Freedom on the Net

Estonia

Freedom on the Net 2015
Status: 
Free
Total Score: 
7
(0 = Best, 100 = Worst)
Obstacles to Access: 
1
(0 = Best, 25 = Worst)
Limits on Content: 
3
(0 = Best, 35 = Worst)
Violations of User Rights: 
3
(0 = Best, 40 = Worst)

Quick Facts

Population: 1.3 million
Internet Penetration: 84 percent
Social Media/ICT Apps Blocked: No
Political/Social Content Blocked: No
Bloggers/ICT Users Arrested: No
Press Freedom Status: Free
Key Developments: 

June 2014 - May 2015 

  • Estonia continues to be one of the most wired countries in the world, with increasing internet access and online participation among citizens (see Availability and Ease of Access).
  • In June 2015, the European Court of Human Rights upheld an Estonian Supreme Court decision from 2009 stating that content hosts may be held legally liable for third-party comments made on their website (see Content Removal).
  • Estonia continues to improve protections for the right to privacy, with the Ombudsman playing an increasingly active role in supporting privacy rights related to digital data and communications (see Surveillance, Privacy, and Anonymity).
Introduction: 

Estonia in one of the most wired and technologically advanced countries in the world. With a high internet penetration rate, widespread e-commerce, and e-government services embedded into the daily lives of individuals and organizations, Estonia has become a model for free and open internet access as a development engine for society. When the country regained independence in 1991 after nearly 50 years of Soviet rule, its infrastructure was in a disastrous condition. The country’s new leadership, however, perceived the expansion of information and communication technologies (ICTs) as a key to sustained economic growth and invested heavily in their development.

After the first internet connections in the country were introduced in 1992 at academic facilities in Tallinn and Tartu, the government further worked with private and academic entities to initiate a program in 1996 called Tiger Leap, which aimed to establish computers and internet connections in all Estonian schools by 2000. This program helped to build a general level of technological competence and awareness of ICTs among Estonians. Today, with a high level of computer literacy and connectivity already established, the program’s focus has shifted from basic concerns such as access, quality, and cost of internet services to discussions about security, anonymity, the protection of private information, and citizens’ rights on the internet. In addition, the majority of users conduct business and e-government transactions over the internet: in 2013, nearly 97 percent of banking transactions were done with e-banking services, and 95 percent of people declared their income electronically.[1]

With regard to ensuring freedom of expression, recent court rulings on intermediary liability in Estonia have posed some concerns. On June 16, 2015, the Grand Chamber of the European Court of Human Rights issued a ruling that reaffirmed an earlier Estonian Supreme Court decision regarding the legal liability of content hosts for third-party comments. The Grand Chamber of the ECtHR found that a company’s legal liability for comments posted by its users did not sufficiently interfere with the freedom of expression guarantees enshrined in the European Convention on Human Rights; therefore, intermediaries could be held responsible for third-party content published on their website or forum, even if they delete the content upon notification.[2]

Additionally, over the past year, the issue of privacy for individual users on the internet became a widely debated topic in Estonia, with a particular focus on the privacy policies of global service providers. The Digital Agenda 2020 for Estonia, established by the Ministry of Economic Affairs and Communications, outlines how both technological and organizational conditions will be developed to ensure that people will always know and be able to decide when, by whom, and for what purpose their personal data is being used in the public sector.[3] The same agenda also launched an “e-residency” program to offer its secure and convenient online services to the citizens of other countries. Services include digital authentication, digital signage of documents, encryption and transmission of the documents and other electronic communication, and access to all Estonian public and private sector online services.[4]

 

Obstacles to Access: 

Estonia continues to be one of the most connected countries in the world with regard to internet access, and Estonian internet users face very few obstacles when it comes to accessing the internet.

Availability and Ease of Access

The number of internet and mobile telephone users in Estonia has grown rapidly in the past 20 years. According to statistics from the International Telecommunication Union (ITU), internet penetration in Estonia reached 84 percent in 2014, compared to 79 percent in 2013 and 73 percent in 2008.[5] There were also over 2 million mobile phone subscriptions, translating to a mobile phone penetration rate of 160 percent.[6] This figure is commonly attributed to the widespread use of mobile internet access devices, the growing popularity of machine-to-machine (M2M) services, and the use of more than one mobile phone by individual Estonians.

