Freedom on the Net
Internet Freedom Scores
June 2016–May 2017
- Estonia remained a staunch advocate of e-governance. Internet voting experienced minor amendments following the formation of a new government in November 2016 (see Digital Activism).
- The new president elected in October 2016, Kersti Kaljulaid, has expressed strong support for human rights, including internet freedom, signaling continuity in internet-related policies (see Legal Environment).
With high levels of access, online citizen participation, and strong support for freedom of expression, Estonia’s internet freedom environment remained positive.
Estonia experienced several political changes during the past year, but these are unlikely to heavily impact e-governance or other internet use. The new president elected in October 2016, Mrs Kersti Kaljulaid, has expressed commitment to the Estonian e-society. Following a vote of non-confidence in the previous prime minister, a new government was also formed in November 2016, headed by the left-leaning Center Party (CP) for the first time in decades. The Center Party has traditionally been more skeptical of some aspects of e-governance, though less so after internal changes and rejuvenation. Minor changes to internet voting, such as shortening the time period for the vote, were decided.
Estonia has become a model for free and open internet access. It is the EU Member State with the most digital public services,1 and private services are largely internet-based. The Technical Regulatory Authority states that an open and neutral internet has always been an integral part of Estonia as an e-state.2 This approach goes back to policy decisions when Estonia regained independence in 1991, after nearly 50 years of Soviet occupation. Infrastructure was in a disastrous condition, but the country’s leadership focused on investing heavily in information and communication technologies (ICTs) as a key to sustained economic growth. Subsequent governments have continued to support this expansion.
Estonians are very active on the internet and issues of security, anonymity, privacy, and citizens’ rights on the internet are widely debated. The Digital Agenda 2020 of the Ministry of Economic Affairs and Communications outlines how technological and organizational conditions will be developed to ensure that people will always know and be able to decide how their personal data is used in the public sector.3 Citizens can already see what personal data is available to public authorities, and which data was accessed.4 Under this initiative, the government launched an “e-residency” program to offer citizens of any country access to secure and convenient online services, such as setting up a business in Estonia. There are currently over 21,000 e-residents from 138 countries.5
While online debate in Estonia remains vigorous, one of the first major cases on internet commentary continues to be discussed internationally and its findings have not been overturned. In 2015, the Grand Chamber of the European Court of Human Rights (ECtHR) issued a ruling that reaffirmed an earlier Estonian Supreme Court decision regarding content hosts’ liability for third-party comments. Following the ruling, several major media companies removed anonymous comments functions from their online portals.
Estonia continues to be one of the most connected countries in the world with regard to internet access, and Estonian internet users face very few obstacles when it comes to accessing the internet.
Availability and Ease of Access
The number of internet and mobile telephone users in Estonia has grown rapidly in the past 20 years. The availability of mobile broadband is very good while fixed broadband is less widespread, below the European average, which is mainly due to limited connectivity in sparsely populated rural areas. Improvement work is ongoing and by 2018, 98 percent of households should be no more than 1.5 km from an access point. About two thirds of the network has been built so far but not all is in use.6 The Technical Regulatory Authority (TRA) has produced a web-based map on what services are available at any location in Estonia.7 In January 2017, Estonia adopted amendments to several laws to facilitate the use of existing infrastructure for broadband, which entered into force as of March 2017.8
Tests carried out by TRA confirmed that internet speeds are increasing rapidly. In the development plan for 2020 the aim was availability of at least 30 Mbit/s mobile internet in all of Estonia by 2020. In 2016 this was achieved in 99 percent of the territory and speeds of 100 Mbit/s in 37 percent of the territory.9
Estonia’s high mobile phone penetration reflects widespread use of internet-enabled mobile devices. Companies are increasingly offering multiple-play solutions of broadband with other services (like television) at attractive prices.10 The abolition of roaming charges in the EU from June 2017 has led to new price packages for telephony and internet, although changes have so far been small.
