During a spring inspection, Chancellor of Justice Ülle Madise found that, through the compliance register, government agencies were able to access banking secrets without a legal basis and without the knowledge of account holders. According to the Chancellor of Justice, state institutions made tens of thousands of such inquiries into banks in just over a year.
The scandal spread like wildfire but died down about a month later, as officials and ministers promised to introduce the necessary legislative amendments, assuring that everything would be in order from then on.
This answer did not satisfy me, and therefore on August 10 I submitted a criminal complaint to the Prosecutor’s Office, requesting the initiation of criminal proceedings under § 315 of the Penal Code, Unlawful surveillance operations and covert collection of information. Based on this provision, covert data collection has taken place illegally, carried out by individuals who did, in fact, have lawful rights for surveillance or covert data gathering, but who acted without adhering to the law.
The response came exactly within the ten days prescribed by law: State Prosecutor Raigo Aas, as expected, refused to initiate criminal proceedings, arguing that there was neither reason nor basis to proceed.
To summarize the justification: “If the grounds do not make it possible to identify the elements of a criminal offense, initiation of criminal proceedings is excluded, and it is impermissible to initiate proceedings in a situation where the very grounds for proceedings would still need to be established by means of criminal procedure.”
At first it seemed the prosecutor was correct. However, upon consulting the Commented Edition of the Penal Code, I found that in the notes to § 315, point 3.4 clearly states: The covert collection of information is unlawful if there is no legal basis for it, or if the collection of information has not been carried out in accordance with the procedures established by law.
Motivated by the latter part of this sentence, “if the collection of information has not been carried out in accordance with the procedures established by law,” I filed an appeal against the prosecutor’s ruling with the Office of the Prosecutor General.
At this point, what interests me is the following:
How many of you, reading this post, can confirm that your data has been accessed in this matter? According to the Chancellor of Justice, there were tens of thousands.
Here is how you can check on eesti.ee:
-
In the top right corner, click “Sisene iseteenindusse” (Log in).
-
Once logged in, on the left side under your name, the fourth line is “Andmejälgija” (Data Tracker).
-
Open the filter, and with its help you can identify who has viewed your data, why they did so, and whether you were notified about access to your bank account details.
— Kalle Grünthal, Member of the Parliament of the Republic of Estonia