The first public Wi-Fi area was launched in 2001, and since then the country has developed a system of mobile data networks that enable widespread wireless broadband access. In 2011, the country had over 2,440 free, certified Wi-Fi areas meant for public use, including at cafes, hotels, hospitals, schools, and gas stations, and the government has continued to invest in public Wi-Fi.[7] In addition, a countrywide wireless internet service based on CDMA technology has been deployed and is priced to compete with fixed broadband access. Three mobile operators cover the country with mobile 3G and 3.5G services, and as of May 2015, 4G services covered over 97 percent of Estonian territory. Municipalities in rural areas have been subsidizing local wireless internet deployment efforts, and the country’s regulatory framework presents low barriers to market entry, enabling local startups to proliferate.

Estonians use a large variety of internet applications, including search engines (85 percent of users), email (83 percent of users), local online media, news portals, social-networking sites, instant messaging, and Voice over Internet Protocol (VoIP) services.[8] Estonian Public Broadcasting delivers all radio channels and its own TV production services, including news in real time over the internet; it also offers archives of its radio and television programs at no charge to users.

Restrictions on Connectivity

There were no government-imposed restrictions or disruptions to internet access during the past year.

ICT Market

The Estonian Electronic Communications Act was passed in late 2004, and a number of amendments have been added to help develop and promote a free market and fair competition in electronic communications services.[9] Today, there are over 200 operators offering such services, including six mobile operators and numerous internet service providers (ISPs). ISPs and other communications companies are required to register with the Estonian Technical Surveillance Authority (ETSA), a branch of the Ministry of Economic Affairs and Communications, though there is no registration fee.[10]

Regulatory Bodies

In 2009, the Estonian Internet Foundation was established to manage Estonia’s top level domain, “.ee.”[11] With its multi-stakeholder foundation, the organization represents the Estonian internet community internationally and has succeeded in overseeing various internet governance issues such as the domain name registration process. After initial concerns over the foundation’s domain registration pricing policy[12] and management capabilities,[13] the foundation’s substantive work was stabilized in 2012-2013. In February 2012, the Estonian Internet Foundation was admitted to the Council of European National Top Level Domain Registries (CENTR). During last three years the domain registration and annual fees have dropped from a €20 annual fee to a €9 annual fee, together with a 40 percent decrease in the registrar’s deposit, a decrease in the registrar’s service fees, and an unlimited number of domains for each user.[14]

 

Limits on Content: 

Estonians have access to a wide range of content online, and very few resources are blocked or filtered by the government. However, a 2009 court ruling on intermediary liability for third-party comments, which has subsequently been upheld by several European Court of Human Rights decisions, has the potential to increase instances of censorship or removal of content, particularly on forums or other websites with public comment sections.

Blocking and Filtering

There are very few restrictions on internet content and communications in Estonia. YouTube, Facebook, Twitter, LinkedIn and many other international video-sharing and social-networking sites are widely available and popular. Estonians use the internet for uploading and sharing original content such as photographs, music, and text—a higher percentage of people in Estonia (32 percent) use the internet to publically share self-created content than do people in any other country in Europe.[15]

In January 2010, a new law on online gambling came into force, requiring all domestic and foreign gambling sites to obtain a special license or face access restrictions. As of February 2014, the Estonian Tax and Customs Board had over 1,000 websites on its list of illegal online gambling sites that Estonian ISPs are required to block.[16] The list of blocked sites is transparent and available to the public.

Content Removal

Due in part to Estonia’s strong privacy laws, there have been some instances of content removal related to online communications. Most of these cases involve civil court orders to remove inappropriate or off-topic reader comments from online news sites. Comments are also sometimes removed from online discussion forums and other sites. Generally, users are informed about a given website’s privacy policy and rules for commenting, which they are expected to follow. Most of the popular online services have established policies that outline a code of conduct for the responsible and ethical use of their services and have enforcement policies in place.

