. The EstWin project, run by the Estonian Broadband Development Foundation, a state-supported foundation, is working to improve fixed-line broadband access in line with the country’s goal of having 98 percent of households no more than 1.5 kilometers from a fiber-optic access point by 2020.3 So far, EstWin has delivered 7,000 kilometers of backhaul network.4 In 2018, the utility company Elektrilevi received 20 million euros ($23 million) from the state to build last-mile connections that bring high-speed internet access to 40,000 consumers by 2023.5 The Ministry of Economic Affairs and Communications is also preparing another development project to bring high-speed internet to the most remote areas in Estonia, in line with the EU’s 2025 Gigabit Society objectives.6
The Consumer Protection and Technical Regulatory Authority (TTJA), the telecommunications regulator, produces an online map that shows what internet services are available at any location in Estonia.7 Public Wi-Fi connections are commonplace, including at cafés, hotels, hospitals, schools, and gas stations.8 According to the 2020 Inclusive Internet Index, 3G mobile networks cover 100 percent of Estonia’s population, while 4G mobile networks cover 99 percent.9 The government adopted a “5G Roadmap” in 2019 which envisions the commercial rollout of 5G services in cities by 2023.10 However, the development of 5G networks was delayed by a legal dispute over the auctioning of radio frequencies (see A4).11
In the company Cable’s 2020 “Worldwide Broadband Speed League,” Estonia ranked 21st in terms of mean download speed, which stood at 70.9 Mbps.12 According to the company Ookla, the average fixed-line broadband download speed was 49.57 Mbps in May 2020, while the average mobile broadband download speed was 65.79 Mbps.13
- 1“90 percent of households in Estonia have internet at home,” ERR News, September 19, 2019, https://news.err.ee/981944/90-percent-of-households-in-estonia-have-int….
- 2European Commission, “Digital Economy and Society Index 2020: Estonia,” https://ec.europa.eu/digital-single-market/en/scoreboard/estonia.
- 3European Commission, ”Shaping Europe’s Digital Future: Estonia,” accessed on September 29, 2019, https://ec.europa.eu/digital-single-market/en/country-information-eston….
- 4The Consumer Protection and Technical Regulatory Authority, “Avalik konsultatsioon: lairiba teine etapp” [Public consultation: the second phase of broadband], May 8, 2020, https://www.ttja.ee/sites/default/files/content-editors/Lairiba/avalik_….
- 5“Riigi 20-miljonilise konkursi viimase miili rajamiseks võitis Elektrilevi [Elektrilevi won the country’s 20 million competition to buld the last mile],” ERR News, October 29, 2018, https://www.err.ee/872826/riigi-20-miljonilise-konkursi-viimase-miili-r….
- 6Hindre, M., ”Järgmisse viimase miili projekti loodab riik kaasata ka EL-I [The coutry hopes to involve the EU in the next last mile project],” ERR News, February 20, 2020, https://www.err.ee/1055146/jargmisse-viimase-miili-projekti-loodab-riik….
- 7The Consumer Protection and Technical Regulatory Authority, “Estonian communication coverage application,” accessed September 29, 2020, www.netikaart.ee.
- 8“Eesti turvalised õrgud,” Public Wi-Fi Hotspot database in Estonia, accessed October 2016, https://web.archive.org/web/20161013201941/http://wifi.ee/.
- 9“The Inclusive Internet Index 2020,” The Economist Intelligence Unit, accessed September 29, 2020, https://theinclusiveinternet.eiu.com/explore/countries/EE/performance/i….
- 10“Eesti 5G Teekaart Aastani 2025,” Ministry of Economic Affairs and Communications, March 2019, https://www.mkm.ee/sites/default/files/eesti_5g_teekaart.pdf.
- 11“Estonia revises 5G sale to include fourth licence,” TeleGeoegraphy, June 4, 2020, https://www.commsupdate.com/articles/2020/06/04/estonia-revises-5g-sale….
- 12“Worldwide Speed League Index,” Cable.co.uk, accessed September 29, 2020, https://www.cable.co.uk/broadband/speed/worldwide-speed-league/.
- 13“Speedtest Global Index,” Speedtest, accessed June 23, 2020, https://web.archive.org/web/20200623054005/https://www.speedtest.net/gl….
|Is access to the internet prohibitively expensive or beyond the reach of certain segments of the population for geographical, social, or other reasons?||3.003 3.003|
There are no significant digital divides in the country. As a result, nearly all Estonians could avail themselves of distance learning, virtual court procedures, and other digital public services offered during the COVID-19 pandemic. According to DESI, Estonia has one of the highest shares (93 percent) of e-government users in Europe.1
In general, internet connections are affordable. The 2020 Inclusive Internet Index ranks Estonia 34th in terms of affordability of prices for connections.2 A variety of packages offering internet connections are available at low prices, while very high-speed connections are available at somewhat higher prices. In 2019, the International Telecommunication Union (ITU) put the cost of monthly fixed-line broadband subscription at 1.08 percent of gross national income (GNI) per capita, while 1.5 GB of mobile data cost 0.81 percent of GNI per capita.3 Meanwhile, per the 2020 Inclusive Internet Index, monthly entry-level fixed-line broadband subscriptions cost 1 percent of GNI per capita, while a mobile internet plan offering 1 GB of data per month also cost 1 percent of GNI per capita.4 (According to the World Bank, in 2019, Estonia’s GNI per capita was $23,200.5 ) The EU’s 2017 abolition of roaming charges has helped lower the cost of internet services.
According to DESI, prices for fixed-line and mobile broadband plans in Estonia are below the EU average.6 However, the pricing policies of the leading service provider Telia have been criticized in the media. Telia offers connections that exceed 100 Mbps, but at much higher prices than in neighboring countries where the company also operates.7 This has resulted in lower take-up of very high-speed fixed-line broadband services. Even though very high-capacity networks cover 57 percent of households, only 14 percent of households have very high-speed connections, which is below the EU average.8
There is no significant urban-rural digital divide. According to Statistics Estonia, 90.8 percent of households in urban areas had internet connections in 2019, while 89.6 percent of those in rural areas did.9
Marginally more men (90.6 percent) than women (89.9 percent) use the internet as of 2019.10 There is a larger gap in usage in terms of age: 99.5 percent of 16-to-24-year-olds use the internet, while just 59.9 percent of 65-74-year-olds do, per 2019 figures.11
- 1European Commission, “Digital Economy and Society Index 2020: Estonia.”