Wi-Fi access continues to be good. The first public Wi-Fi area was launched in 2001 and since then wireless broadband access has spread with a large number of free, certified Wi-Fi areas meant for public use, including at cafes, hotels, hospitals, schools, and gas stations.11 In addition, a countrywide wireless internet service based on CDMA technology was deployed and is priced to compete with fixed broadband access. Three mobile operators cover the country with mobile 3G and 3.5G services, and at the end of 2016, 4G services covered over 99 percent of Estonian territory.12
There is no significant difference between genders regarding access to or use of internet, with 89.5 percent of males and 87.4 percent of females using internet in 2015.13 Knowledge of foreign languages among Estonians is high, which facilitates access to diverse content.1415
Restrictions on Connectivity
There were no government-imposed restrictions or disruptions to internet access during the past years.
The 2014 Estonian Electronic Communications Act has been amended to develop and promote a free market and fair competition in electronic communications services.
There are over 200 operators offering communications services, including six mobile operators and numerous internet service providers (ISPs). ISPs and other communications companies are required to register with the independent regulatory, the Estonian Technical Regulatory Authority. There is normally no registration fee.16
The main regulatory bodies for the ICT sector are the Technical Regulatory Authority (TRA) and the Competition Authority. These are professional and independent regulators. There have been no cases of government interference with the telecommunications sector through regulatory bodies, or of regulators abusing their powers.
The Estonian Internet Foundation was established in 2009 to manage Estonia’s top level domain, “.ee” and is a member of the Council of European National Top Level Domain Registries (CENTR).17 With its multi-stakeholder foundation, the organization represents the Estonian internet community internationally and has succeeded in overseeing various internet governance issues. During recent years the domain registration and annual fees have decreased and limitations on the number of domains per user have been scrapped. No significant changes took place during last year.
Estonians have access to a wide range of content online, and very few resources are blocked or filtered by the government. Following court rulings on intermediary liability for third-party comments, some Estonian media outlets have modified their policies regarding anonymous commenting on their portals.
Blocking and Filtering
There are very few restrictions on internet content and communications in Estonia. YouTube, Facebook, Twitter, LinkedIn, and many other international video-sharing and social-networking sites are widely available and popular. Estonians use the internet for uploading and sharing original content such as photographs, music, and text more than average in the EU.18 There are no indications of any increase of restrictions on content or of self-censorship, and online debate is very active and open.
One of the very few content restrictions is found in the Gambling Act, which requires all domestic and foreign gambling sites to obtain a special license or face access restrictions.19 As of March 2017, the Estonian Tax and Customs Board had nearly 1,200 websites on its list of illegal online gambling sites that Estonian ISPs are required to block.20 The list of blocked sites is transparent and available to the public.
Some major sites limited anonymous commenting after the Grand Chamber of the European Court of Human Rights (ECtHR) upheld a 2009 Estonian Supreme Court decision establishing intermediary liability over third-party comments on internet news portals.21 In June 2015, the Grand Chamber confirmed that holding intermediaries responsible for third-party content published on their website or forum is not against Article 10 of the European Convention on Human Rights guaranteeing freedom of expression.
Media, Diversity, and Content Manipulation
Estonians have access to a wide array of content online, and there are few economic or political barriers to posting diverse types of content, including different types of news and opinions. Estonians use a large variety of internet applications, with the most popular site being Google (Google.ee in first and Google.com in fourth place), followed by YouTube, and Facebook. The major Estonian news portals Postimees and Delfi are number five and seven.22Estonian Public Broadcasting delivers all radio channels and its own TV production services, including news in real time over the internet; it also offers archives of its radio and television programs at no charge to users.
While Estonian authorities are aware of Russian information campaigns designed to manipulate public opinion in the region, there have not been any incidents of banning content from Russia.23 The Secret Police estimates that number of cyberattacks against Estonians may increase during 2017 due to the Estonian Presidency of the EU Council and the stationing of more NATO troops in the country throughout the year.24
Social media use in Estonia is widespread, and Estonians often make use of such sites to share news and information and generate public discussion about current political debates. There were no instances of restrictions on use of social media or other media in political campaigns.