In 2008, a debate over pre-publication censorship took center stage when the victim of unflattering and largely anonymous comments on a news story filed suit against the popular Estonian news site Delfi, claiming that the web portal must be held responsible for defamatory reader comments and screen them before they become public.[17] In 2009, the Estonian Supreme Court upheld the rulings of the lower courts, stating that Delfi is not a passive intermediary since the site already exerts control over the comments section by removing those that violate their own rules; therefore, it can be held liable for defamatory or otherwise illegal content prior to publication. Website owners argued that they did not have the capacity to monitor and edit all comments made on their sites.

In October 2013, the European Court of Human Rights upheld the Estonian Supreme Court ruling by stating that the company’s liability for defamatory comments was not a “disproportionate interference” with Article 10 of the European Convention on Human Rights, which guarantees freedom of expression.[18] The case was then referred to the Grand Chamber of the European Court of Human Rights, which also upheld the decision, stating in June 2015 that content hosts may be held legally liable for third-party comments made on their website.[19]

Media, Diversity, and Content Manipulation

Estonians have access to a wide array of content online, and there are few economic or political barriers to posting diverse types of content, including different types of news and opinions.

Additionally, Estonia has the largest functioning public-key infrastructure[20] in Europe, based on the use of electronic certificates maintained on the national identification (ID) card.[21] More than 1.2 million active ID cards are in use, which enable both electronic authentication and digital signing, and over 40 percent of active ID cards have been used for these purposes.[22] The Digital Signature Act, adopted in 2000,[23] gives an individual’s digital signature the same weight as a handwritten one and requires public authorities to accept digitally-signed documents. Estonian ID cards were used to facilitate electronic voting during the parliamentary elections in 2007 and were used again in the 2009 municipal and European Parliament elections. During the 2014 European Parliament elections, 103,151 votes were cast over the internet, representing over 31 percent of all votes from Estonia.[24] In 2013, 95 percent of citizens filed their taxes online, making the web services offered by the tax department the most popular public e-service. Over 63 percent of internet users regularly use e-government services, and 77 percent of these users have indicated their satisfaction with such services.[25]

Digital Activism

Social media use in Estonia is fairly widespread, and Estonians often make use of such sites to share news and information, and to generate public discussion about current political debates. One of the more well-known examples of digital activism came in early 2012, when Estonian daily newspapers and TV raised public awareness on the progress of the Anti-Counterfeiting Trade Agreement (ACTA) and its developments in the European Union. As in many other countries, the Estonian government’s initial position on ACTA’s possible negative implications on user privacy was formal, stating that nothing would change if ACTA were ratified.[26] From February 8-20, 2012, the discussion on ACTA escalated in public media and political debates, which were crucially influenced by the internet user community and experts. On February 11th, demonstrations against ACTA in Tallinn and Tartu gathered more than 2,000 participants.[27] As a result, open debates in the Estonian Parliament rephrased the government’s initial support with a more careful approach to be informed by further consultations and analysis. Overall, the ACTA controversy in Estonia demonstrated the increasing influence of civic participation on internet freedom issues and intellectual property regulation.

 

Violations of User Rights: 

Freedom of speech and freedom of expression are protected by Estonia’s constitution and by the country’s obligations as a member state of the European Union. Anonymity is unrestricted, and there have been extensive public discussions on anonymity and the respectful use of the internet. Internet access at public access points can be obtained without prior registration. Over the past few years, the government has succeeded in reducing the number and severity of cyberattacks against its infrastructure.

Legal Environment

According to the constitution of Estonia, everyone has the right to freely obtain information and to freely disseminate ideas, opinions, beliefs, and other information. In addition, everyone has the right to the confidentiality of messages sent or received. In general, these rights are well protected. Any restrictions on these rights must be necessary in a democratic society and shall not distort the nature of the rights and freedoms restricted.[28]

The incitement of national, racial, religious or political hatred, violence, or discrimination is also prohibited and punishable by law. Estonia is currently in the process of amending the penal code to establish a framework on hate speech criminalization in the country and thereby comply with the European Council Framework Decision 2008/913/JHA,[29] issued November 28, 2008, on “combating certain forms and expressions of racism and xenophobia by means of criminal law.” In July 2012, the Ministry of Justice initiated proceedings to amend sections 151 and 152 of the penal code, which would lead to a new legal norm regarding hate speech-related legislation in Estonia.[30] This process is still ongoing and has become the topic of significant public debate within the country.