- 2“The Inclusive Internet Index 2020: Estonia,” The Economist Intelligence Unit.
- 3International Telecommunications Union, “ICT Price Baskets (IPB),” accessed September 29, 2020, https://www.itu.int/net4/ITU-D/ipb/.
- 4“The Inclusive Internet Index 2020: Estonia,” Fixed-line monthly broadband cost, The Economist Intelligence Unit; “The Inclusive Internet Index 2020: Estonia,” Mobile phone cost (prepaid tariff), The Economist Intelligence Unit.
- 5“Data: Estonia,” The World Bank, accessed September 29, 2020, https://data.worldbank.org/country/estonia.
- 6European Commission, “Digital Economy and Society Index 2020: Estonia.”
- 7Mikka Salu, “Telia Eesti imeline internet: kuus korda aeglasem, aga see-eest poole kallim” [Telia Estonia’s wonderful internet: six times slower, but half as expensive], Eesti Ekspress, May 27, 2020, https://ekspress.delfi.ee/kuum/telia-eesti-imeline-internet-kuus-korda-….
- 8European Commission, “Digital Economy and Society Index 2020: Estonia.”
- 9Statistics Estonia, “IT20: Arvuti ja koduse internetiühendusega leibkonnad tüübi ja elukoha järgii” [IT20: Households with computer and home internet connection by type and place of residence], New statistical database, accessed September 29, 2020, http://andmebaas.stat.ee/Index.aspx?lang=et&DataSetCode=IT20.
- 10Statistics Estonia, “IT20: Arvuti ja koduse internetiühendusega leibkonnad tüübi ja elukoha järgii” [IT20: Households with computer and home internet connection by type and place of residence].
- 11Statistics Estonia, “IT20: Arvuti ja koduse internetiühendusega leibkonnad tüübi ja elukoha järgii” [IT20: Households with computer and home internet connection by type and place of residence].
|Does the government exercise technical or legal control over internet infrastructure for the purposes of restricting connectivity?||6.006 6.006|
The government does not exercise technical or legal control over the domestic internet, although the Cybersecurity Act,1 which implemented the EU’s Network and Information System Directive,2 gives it limited powers to restrict the use of or access to information systems in the event of a cybersecurity incident. As an exceptional and temporary measure, the government can also restrict internet connections in “emergency situations”3 and “states of emergency,”4 though this would not necessarily entail a total shutdown of internet connections. There were no government-imposed restrictions on or disruptions to connectivity this coverage period.
- 1Riigi Teataja, “Cybersecurity Act,” May 9, 2018, https://www.riigiteataja.ee/en/eli/523052018003/consolide.
- 2“Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union,” European Union Law, 1–30, July 19, 2016, https://eur-lex.europa.eu/eli/dir/2016/1148/oj.
- 3Riigi Teataja, “Emergency Act,” February 8, 2017, https://www.riigiteataja.ee/en/eli/ee/513062017001/consolide.
- 4Riigi Teataja, “State of Emergency Act,” accessed September 29, 2020, https://www.riigiteataja.ee/en/eli/ee/530122013002/consolide.
|Are there legal, regulatory, or economic obstacles that restrict the diversity of service providers?||6.006 6.006|
There are no undue legal, regulatory, or economic restrictions on Estonia’s ICT market. The Electronic Communications Act aims to develop and promote a free market and fair competition in telecommunications services.1 Information society services, meaning economic or professional activities involving the processing, storage, or transmission of information by electronic means upon a recipient’s request, are regulated by the Information Society Services Act.2
There are over 200 operators offering telecommunications services, including six mobile service providers and numerous internet service providers (ISPs). The ICT market is relatively diverse with no significantly dominant companies. Sweden’s Telia is the leading fixed-broadband and mobile service provider, controlling 49 percent of the mobile market and 52 percent of the fixed-line broadband market according to the company’s 2019 annual report.3
Legally, service providers are required to register with the TTJA. There is a registration fee depending on the service provided; the amount is regulated by the State Fees Act.4 Companies use the Ministry of Economic Affairs and Communications’ Register of Economic Activities for this purpose.5
The distribution of radio frequencies for 5G mobile services in Estonia was delayed at the end of the coverage period, after the government’s initial plan to auction off three usage permits was challenged in court by Levikom, a potential bidder. Levikom argued that offering just three permits would hamper competition and prevent small ICT companies such as itself from entering the 5G mobile market. However, Levikom was reportedly in arrears over tax payments, meaning it could have been barred from participating in the auction.6 In June 2020, after the coverage period, foreign trade and information minister Raul Siem decided to auction four usage permits.7
- 1Riigi Teataja, “Electronic Communications Act,” December 12, 2004, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/521082017008/consol….
- 2Riigi Teataja, “Information Society Services Act,” April 14, 2004, https://www.riigiteataja.ee/en/eli/504112013008/consolide.
- 3Telia Company, “Bringing the World Closer: Annual And Sustainability Report 2019,” https://www.teliacompany.com/globalassets/telia-company/documents/repor….
- 4Riigi Teataja, “State Fees Act,” December 10, 2014, https://www.riigiteataja.ee/en/eli/507012020005/consolide.
- 5“Register of Economic Activities is renewed,” Ministry of Economic Affairs and Communications, https://www.mkm.ee/en/register-economic-activities-renewed
- 6“Legal battle still holding up Estonian 5G auction,” TeleGeography, January 23, 2020, https://www.commsupdate.com/articles/2020/01/23/legal-battle-still-hold….
- 7Ministry of Economic Affairs and Communications, “Väliskaubandus- ja IT-minister muudab 3,6 GHz sagedukonkursi määrust” [The Minister of Foreign Trade and IT is amending the 3.6 GHz frequency competition regulation], June 3, 2020, https://www.mkm.ee/et/uudised/valiskaubandus-ja-it-minister-muudab-36-g….
|Do national regulatory bodies that oversee service providers and digital technology fail to operate in a free, fair, and independent manner?||4.004 4.004|
The main regulatory bodies for the Estonian ICT sector are the TTJA and the State Information System Authority (RIA). Both operate under the Ministry of Economic Affairs and Communications. The TTJA monitors the fixed-line and mobile broadband markets,1 ensuring compliance with EU Regulation 2015/2120,2 which outlines open-internet access requirements and user rights relating to electronic communications networks and services. Meanwhile, the RIA manages state ICT resources.3 Both have a reputation for professionalism and independence. There were no reported cases of undue interference in the ICT sector or abuse of power by these bodies during the coverage period.