In addition to discussions, netizens actively participate in online petitions that can be initiated by anybody.25 There is also a site that enables compiling and sending collective initiatives – with at least 1,000 digital signatures – to the parliament of Estonia and to follow what happens with the proposal.26 Since 2013, citizens have been able to engage online as well as offline in a “people’s assembly,” which in 2017 focused on ideas for active ageing.27
Estonians widely use e-services. Estonia has expanded e-governance thanks to interoperability of all public and some private databases, and digital identification using public-key infrastructure.28 More than 1.2 million active ID cards are in use, which enable both electronic authentication and digital signing.29 ID cards can be used for electronic voting in all Estonian elections since 2005. In the latest parliamentary elections in March 2015, over 30 percent of all votes were cast online.30 Of state services in Estonia, 99 percent are available online.31 The new president elected in October 2016, Mrs Kersti Kaljulaid, has expressed commitment to the Estonian e-society. Minor changes to internet voting, such as shortening the time period for the vote, were decided for the local elections in October 2017.
Freedom of speech and freedom of expression are protected by Estonia’s constitution and by the country’s obligations as a member state of the European Union. Anonymity is unrestricted, and there have been extensive public discussions on anonymity and the respectful use of the internet. Internet access at public access points can be obtained without prior registration. Over the past few years, the government has succeeded in reducing the number and severity of cyberattacks against its infrastructure.
According to the constitution of Estonia, all citizens have the right to freely obtain information and to freely disseminate ideas, opinions, beliefs, and other information. In addition, citizens have the right to the confidentiality of messages sent or received. These rights are well-protected. Any restrictions must be necessary in a democratic society and shall not distort the nature of the rights and freedoms restricted.32
There are only few limits on freedom of expression in Estonia. Activities which publicly incite to hatred, violence, or discrimination on the basis of nationality, race, colour, sex, language, origin, religion, sexual orientation, political opinion, or financial or social status if this results in danger to the life, health, or property of a person is punishable under the Penal Code.33
Prosecutions and Detentions for Online Activities
There were no cases of prosecutions or detentions for legitimate online activities during the coverage period.
Surveillance, Privacy, and Anonymity
Estonia has strong privacy protections for its citizens. The Personal Data Protection Act (PDPA), in force since January 2008,37 restricts the collection and public dissemination of an individual’s personal data. No personal information that is considered sensitive—such as political opinions, religious or philosophical beliefs, ethnic or racial origin, sexual behaviour, health, or criminal convictions—can be processed without the consent of the individual. The Data Protection Inspectorate (DPI) is the supervisory authority for the PDPA. In addition, the Chancellor of Justice (Ombudsman) can make suggestions regarding data protection.
The EU has adopted a new regulation on data protection, the General Data Protection Regulation (GDPR),38 which will take effect in May 2018. Regulations have direct effect in all EU member states. GDPR will further strengthen the protection of personal data and in Estonia, and companies and authorities are currently examining how to ensure compliance with the GDPR.
The Electronic Communications Act contains a number of provisions on protection of personal data for communications providers. 39
Data retention practices established under the Electronic Communications Act, which aligned with EU legislation, were thrown into doubt by the Court of Justice of the European Union (CJEU) in April 2014, when the court found the European Data Retention Directive (2006/24/EC) to be invalid.40 In Estonia, a data retention principle remains in the law (Article 111) with various restrictions on how the data shall be kept and used. Data shall be kept for one year, unless there are special reasons decided by the government to keep it longer in the interest of public order and national safety. Article 112 regulates how requests by law enforcement authorities should be made. Requests are kept for two years.
The Estonian Parliament Security Authorities Surveillance Select Committee oversees the practices of surveillance agencies and security agencies. They Committee carried out a control in June 2016 of the legality of surveillance activities of security authorities and found them to have been conducted in accordance with the law.41 The committee monitors the activities of security authorities to ensure conformity with the Constitution, the Surveillance Act, and other regulations on security agencies.
Intimidation and Violence
There have been no physical attacks against bloggers or online journalists in Estonia, though online discussions are sometimes inflammatory.