Prosecutions and Detentions for Online Activities

There were no cases of prosecutions or detentions for online activities during the coverage period.

Surveillance, Privacy, and Anonymity

The Personal Data Protection Act (PDPA), first passed in 1996, restricts the collection and public dissemination of an individual’s personal data. No personal information that is considered sensitive—such as political opinions, religious or philosophical beliefs, ethnic or racial origin, sexual behavior, health, or criminal convictions—can be processed without the consent of the individual. The Data Protection Inspectorate (DPI) is the supervisory authority for the PDPA, tasked with “state supervision of the processing of personal data, management of databases, and access to public information.”[31] The current version of the PDPA came into force in 2008.[32]

In 2015, the Chancellor of Justice (Ombudsman) processed several cases related to online privacy and data protection.[33] The Ombudsman is an independent official whose duties are to ensure that legislation in Estonia complies with the constitution, and that the fundamental rights and freedoms of the Estonian people are protected. In three cases during the spring of 2015, the Chancellor strongly and clearly argued for the users’ right to privacy with regard to the protection of private data in public databases. The Chancellor of Justice’s office has taken a leading role in interpreting the constitution in cases related to privacy and private information on the internet in Estonia, establishing new standards for the protection of user rights online.

Estonia launched the Electronic Communications Act on January 1, 2005, aligning itself with EU legislation and replacing the Telecommunications Act. Since January 2008, electronic communications companies have been required to preserve traffic and location data for one year, as defined by the EU Data Retention Directive (2006/24/EC). Companies have been required to retain data on internet access, telephony, and email since March 2009, and must only retain the data that becomes known to them in the course of providing communications services. They must also provide the surveillance agency or security authority with the information at their disposal only when presented with a court order.[34]

However, data retention practices in Estonia and other European Union member states were recently thrown into doubt by the European Court of Justice (ECJ).[35] On April 8, 2014, the court found the European Data Retention Directive (2006/24/EC) to be invalid and in contravention of articles 7, 8, and 52(1) of the European Convention on Human Rights. The ruling was lauded among privacy proponents who had long argued that requirements for the blanket retention of data constituted mass surveillance and far exceeded what was necessary for law enforcement purposes. However, the decision has also prompted debate among legal experts and different reactions by governments, with some member states now suspending their national implementations of the European directive, while others are drafting new data retention laws in order to compel internet service providers to continue to store user data.[36]

According to a report by the Estonian Parliament Security Authorities Surveillance Select Committee, which oversees the practices of surveillance agencies and security agencies, there were over 7,400 cases of information requests based on court orders in 2012, an increase of 9 percent from the previous year.[37] The select committee was established to exercise supervision over the legality of surveillance and the activities of the Security Police.[38] The committee monitors the activities of the Security Police Board to ensure conformity with the constitution, the Surveillance Act, and other regulations on security agencies.

Intimidation and Violence

There have been no physical attacks against bloggers or online journalists in Estonia, though online discussions are sometimes inflammatory. Following instances of online bullying, sexual harassment, and the misuse of social media in 2009-2010, discussions and public awareness campaigns were launched to involve parents in increasing the protection of children on the internet.[39]

Technical Attacks

Awareness of the importance of ICT security in both private and business use has increased significantly since a series of cyberattacks against Estonian websites and government organizations in the spring of 2007. To protect the country from future attacks, the government adopted a five-year Cyber Security Strategy in 2008 that focused on the development and implementation of new security measures that would increase competence in cyber security, improve the legal framework, bolster international cooperation, and raise public awareness.[40] Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defense League.[41] With more than 150 experts participating, the league has simulated different security threat scenarios as defense exercises that have served to improve the technical resilience of Estonia’s telecommunication networks and other critical infrastructure over the past few years.