The Estonian Internet Foundation manages Estonia’s top-level domain (.ee).4 The organization represents a broad group of stakeholders in the Estonian internet community and addresses various internet governance issues.
- 1The Consumer Protection and Regulation Authority, “Ameti tutvustus” [Introduction to the Agency], January 1, 2019, https://www.ttja.ee/et/amet-kontaktid/ameti-tutvustus.
- 2“Regulation (EU) 2015/2120 of the European Parliament and of the Council of 25 November 2015,” European Union Law, November 26, 2015, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32015R2120.
- 3Information System Authority, “Introduction and structure,” accessed September 30, 2020, https://www.ria.ee/en/information-system-authority/introduction-and-str….
- 4Estonian Internet Foundation, “Public portal,” accessed September 30, 2020, http://www.internet.ee/en/.
Estonians have access to a wide range of content online, and very few resources are blocked or filtered by the government. Sputnik, an online news outlet sponsored by the Russian government, suspended its operations in Estonia during the coverage period after the Estonian government threatened to prosecute its local employees for violating EU sanctions.
|Does the state block or filter, or compel service providers to block or filter, internet content?||5.005 6.006|
There are very few blocked websites in Estonia, and political, social, and cultural content is freely available to users.
The primary restriction on internet content remains a ban of online illegal gambling websites (see B3). As of June 2020, the Tax and Customs Board (MTA) had more than 1,500 URLs on its list of illegal online gambling sites that Estonian ISPs are required to block.1
- 1Tax and Customs Board, “Blokeeritud hasartmängu internetileheküljed” [Blocked gambling internet pages], accessed June 18, 2020, https://www.emta.ee/et/eraklient/maa-soiduk-mets-hasartmang/blokeeritud….
|Do state or nonstate actors employ legal, administrative, or other means to force publishers, content hosts, or digital platforms to delete content?||3.003 4.004|
Online content is sometimes removed, although this is not a widespread issue.
In November 2018, the newspaper Postimees removed a 2017 article from its website in response to a court order.1 The article in question was found to defame businessman Margo Tomingas. The incident drew scrutiny because the court also found the two Postimees journalists who wrote the article personally responsible for defaming Tomingas (see C3).
Comments on news websites and discussion boards are sometimes removed by website administrators. Most popular websites have codes of conduct for the responsible and ethical use of their services and enforcement policies that allow certain content to be taken down.
According to its latest transparency report, Facebook reported removing four items between July and December 2019 “in response to private reports of defamation.”2 Facebook did not report any government requests to remove content. During the same period, Google did not receive any takedown requests from the government.3 During this period, Twitter received one legal demand to remove one account, but did not specify whether the demand came from the government or a private actor in Estonia.4 Twitter did not accede to the demand.
Russian social media platforms Odnoklassniki and VKontakte are also popular in Estonia, but their parent companies do not release data about content removal requests.
- 1Merilin Pärli, “Pretsedent loodud: kohus pani artiklite eest vastutama ka ajakirjanikud” [Precedent set: the court also held journalists responsible for the articles], ERR News, November 7, 2019, https://www.err.ee/1000781/pretsedent-loodud-kohus-pani-artiklite-eest-….
- 2“Transparency Report: Estonia,” Transparency Report, Facebook, accessed September 30, 2020, https://transparency.facebook.com/content-restrictions/country/EE.
- 3“Government requests to remove content: Estonia,” Transparency Report, Google, accessed September 30, 2020, https://transparencyreport.google.com/government-removals/by-country/EE.
- 4“Transparency: Estonia,” Transparency Report, Twitter, accessed September 30, 2020, https://transparency.twitter.com/en/reports/countries/ee.html.
|Do restrictions on the internet and digital content lack transparency, proportionality to the stated aims, or an independent appeals process?||4.004 4.004|
Restrictions on online content are transparent and grounded in the law. The Gambling Act, one of the few laws that imposes restrictions, requires domestic and foreign gambling websites to obtain a special license.1 Unlicensed websites are subject to blocking by the MTA (see B1). The MTA’s list of blocked websites is transparent and available to the public.
Under the Information Society Service Act and pursuant to the EU’s E-Commerce Directive, service providers are generally not liable for illegal content transmitted by users.2
However, in 2015, the European Court of Human Rights (ECtHR) upheld a controversial 2009 Estonian Supreme Court decision in the case of Delfi v. Estonia, which established intermediary liability for third-party defamatory comments on news sites.3 The ECtHR confirmed that holding intermediaries responsible for third-party content published on their website or forum is not against Article 10 of the European Convention on Human Rights (ECHR) guaranteeing freedom of expression.
The EU Directive on Copyright in the Digital Single Market,4 which was approved in April 2019, must be incorporated into Estonian law by June 2021. Despite opposing the directive at the European Council,5 the government is bound by this obligation. The directive, among other things, establishes ancillary copyright for digital publishers and makes “online content sharing service providers” partially liable for copyright violations on their platforms.6 Similarly, the EU Audio-Visual Media Services Directive (AVMSD),7 which was approved in November 2018, must be transposed into Estonian law by September 2020. Among other things, the AVMSD requires “video-sharing platform services” such as YouTube to take “appropriate measures” to “protect” minors from content that “which may impair their physical, mental or moral development” and the general public from content involving child sexual abuse, racism, or xenophobia as well as content inciting hatred, terrorism, or violence.8
- 1Riigi Teataja, “Gambling Act,” October 15, 2008, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/507122016002/consol…
- 2Swiss Institute of Comparative Law, “Comparative Study on Blocking, Filtering and Take-Down of Illegal Internet Content,” December 20, 2015, https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?d….
- 3Columbia University: Global Freedom of Expression, “Delfi AS v. Estonia,” accessed September 30, 2020, https://globalfreedomofexpression.columbia.edu/cases/delfi-as-v-estonia/.
- 4“Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019,” European Union Law, May 17, 2019, https://eur-lex.europa.eu/eli/dir/2019/790/oj.
