The activities of the Riigikogu and its Chancellery are mainly public in nature.
They generally do not need to use personal data in any great amounts for carrying out their tasks. Despite this, the Riigikogu and its Chancellery, through the course of their work, receive information that the law requires to be protected by access restrictions, which means that only certain officials may consult this information.
The Riigikogu and its Chancellery learn personal data from e.g. correspondence with individuals and other state or local government agencies, from job applications, in the course of parliamentary supervision (through the work of special and investigation committees of the Riigikogu), and from contracts signed with individuals.
Under the Personal Data Protection Act, only data on natural persons constitutes personal data.
Sensitive personal data means data on the political, ideological and religious convictions of the individual, their ethnic background and hereditary characteristics, information on their health and sexuality, possible membership in trade unions, biometrics (mainly finger and palm prints, iris images and genetic data), as well as criminal records or records of falling victim to a crime (before a public court sitting or, in case of an offence, before the decision has been made or the proceedings terminated).
Non-sensitive personal data encompasses all other information on the individual that somehow characterises them or their activities, such as information on their economic situation, intellectual capacities, marital status or residence.
Restrictions on consulting personal data
Under the Public Information Act, the documents in the possession of the state are generally public, i.e. everyone who wishes to consult these may do so; however, the Personal Data Protection Act provides certain exceptions.
The documents that contain sensitive personal data must always be classified as documents meant for internal use. In case of the documents that contain non-sensitive personal data, the Chancellery must decide whether they contain something that would excessively harm the inviolability of the personal life of an individual. If we find that no excessive harm is done to the inviolability of private life through the publication of personal data, no access restrictions are set on such documents. If there is a need and an opportunity, the individual is personally consulted, although the Chancellery is not obligated to base its decision on the opinion of the individual.
The Chancellery has authorised certain officials to decide whether the documents in the possession of a structural unit need to be declared for internal use only. In case of documents meant for internal use, the document register of the Chancellery publicly displays the registration number, sender and/or receiver of the document (e.g. a letter), date of arrival or dispatch, category of document and a brief descriptive title. In addition, the register will also state that the document is meant for internal use and will make a reference to the provision of the Public Information Act that stipulates the need to set an access restriction on the document. The content of such a document is not publicly accessible. If a document is not meant exclusively for internal use, you can generally access its whole content.
If the Chancellery sends a document that contains personal data to another state or local government agency, this agency must respect the rules of protection of personal data.
The Riigikogu and its Chancellery are in possession of documents that do not have to be recorded in the document register or that have indeed been registered but whose content is not visible in the register for some reason. These document may also contain personal data. From time to time, we receive requests for information asking permission to consult such documents. These requests often come from members of the press and concern information on members of the Riigikogu. Upon the receipt of a request for information, the document is always reviewed (even if it has not been declared for internal use) and, if necessary, only the part that does not contain personal data is released.
Under the Personal Data Protection Act, personal data may be analysed and published for journalistic purposes if there is an overpowering public interest and if it follows the principles of press ethics. Publishing of the data may not overly damage the rights of the data subject.
The document register of the Chancellery does not register the documents of job applicants. These may be consulted only by the staff of the Chancellery participating in the selection process, and members of the Riigikogu.
The documents containing personal data are usually subject to restricted access for 75 years, as of the creation or receipt of the document. The majority of documents on the Riigikogu are not even kept that long, but are destroyed much earlier.
The right to consult one’s personal data
An individual may consult their own personal data kept in the Riigikogu or its Chancellery. The data may not be consulted if it could:
- damage the rights and freedoms of another individual
- jeopardise the protection of the secret on a child’s provenance
- hinder the prevention of a crime or the catching of a criminal
- render it more difficult to detect the truth in criminal proceedings.
An individual may demand that faulty personal data be corrected. If the Chancellery (no longer) has a legal basis for using the personal data, the individual may ask the use of the data to be stopped or the data to be erased.
Your feedback is important. Please share it with us!