Also in 2008, the North Atlantic Treaty Organization (NATO) established a joint cyberdefense center in Estonia to improve cyberdefense interoperability and provide security support for all NATO members. Since its founding, the center has supported awareness campaigns and academic research on the topic and hosted several high-profile conferences, among other activities.[42] From 2009, the NATO Cooperative Cyber Defense Centre of Excellence has organized an annual International Conference on Cyber Conflict, or CyCon, bringing together international experts from governments, the private sector, and academia. CyCon has focused on international cooperation and the legal, regulatory, military, and paramilitary aspects of cybersecurity, with the goal of ensuring the development of a free and secure internet.

Notes: 

 


[1] Estonian Information System’s Authority, “Facts about e-Estonia,” accessed June 2, 2015, https://www.ria.ee/facts-about-e-estonia/.

[2] Case of Delfi AS v. Estonia, Judgement, acessed June 17, 2015, http://hudoc.echr.coe.int/eng?i=001-155105#{"itemid":["001-155105"]}

[3] Digital agenda 2020 for Estonia, accessed June 14, 2015, http://www.riso.ee/en/information-society.

[4] What is e-Residency?, https://e-estonia.com/e-residents/about/, accessed June 2, 2015

[5] International Telecommunication Union (ITU), “Percentage of individuals using the Internet, fixed (wired) Internet subscriptions, fixed (wired)-broadband subscriptions,” 2015, accessed June 1, 2015, http://www.itu.int/net4/itu-d/icteye/.

[6] International Telecommunication Union (ITU), “Mobile-cellular subscriptions,” 2013, accessed June 11, 2015, http://www.itu.int/net4/itu-d/icteye/.

[7] Public Wi-Fi Hotspot database in Estonia, accessed June 30, 2015, http://wifi.ee/leviala/

[8] Pille Pruulmann-Vengerfeldt, Margit Keller, and Kristina Reinsalu, “1.1.4 Quality of Life and Civic Involvement in Information Society,” Information Society Yearbook 2009 (Tallinn: Ministry of Economic Affairs and Communications, 2010), http://www.riso.ee/en/pub/2009it/#p=1-1-4.

[9] “Electronic Communications Act,” Ministry of Economic Affairs and Communications, accessed March 26, 2015, http://www.mkm.ee/index.php?id=9576.

[10] Estonian Technical Surveillance Authority (ETSA), “Commencement of Provision of Communications Service,” accessed February 15, 2015, http://www.tja.ee/index.php?id=11703.

[11] Estonian Internet Foundation, accessed July 30, 2013, http://www.internet.ee/en/.

[12] The activities of the Estonian Internet Foundation are not subsidized from the state budget; the registration fee covers infrastructure investments, operating costs, and reserve funds.

[13] “Marek-Andres Kauts resigns as board member,” Eesti Internet, May 23, 2012, http://www.internet.ee/news/?year=2012&month=5.

[14] “.ee domain price to drop to 9 euros”, Estonian Internet Foundation, http://www.internet.ee/news/ee-domain-price-to-drop-to-9-euros, accessed June 1, 2015

[15] “Individuals Using the Internet for Uploading Self-Created Content to Any Website to Be Shared,” Eurostat, accessed June 11, 2013, http://appsso.eurostat.ec.europa.eu.

[16] The list of restricted websites can be found on the Estonian Tax and Customs Board website: “Ebaseadusliku kaughasartmängu serverite domeeninimed” [Illegal gaming servers, domain names], Tax and Customs Board, accessed June 10, 2015, http://www.emta.ee/public/Kontroll/MTA_must_nimekiri_25.02.2014.pdf .

[17] Kaja Koovit, “Big Businessman Goes to War Against Web Portals,” Baltic Business News, March 18, 2008, http://www.balticbusinessnews.com/?PublicationId=48694078-50cc-4fe1-b3e4-6e10bc6a5ec1.

[18] “European Court strikes serious blow to free speech,” ARTICLE 19, October 14, 2013, http://www.article19.org/resources.php/resource/37287/en/european-court-strikes-serious-blow-to-free-speech-online.

[19] “CASE OF DELFI AS v. ESTONIA”, Grand Chamber judgment,  http://hudoc.echr.coe.int/eng?i=001-155105#{"itemid":["001-155105"]}, accessed June 18, 2015

[20] A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates, which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates that map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.