- 5Dario Cavegn, “Estonia not supporting EU copyright directive in Monday EU council vote,” ERR News, April 15, 2019 https://news.err.ee/930334/estonia-not-supporting-eu-copyright-directiv….
- 6“Directive (EU) 2019/790 of the European Parliament and of the Council of 17 April 2019,” European Union Law.
- 7“Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018,” European Union Law, November 28, 2018, https://eur-lex.europa.eu/eli/dir/2018/1808/oj.
- 8“Directive (EU) 2018/1808 of the European Parliament and of the Council of 14 November 2018,” European Union Law.
|Do online journalists, commentators, and ordinary users practice self-censorship?||4.004 4.004|
In general, self-censorship is not prevalent, and online debates are active and open.
One party in Estonia’s governing coalition, the far-right Estonian Conservative People’s Party (EKRE), has rhetorically targeted critical journalists,1 going so far as to threaten to slash funding for public broadcaster Estonian Public Broadcasting (ERR) for its perceived bias (see B5).
In late 2019, several journalists from Estonia’s largest daily newspaper, Postimees, resigned after repeated requests from their editors to soften the tone of their political reporting. This incident led to tensions between the staff and the newspaper’s leadership, culminating in an ultimatum issued by 19 journalists demanding the resignation of editor-in-chief Peeter Helme. Helme, the nephew of EKRE leader Mart Helme, was accused of pressuring journalists to refrain from publishing opinions that were, in his view, not aligned with the newspaper. He stepped down in November 2019.2 However, in December 2019 and January 2020, a number of journalists left Postimees after a senior staffer was dismissed over “differences about implementation of the newspaper’s vision.”3
- 1Reporters Without Borders, “Estonia,” accessed September 30, 2020, https://rsf.org/en/estonia.
- 2Sten Hankewitz and Silver Tambur, “Journalists force Estonia’s largest daily’s editor-in-chief to leave over censorship concerns,” Estonian World, November 1, 2019, https://estonianworld.com/security/journalists-force-estonias-largest-d….
- 3“Does crisis at leading daily mean end to investigative journalism in Estonia?” Reporters Without Borders, January 13, 2019, https://rsf.org/en/news/does-crisis-leading-daily-mean-end-investigativ….
|Are online sources of information controlled or manipulated by the government or other powerful actors to advance a particular political interest?||3.003 4.004|
Manipulation of the online information landscape was not a significant issue during the coverage period. Two members of the governing coalition, EKRE and the conservative Isamaa party, have accused journalists, including those working for public broadcaster ERR, of bias against conservatives, arguing that the media publishes excessive and unfounded criticism of the government. However, there has been a countervailing reaction to these accusations; many politicians, civil society actors, and ordinary citizens have publicly stood up for democratic values and press freedom.1
Russian information campaigns attempt to manipulate public opinion in Estonia.2 An April 2020 report from the cybersecurity company Recorded Future identified an apparent Kremlin-backed disinformation operation aimed at undermining “the government of Estonia and its relationship with the EU while exploiting the ongoing European migrant crisis,” including by disseminating forged government communiqués.3
Nongovernmental organization (NGO) Reporters Without Borders (RSF) has expressed concern over editorial interference in the operations of Postimees, which also publishes online.4 In November 2019, the newspaper’s editor in chief resigned due to pressure from journalists, who claimed he was inappropriately interfering in their work (see B4).5 Postimees’ owner, Margus Linnamäe, is a member of the Isamaa party, and is said to exercise influence over the newspaper’s reporting. For example, Linnamäe allegedly shaped Postimees’ coverage of proposed reforms of the country’s pharmaceutical market. Linnamäe is the main shareholder of one of the largest pharmacy chains in Estonia.6
- 1Estonian Human Rights Centre, “Media Freedom Crisis in Estonia as Two Journalists Quit,” The Civil Liberties Union of Europe, May 10, 2019, https://www.liberties.eu/en/news/media-freedom-crisis-in-estonia-as-two….
- 2Estonian Internal Security Service (KAPO), “Annual Review 2019/20,” accessed September 30, 2020, https://www.kapo.ee/sites/default/files/public/content_page/Annual%20Re….
- 3“Inent to Infekt: ‘Operation Pinball’ Tactics Reminiscent of ‘Operation Secondary Infektion’,” Recorded Future, April 8, 2020, https://www.recordedfuture.com/operation-pinball-tactics/.
- 4Reporters Without Borders, “Estonia.”
- 5Sten Hankewitz and Silver Tambur, “Journalists force Estonia’s largest daily’s editor-in-chief to leave over censorship concerns.”
- 6Marju Himma, “Analysis: What happened in Postimees and its effect on the media in Estonia,” ERR News, January 3, 2020, https://news.err.ee/1020219/analysis-what-happened-at-postimees-and-its….
|Are there economic or regulatory constraints that negatively affect users’ ability to publish content online?||3.003 3.003|
There are few economic or regulatory barriers to posting content online. News websites do not need to register with the government to operate.1
In January 2020, Sputnik, an online news outlet sponsored by the Russian government that is known to publish propaganda, suspended its physical operations in Estonia, closing its office in Tallinn. The Estonian government warned that the company’s Tallinn-based employees could be prosecuted for violating EU sanctions against Russia (specifically, sanctions against Dmitry Kiselyov, CEO of Rossiya Segodnya, Sputnik's parent company), reasoning that “knowingly working for or providing services to a person under sanctions could be a criminal offence.”2 The Estonian foreign minister stressed that the government had not “taken measures against the portal's media content.”3 However, the Organization for Security and Co-operation in Europe’s (OSCE) Representative on Freedom of the Media urged the government “to refrain from unnecessary limitations on the work of foreign media which can affect the free flow of information.”4 Sputnik’s Estonian-language website was not blocked. However, the news outlet has not posted any stories since January 1, 2020.5
In line with the EU, Estonia supports net neutrality. Providers found to be in violation can be fined up to 9,600 euros ($10,600).6 Estonia has not implemented separate rules on net neutrality and follows the EU’s regulatory framework on open internet access and user rights relating to electronic communications networks and services.7 The TTJA regularly analyzes the ICT market for zero-rating plans that may be in violation or net neutrality, along with other net neutrality violations; in its latest report, it did not identify any violations.8
- 1Halliki Harro-Loit and Urmas Loit, “Estonia,” Centre for Media Pluralism and Freedom, December 2016, http://cmpf.eui.eu/media-pluralism-monitor/mpm-2016-results/estonia/.