During the ITU World Summit on the Information Society Forum in June 2017, the ITU introduced an updated Global Cybersecurity Index according to which Estonia ranks 5th in the world and 1st in Europe.42
Estonian businesses and communities treat ICT security as a high priority. This year sees the 10th anniversary of major cyberattacks against Estonian websites and government organizations in the spring of 2007. Estonia’s cybersecurity strategy is built on strong private-public collaboration and a unique voluntary structure through the National Cyber Defence League.43 With more than 150 experts participating, the league has simulated different security threat scenarios as defence exercises that have served to improve the technical resilience of Estonia’s telecommunication networks and other critical infrastructure over the past few years.44
The North Atlantic Treaty Organization (NATO) Cooperative Cyber Defence Centre of Excellence is located in Tallinn. Since its founding, the centre has supported awareness campaigns and academic research and hosted several high-profile conferences, among other activities. From 2009, the Centre has organized an annual International Conference on Cyber Conflict, or CyCon, bringing together international experts from governments, the private sector, and academia, with the goal of ensuring the development of a free and secure internet. In May 2017, more than 500 participants from diverse countries took part in CyCon, to discuss various aspects of internet use, including privacy, humanitarian law on internet, among other issues.45
1 Europe's Digital Progress Report (EDPR) 2016, http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=15399
3 Digital agenda 2020 for Estonia, https://www.mkm.ee/sites/default/files/digital_agenda_2020_estonia_engf.pdf
6 Europe's Digital Progress Report (EDPR) 2016, http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=15399
12 Annual report of the Estonian Technical Regulatory Authority 2016, accessed 22 June 2017
13 ITU, accessed 25 June 2017, http://www.itu.int/en/ITU-D/Statistics/Pages/stat/default.aspx
14 See: http://www.studyinestonia.ee/estonia-ranks-high-english-proficiency, data from November 2015, page accessed on 19 June 2017.
18 “Individuals Using the Internet for Uploading Self-Created Content” Eurostat, accessed 25 June 2017 http://ec.europa.eu/eurostat/tgm/refreshTableAction.do?tab=table&plugin=1&pcode=tin00030&language=en
20 The list of restricted websites can be found on the Estonian Tax and Customs Board website: “Blokeeritud hasartmängu internetileheküljed” (Blocked gambling internet pages), Tax and Customs Board, accessed 25 June 2017, https://www.emta.ee/et/eraklient/maa-soiduk-mets-hasartmang/blokeeritud-hasartmangu-internetilehekuljed
21 European Court of Human Rights, Case of Delfi AS v. Estonia, Judgement, June 16, 2015.
23 The yearbook of the Estonian Internal Security Service (KAPO), p. 9.
24 Ibid. p. 20
28 A public-key infrastructure (PKI) is a system for the creation, storage, and distribution of digital certificates, which are used to verify that a particular public key belongs to a certain entity. The PKI creates digital certificates that map public keys to entities, securely stores these certificates in a central repository, and revokes them if needed.
30 E-Governance Academy, “e-Estonia, e-Governance in practice,” http://www.ega.ee/publication/e-estonia-e-governance-in-practice/
32 Constitution of the Republic of Estonia [English translation], June 28, 1992.
33 Article 151 Penal Code, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/519012017002/consolide
34 The amended Penal Code was adopted in 2001 and entered into force in 2002.
35 RT I 2001, 81, 487; in force 1 July 2002. In English at https://www.riigiteataja.ee/en/eli/524012017002/consolide
37 Personal Data Protection Act, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/507032016001/consolide
38 Regulation 2016/679
39 Electronic Communications Act, https://www.riigiteataja.ee/en/eli/ee/Riigikogu/act/527032017001/consolide
42 Global Cybersecurity Index 2017 https://www.itu.int/dms_pub/itu-d/opb/str/D-STR-GCI.01-2017-PDF-E.pdf
43 Cyber Security Strategy 2014-2017, https://www.mkm.ee/sites/default/files/cyber_security_strategy_2014-2017_public_version.pdf, accessed 25 June 2017.
(0 = Best, 100 = Worst)
(0 = Best, 25 = Worst)
(0 = Best, 35 = Worst)
(0 = Best, 40 = Worst)