[21] See the web portal for the ID-card system, http://id.ee/?lang=en.

[22] See the web portal for the ID-card system, http://id.ee/?lang=en.

[23] “Digitaalallkirja seadus” [Digital Signature Act], Riigi Teataja, accessed May 21, 2013, https://www.riigiteataja.ee/akt/694375.

[24] “Statistics about Internet Voting in Estonia,” Vabariigi Valimiskomisjon (Electoral Commission), accessed August 2014, http://www.vvk.ee/voting-methods-in-estonia/engindex/statistics.

[25] Kristina Randver, Kodanike rahulolu riigi poolt pakutavate avalike e-teenustega, Jaanuar 2010 [Citizens’ Satisfaction with the Provision of Public E-Services, January 2010] (Tallinn: TNS Emor, 2010), http://www.riso.ee/et/files/kodanike_rahulolu_avalike_eteenustega_2010.pdf.

[26] “Ministries promise that ACTA will not change anything,” Estonian Public Broadcasting, January 25, 2012, http://uudised.err.ee/index.php?06244282.

[27] “ACTA resisted in many parts of the world,” Estonian Public Broadcasting, February 11, 2012, http://uudised.err.ee/index.php?06245704.

[28] Constitution of the Republic of Estonia [English translation], June 28, 1992, https://www.president.ee/en/republic-of-estonia/the-constitution/index.html#II.

[29] EUR-Lex, “Access to European Union Law,” accessed May 5, 2013, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32008F0913:en:NOT.

[30] Office of the High Commissioner for Human Rights, “Tenth and Eleventh Periodic Report on the implementation of the International Convention on the Elimination of all forms of Racial Discrimination in Estonia,” January 2013, http://www2.ohchr.org/English/bodies/cerd/docs/CERD.C.EST.10-11.docx‎.  

[31] Electronic Privacy Information Center (EPIC) and Privacy International, “Republic of Estonia,” in Privacy and Human Rights 2006: An International Survey of Privacy Laws and Developments (Washington: EPIC, 2007), http://www.worldlii.org/int/journals/EPICPrivHR/2006/PHR2006-Republic-8.html.

[32] Estonian Data Protection Inspectorate, “Inspectorate,” March 14, 2015, http://www.aki.ee/en/inspectorate.

[33] “Tasks and jurisdiction of the Chancellor of Justice”,  http://oiguskantsler.ee/en/tasks-and-jurisdiction-of-the-chancellor-of-justice, accessed June 2, 2015

[34] Electronic Communications Act, translation to English, http://www.legaltext.ee/text/en/X90001K2.htm.  

[35] The ECJ court ruling pertained to the cases Digital Rights Ireland Ltd (C-293/12) and Kärntner Landesregierung (C-594/12) and is available at http://curia.europa.eu/juris/document/document.jsf?docid=150642&doclang=EN.

[36] Martin Husovec, “First European Constitutional Court Suspends Data Retention After the Decision of the Court of Justice of EU,” The Center for Internet and Society at Stanford Law School, April 28, 2015, http://cyberlaw.stanford.edu/blog/2014/04/first-european-constitutional-court-suspends-data-retention-after-decision-court.

[38] “Security Authorities Surveillance Select Committee,” Riigikogu: The Parliament of Estonia, April 4, 2011, http://www.riigikogu.ee/index.php?id=42701&parent_id=34615.

[39] Targalt internetis [awareness portal], accessed June 12, 2013, http://www.targaltinternetis.ee.

[40] Cyber Security Strategy Committee, Cyber Security Strategy (Tallinn: Ministry of Defence, 2008), http://www.mod.gov.ee/files/kmin/img/files/Kuberjulgeoleku_strateegia_2008-2013_ENG.pdf.

[41] “Estonian Defence League’s Cyber Unit,” Kaitseliit [Defence League], http://www.kaitseliit.ee/en/cyber-unit

[42] “Conference on Cyber Conflict,” Cooperative Cyber Defense Centre of Excellence (CCD COE), accessed July 15, 2013, http://www.ccdcoe.org/conference2010/.