- 2“Estonia ‘does not exclude the possibility’ of banning RT,” ERR News, July 8, 2020, https://news.err.ee/1110560/estonia-does-not-exclude-the-possibility-of….
- 3“Sputnik ends operations in Estonia,” ERR News, January 1, 2020, https://news.err.ee/1019231/sputnik-ends-operations-in-estonia.
- 4Harlem Désir (@OSCE_FRoM) on Twitter: “I wrote to #Estonia authorities about measures targeting journalists of Sputnik Estonia following individual sanctions against Mr Kiselev. I encourage authorities to refrain from unnecessary limitations on the work of foreign media which can affect the free flow of information.” December 21, 2019, https://twitter.com/osce_rfom/status/1208372642471759872?lang=en
- 5Elena Cherysheva, “Sputnik Eesti asus tööle erirežiimis. Peatoimetaja avaldus” [Sputnik Estonia started working in a special regime. Statement by the Editor-in-chief], Sputnik Estonia, January 1, 2020, https://sputnik-news.ee/estonian_news/20200101/18894101/Sputnik-Eesti-j….
- 6Ali Al-Awadi, Andreas Czák, Ludger Benedikt Deffaa, Benedikt Gollatz, Cornelia Hoffmann, Thomas Lohninger, and Erwin Ernst Steinhammer, “The Net Neutrality Situation in the EU: Evaluation of the First Two Years of Enforcement,” Epicenter Works, January 29, 2019 https://epicenter.works/sites/default/files/2019_netneutrality_in_eu-ep….
- 7European Commission, “Annual country reports on open internet from national regulators – 2019,” July 5, 2019, https://ec.europa.eu/digital-single-market/en/news/annual-country-repor….
- 8European Commission, “Annual country reports on open internet from national regulators – 2019.”
|Does the online information landscape lack diversity?||4.004 4.004|
A diverse range of content is available online. At the time of writing, the most popular website was Google, followed by YouTube and Facebook. The websites for Delfi, Postimees, and ERR were the country’s 4th, 5th, and 11th most popular sites, respectively.1 Estonians upload and share user-generated content more frequently than the average user in the EU.2
Knowledge of foreign languages among Estonians is high, which facilitates access to diverse content.3 In addition, the 2020 Inclusive Internet Index report ranks Estonia among the world’s most inclusive countries when it comes to the availability of online content in local languages.4
- 1Similar Web, “Top Websites Ranking: Estonia,” August 1, 2020, https://www.similarweb.com/top-websites/estonia.
- 2Eurostat, “Individuals using the internet for uploading self-created content,” accessed September 30, 2020, http://ec.europa.eu/eurostat/tgm/refreshTableAction.do?tab=table&plugin….
- 3“Estonia Ranks High for English Proficiency,” Study In Estonia, November 9, 2015, https://web.archive.org/web/20180411095606/http://www.studyinestonia.ee…
- 4“The Inclusive Internet Index 2020,” Relevance and Local Content, The Economist Intelligence Unit.
|Do conditions impede users’ ability to mobilize, form communities, and campaign, particularly on political and social issues?||6.006 6.006|
Estonians use social media platforms to share news and information, as well as generate public discussion about current political issues. No restrictions on mobilization tools were put in place during the coverage period.
In 2014, the official platform Rahvaalgatus.ee was launched, enabling people to compile petitions, send them to Parliament if they gather at least 1,000 digital signatures, and monitor lawmakers’ responses.1 At the end of May 2020, 125 initiatives have been launched, out of which 64 gathered the necessary support to be sent to Parliament.2
- 1“Sul on mõte, kuidas ühiskonnaelu parandada?” [Do you have any idea how to improve society?], Rahvaalgatus, accessed April 3, 2020 https://rahvaalgatus.ee/.
- 2“Tere tulemast rahvaagatuse koju!” [Welcome to the home of the people’s initiative!], Rahvaalgatus, May 31, 2020, https://web.archive.org/web/20200531041019/https://rahvaalgatus.ee/.
Freedom of expression online is protected by the constitution and by the country’s obligations as an EU member state. However, two journalists were personally held liable for defamation in a novel civil case during the coverage period. Anonymity is unrestricted, as is the use of encryption. The COVID-19 pandemic did not drive an increase in state surveillance.
|Do the constitution or other laws fail to protect rights such as freedom of expression, access to information, and press freedom, including on the internet, and are they enforced by a judiciary that lacks independence?||6.006 6.006|
All citizens have the constitutional rights to freely obtain information and to freely disseminate ideas, beliefs, and facts.1 There are no obstacles to people exercising their right to freedom of expression online.
The judiciary in Estonia is independent, and there have not been any instances of political interference with the judiciary. According to a 2019 survey, 55 percent of Estonians trust the judiciary.2
Protections for journalists, which include the right to the confidentiality of sources, are strong.3
The Ministry of Justice plans to amend the Public Sector Information Act4 by July 2021 in line with the EU’s revised Public Sector Information Directive,5 which governs public access to state data.
- 1“Constitution of the Republic of Estonia,” Republic of Estonia, accessed September 30, 2020, https://www.president.ee/en/republic-of-estonia/the-constitution/.
- 2European Commission, “The 2019 EU Justice Scoreboard,” 2019, https://ec.europa.eu/info/sites/info/files/justice_scoreboard_2019_en.p….
- 3Ieva Azanda, Mogens Blicher Bjerregård, Jüri Estam, Ilze Jaunalksne, Allen-Illimar Putnik, “Of the Rights and Responsibilities of the Journalist,” Re:Baltica and the Centre for Media Studies of the Stockholm School of Economics, 2018, https://www.sseriga.edu/sites/default/files/inline-files/estonian_legal….
- 4Riigi Teataja, “Public Sector Information Act,” November 15, 2000, https://www.riigiteataja.ee/en/eli/ee/514112013001/consolide/current.
- 5“Directive (EU) 2019/1024 of the European Parliament and of the Council of 20 June 2019,” European Union Law, June 26, 2019, https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1561563110433&uri=C….
|Are there laws that assign criminal penalties or civil liability for online activities?||3.003 4.004|
On paper, there are few limits on freedom of expression online. Speech that publicly incites hatred, violence, or discrimination on the basis of nationality, race, color, gender, language, origin, religion, sexual orientation, political opinion, or financial or social status is punishable by a fine of up to 3,200 euros ($3,500) under the penal code.1 Such speech is also punishable by up to three years in prison if it leads to the “death of a person or results in damage to health or other serious consequences.”
Defamation was decriminalized in 2002.2 Civil defamation cases can be brought under the Law of Obligations Act,3 though cases are rare and damages are usually moderate (see C3).4
In October 2017, the Court of Justice of the European Union (CJEU) sought to clarify EU law in a case on internet jurisdiction at the request of the Estonian Supreme Court.5 The ruling considered whether a defamation case can be brought before a court in Estonia if the company affected is based domestically, despite the infringing content being published on a Swedish website. The CJEU clarified that the party affected may sue in the country where its center of interest resides, but noted that it is not possible to bring cases in any country where the online information is accessible.6
- 1Riigi Teataja, “Penal Code,” Article 151, June 6, 2001, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/519012017002/consol….
- 2The amended penal code was adopted in 2001 and entered into force in 2002.
- 3Riigi Teataja, “Law of Obligations Act,” September 26, 2001, https://www.riigiteataja.ee/en/eli/524012017002/consolide.
- 4Cases from the Estonian Supreme Court are available here: http://www.nc.ee/?id=194.
- 5“Regulation (EU) No 1215/2012 of the European Parliament and of the Council of 12 December 2012,” European Union Law, December 12, 2012, https://eur-lex.europa.eu/legal-content/en/ALL/?uri=CELEX%3A32012R1215.
- 6“Judgement of the Court 17 October 2017 in Case C-194/16 Bolagsupplysningen OÜ and Ingrid Ilsjan v. Svensk Bolagsuppkysning AB,” InfoCuria Case-law, October 17, 2017, http://curia.europa.eu/juris/liste.jsf?num=C-194/16.
|Are individuals penalized for online activities?||6.006 6.006|
There were no criminal prosecutions or detentions for online activities during the coverage period.1
In November 2018, a court in Tallinn held Postimees and two of its reporters liable for a defamatory story about businessman Margo Tomingas (see B2). The two reporters were each ordered to pay 500 euros ($566) in damages, while Postimees was ordered to pay a further 3,000 euros ($3,400). The defendants also had to cover Tomingas’s legal costs. The verdict was upheld in November 2019.2 The case made headlines because the two reporters were held personally liable. However, the Postimees legal team declined to appeal the decision because, in its view, no precedent had been set in this regard.3 Nevertheless, the state Data Protection Inspectorate (AKI), commenting on the case, reminded “all authors operating in the public sphere,” including social media users, to abide by journalistic principles “when publishing current, social or other public interest texts.”4
- 1Ministry of Justice, “Kuritegevuse Ulevaade” [Crime Overview], Microsoft Excel Sheet, 2020, https://www.kriminaalpoliitika.ee/kuritegevuse-statistika/uploads/kurit….
- 2“Circuit court upholds ruling making journalists responsible in false claims,” ERR News, November 7, 2019, https://news.err.ee/1000813/circuit-court-upholds-ruling-making-journal….
- 3“Postimees to pay former journalists’ court-ordered libel damages,” ERR News, November 8, 2019, https://news.err.ee/1000987/postimees-to-pay-former-journalists-court-o….
- 4“Kohtuotsus sõnavabaduse vastutusest” [Judgment on liability for freedom of expression], Data Protection Inspectorate, November 19, 2019, https://www.aki.ee/et/uudised/kohtuotsus-sonavabaduse-vastutusest.
|Does the government place restrictions on anonymous communication or encryption?||4.004 4.004|
There are no governmental restrictions on anonymous communication or encryption. There are no SIM card registration requirements.1
Some major news sites have limited anonymous commenting on their articles in reaction to the establishment of intermediary liability for third-party defamatory comments on internet news portals (see B3).
- 1Privacy International, “Timeline of SIM Card Registration Laws,” June 11, 2019, https://privacyinternational.org/long-read/3018/timeline-sim-card-regis….
|Does state surveillance of internet activities infringe on users’ right to privacy?||6.006 6.006|
Government surveillance is not intrusive, and the constitution guarantees the right to the confidentiality of messages sent or received.1
Parliament’s Security Authorities Surveillance Select Committee oversees surveillance and security agencies. The committee monitors the activities of these bodies to ensure conformity with the constitution, the Security Authorities Act,2 and other regulations, which include necessity and proportionality requirements.
The prosecutor's office monitors surveillance activities and reports regularly to the parliamentary select committee. In its annual report for 2019, the prosecutor’s office disclosed that it had granted law enforcement bodies permission to surveil 1,003 times, while the courts had done so 726 times. Surveillance was mainly used in cases concerning organized crime and crimes relating to drugs and taxes.3 While the overall use of surveillance remained stable in 2019, the number of permits for “covert review of possessions” increased by 164 percent and “covert collection of reference materials” increased by 116 percent compared to 2018.4
In her 2018–19 annual report, the Chancellor of Justice, the state ombudsperson, noted that it reviewed 28 surveillance files, finding that “all had a clearly defined purpose” and that “no surveillance measures carried out without authorisation by a preliminary investigation judge or prosecutor.”5
In response to the COVID-19 pandemic, the government did not release a contact-tracing application until after the coverage period, in August 2020. The app, HOIA, is voluntary. It anonymously logs users’ proximity to other users via Bluetooth technology and alerts them when they have been in contact with an individual who has tested positive for COVID-19.6
In February 2019, Parliament voted to amend the Defence Forces Organisation Act to allow the military to access private data and surveil citizens under certain emergency circumstances.7 However, President Kersti Kaljulaid rejected the measure in March 2019, arguing that it violated basic rights. Parliament passed the amendment again, and Kaljulaid again vetoed it.8 The Supreme Court declared the amendment unconstitutional in December 2019, on the grounds that it would allow individuals to be monitored by the Defence Forces without their knowledge.9
- 1“Constitution of the Republic of Estonia,” Republic of Estonia.
- 2Riigi Teataja, “Security Authorities Act,” December 20, 2000, https://www.riigiteataja.ee/en/eli/522032019003/consolide.
- 3Dilaila Nahkuh-Tammiksaar, Taavi Pern, Helina Uku, “Prokuratuuri Tegevus 2019. Aastal” [Activities of the Prosecutor’s Office 2019], 2020, https://aastaraamat.prokuratuur.ee/sites/default/files/inline-files/Pro….
- 4Dilaila Nahkuh-Tammiksaar, Taavi Pern, Helina Uku, “Prokuratuuri Tegevus 2019. Aastal” [Activities of the Prosecutor’s Office 2019], 2020, https://aastaraamat.prokuratuur.ee/sites/default/files/inline-files/Pro….
- 5Chancellor of Justice, “Chancellor’s Year in Review 2018/2019: Supervision of Surveillance Activities,” 2019, https://www.oiguskantsler.ee/annual-report-2019/supervision-of-surveill….
- 6“HOIA,” Health and Welfare Information Systems Centre, https://hoia.me/en/#questions-and-answers
- 7Dario Cavegn, “Riigikogu backs extension of military surveillance capabilities,” ERR News, May 29, 2019 https://news.err.ee/946931/riigikogu-backs-extension-of-military-survei….
- 8Dario Cavegn, “Supreme Court to decide on military surveillance expansion this fall,” ERR News, June 19, 2019 https://news.err.ee/953694/supreme-court-to-decide-on-military-surveill….
- 9Supreme Court of Estonia, “Riigikohus rahuldas Vabariigi Presidendi taotluse tunnistada Kaitseväe korralduse seaduse muutmise seadus põhiseadusvastaseks” [The Supreme Court approved the petition of the President of the Republic to declare the Defense Forces Organization Act Amendment unconstitutional], December 19, 2019, https://www.riigikohus.ee/et/uudiste-arhiiv/riigikohus-rahuldas-vabarii….
|Are service providers and other technology companies required to aid the government in monitoring the communications of their users?||4.004 6.006|
Estonia has strong laws protecting citizens’ personal information, although service providers are mandated to retain user data. The General Data Protection Regulation (GDPR), which came into force in all EU member states in May 2018,1 puts limits on how interested parties can use and store Estonians’ data.
Additionally, the Personal Data Protection Act (PDPA) was amended in 2018 and entered into force in January 2019.2 The law contains the provisions left by the GDPR to EU member states' legislation, which includes certain exceptions like those identifying instances when the media can use personal data if it is in the public interest. Laws regulating databases and data collection by public and private registries were also updated in the course of this process.
The AKI is the supervisory authority for the PDPA.3 In addition, the Chancellor of Justice can make suggestions regarding data protection.
Service providers are required to collect and retain a substantial amount of metadata. These requirements were established under the Electronic Communications Act, which aligned with EU legislation. They were cast into doubt by the CJEU in April 2014, when the court found the European Data Retention Directive (2006/24/EC) to be invalid.4
Article 111 of the Electronic Communications Act outlines various restrictions on how this data can be stored and used.5 Data shall be kept for one year, unless there are special circumstances determined by the government that justify keeping it longer, such as maintaining public order and national safety. Article 112 regulates how requests by law enforcement authorities or other agencies can be made in relevant situations, such as criminal investigations, as provided by law. Judicial approval is not always required. These requests for data are kept by the requesting agency for two years. Article 112 also stipulates that operators shall inform the TTJA of requests made and measures undertaken. The Electronic Communications Act has been criticized for allowing requests for metadata in too many situations. While Estonia’s Chancellor of Justice has found that the system does not contradict constitutional guarantees, the office has questioned the proportionality of the law.6 Pursuant to the Electronic Communications Act, the Cybersecurity Act also requires companies to monitor communications, mainly to ensure the security of their own systems; companies are required to inform the RIA of “actions or software compromising the security of the system.”7
In its 2018–19 annual report, the Chancellor of Justice observed that the majority of user data requested by the government in 2017 and 2018 under the Electronic Communications Act was “used in criminal proceedings and in collecting information under the Security Agencies [Authorities] Act,” referring to intelligence and law enforcement agencies.8 The Chancellor of Justice’s office randomly reviewed requests from the Police and Border Guard Board, and the MTA, and found that all the requests “had been justified, had been made with the person’s prior consent and with authorisation from the head of the institution or the prosecutor’s office.” Notably, user data was requested in 26 civil proceedings between 2017 and 2018, primarily to identify the authors of anonymous comments in order to lodge defamation claims.
In November 2018, Estonia’s Supreme Court made a referral for a preliminary ruling to the CJEU to find out whether EU law, such as the Charter of Fundamental Rights, prevents the state from using people’s metadata in the course of investigations into crimes other than serious crimes. The Supreme Court asked for clarification on whether this level of data access is justified and proportional, and whether the process should include judicial review.9 The case is still pending.
During the state of emergency declared amid the COVID-19 pandemic, the government asked Statistics Estonia to aggregate anonymized geolocation data from users to inform the state’s response to the virus. According to Statistics Estonia’s director general, the office worked with telecommunications companies to collate this data. The director general noted that companies were not required to collate the data, and that users’ privacy was protected according to data protection rules. The director general stated that the data collection effort was approved by the Data Protection Inspectorate and the Ministry of Justice.10
- 1Riigi Teataja, “Isikuandmete katise saedus” [Personal Data Protection Act], December 12, 2018, https://www.riigiteataja.ee/akt/104012019011.
- 2Publications Office of the European Union, “Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016,” April 27, 2016, https://publications.europa.eu/en/publication-detail/-/publication/3e48…
- 3Republic of Estonia: Data Protection Inspectorate, “1 year GDPR – taking stock,” accessed September 30, 2020, https://www.aki.ee/en.
- 4European Court of Justice, “Digital Rights Ireland Ltd (C-293/12) and Kärntner Landesregierung (C-594/12),” InfoCuria Case-law, April 8, 2014, http://curia.europa.eu/juris/document/document.jsf?docid=150642&doclang….
- 5Riigi Teataja, “Electronic Communications Act,” December 8, 2004, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/521052020003/consol….
- 6Chancellor of Justice, “Elektroonilise side seaduse § 1111 alusel sideandmete töötlemise põhiseaduspärasus” [Constitutionality of processing of communications data under § 1111 of the Electronic Communications Act], April 22, 2016, https://www.oiguskantsler.ee/sites/default/files/field_document2/elektr….
- 7Riigi Teataja, “Cybersecurity Act,” May 9, 2018, https://www.riigiteataja.ee/en/eli/523052018003/consolide.
- 8Chancellor of Justice, “Chancellor’s Year in Review 2018/2019: Protection of Privacy,” https://www.oiguskantsler.ee/annual-report-2019/protection-of-privacy#i4.
- 9Riigikohus, “Kohtuasja number I-16-6179” [Case number I-16-6179], November 12, 2018, https://www.riigikohus.ee/et/lahendid?asjaNr=1-16-6179/85.
- 10“Statistics Estonia’s planned mobility analysis will not be based on real-time data,” Statistics Estonia, March 26, 2020 https://www.stat.ee/en/uudised/news-release-2020-039.
|Are individuals subject to extralegal intimidation or physical violence by state authorities or any other actor in retribution for their online activities?||5.005 5.005|
There have been no registered physical attacks against users or online journalists, though online discussions are sometimes inflammatory. Both critics and supporters of EKRE have faced online harassment, including threats of violence, for their views.1 Online harassment can be reported to the social media administrators or to the police, which has a designated web patrol unit with a presence on Facebook.2
- 1Shaun Walker, “Racism, sexism, Nazi economics: Estonia's far right in power,” Guardian, May 21, 2019, https://www.theguardian.com/world/2019/may/21/racism-sexism-nazi-econom…; “Police: We take threats very seriously,” ERR News, 21 November 2019, https://news.err.ee/1005278/police-we-take-threats-very-seriously.
- 2Council of Europe, “Reporting in Estonia: National reporting procedures for cyberbullying, hate speech and hate crime,” accessed September 30, 2020, https://rm.coe.int/estonia-nationalreporting-en/pdf/16808a36c3
|Are websites, governmental and private entities, service providers, or individual users subject to widespread hacking and other forms of cyberattack?||3.003 3.003|
According to the ITU’s 2018 Global Cybersecurity Index, Estonia ranks fifth in the world and fourth in Europe in regards to its commitment to ensuring cybersecurity.1 In 2018, the government allocated additional funds to advancing the country’s online security and adopted a new Cyber Security Strategy for 2019–22.2 However, the volume of cybercrime increased significantly in 2019, reaching 965 recorded cases. The most typical crime was hijacking a victim's online account. Distributed denial-of-service (DDoS) attacks and other such acts accounted for five percent of all cybercrime.3
Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defense League.4 With more than 150 experts participating, the league has simulated different security threat scenarios in defense exercises, with the aim of improving the technical resilience of telecommunication networks and other critical infrastructure.5
As an additional measure to ensure the security of public electronic data, Estonia has established the first of several planned “data embassies.” The first embassy, based in Luxembourg, stores public data and information systems critical to the functioning of the state, including its state gazette, land registry, and business register, in the cloud, enabling the Estonian state to function in the event of a cyberattack or other political crisis within the country. The bilateral agreement between the two governments to establish the embassy was signed in June 2017 and it was ratified by both parliaments. The embassy was opened in 2019. The data embassy is granted the same privileges bestowed upon traditional embassies.6
The Estonian e-governance infrastructure suffered one of its first major challenges in 2017, when a chip malfunction that could lead to potential security breaches was discovered in government-issued ID cards.7 In response, the government recalled security certificates for more than 760,000 ID cards, which made their electronic use impossible until the certificates were renewed. The issue was apparently discovered before any data was compromised. Despite delays in fixing the issue, the certificates were renewed, and the incident has not significantly affected the public’s trust in e-governance. 8
Parliament adopted a new cybersecurity law in May 2018. The law implements EU Directive 2016/1148 on measures for a high common level of security of network and information systems.9 It includes requirements to have a computer security incident response team (CSIRT) and a competent national network and information security (NIS) authority (which Estonia previously had), and strengthens cooperation among EU member states. Businesses identified as operators of essential services are required to take appropriate security measures and to notify serious incidents to the relevant national authority. The supervisory authority under Estonian Cybersecurity Act is the RIA.10
The North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Center of Excellence is located in Tallinn. Since its founding, the center has supported awareness campaigns and academic research, and hosted several high-profile conferences, among other activities. The center organizes an annual International Conference on Cyber Conflict, or CyCon, bringing together international experts from governments, the private sector, and academia, with the goal of ensuring the development of a free and secure internet.
- 1International Telecommunications Union, “Global Cybersecurity Index 2018,” accessed on April 7, 2019, https://web.archive.org/web/20190407211525/https://www.itu.int/en/ITU-D….
- 2National Information System Authority, “Küberturvalisus 2019” [Cybersecurity 2019], 2019, https://www.ria.ee/sites/default/files/content-editors/kuberturve/kuber….
- 3“Statistics: Number of reported crimes did not increase in 2019,” ERR News, February 17, 2020 https://news.err.ee/1036235/statistics-number-of-reported-crimes-did-no….
- 4Ministry of Economic Affairs and Communication, “Cyber Security Strategy 2014-2017,” 2013, https://www.mkm.ee/sites/default/files/cyber_security_strategy_2014-201….
- 5“Estonian Defense League’s Cyber Unit,” Kaitseliit (Estonian Defense League), accessed September 30, 2020, http://www.kaitseliit.ee/en/cyber-unit.
- 6Riigikogu, “Majanduskomisjon toetab andmesaatkonna rajamist Luksemburgi” [The Committee of Economic Affairs supports the establishment of a data embassy in Luxembourg], February 13, 2018, https://www.riigikogu.ee/pressiteated/majanduskomisjon-et-et/majandusko….
- 7“ID-kaardi turvariski ja uuendamise taustinfo” [Background information on ID card security risk and renewal], ID.ee, October 25, 2017, https://web.archive.org/web/20171109075059/http://www.id.ee:80/index.ph….
- 8“ID-kaardi turvariski ja uuendamise taustinfo” [Background information on ID card security risk and renewal], ID.ee.
- 9Riigikogu, “Küberturvalisuse seadus 597 SE” [Cybersecurity Act 597 SE], May 9, 2018, https://www.riigikogu.ee/tegevus/eelnoud/eelnou/61815f7a-1025-4aea-9b0e….
- 10“The Directive on security of network and information systems (NIS Directive),” European Commission, July 15, 2019 https://ec.europa.eu/digital-single-market/en/network-and-information-s….
See all data, scores & information on this country or territory.See More
Global Freedom Score94 100 free
Internet Freedom Score93 100 free
Freedom in the World StatusFree