Estonia. The unlikely champion – Katrin Nyman-Metcalf

Winters in Estonia are perhaps not as harsh as foreigners imagine, but they can be quite cold and snowy. Despite well-functioning transport even in wintry conditions, some days it is tempting to stay indoors. Some people claim that this is the reason for Estonia developing the most advanced e-governance system in Europe, and one of the most advanced in the world. Another perhaps more accurate explanation is found in the history of the country, which regained its independence in 1991 after nearly 50 years of Soviet occupation, during which many aspects of society had been destroyed. Catching up with the Nordic neighbours in any foreseeable future appeared like an impossible dream. Fortunately, there were political leaders and people in administration who realised that there was nothing to lose in trying to skip steps that countries with more advantageous histories had gone through, in attempting entirely new solutions for administrative issues. Thus, e-governance was born – much earlier than in most countries. For example, the Estonian cabinet went paperless in the year 2000.

What is e-governance? There is no international legal definition. We can assume that it means the use of digital tools for governance and usually should include the possibility of completing transactions electronically in addition to accessing electronic information. E-governance can reduce corruption by eliminating the possibility of bypassing regular channels or speeding up transactions with the help of bribes; it can improve access to services including for minorities, inhabitants of rural areas or the disabled; it can lead to efficiency gains and cost savings; and it can help states attract investment and support innovation. However, these positive outcomes do not just happen because the technology exists. Neither is it, as sceptics tend to presume, that the technology itself will lead to negative outcomes like increased surveillance, data protection infringements, alienation and discrimination. In reality, e-governance is a tool for performing certain acts. It is not good or bad per se; these notions depend on how it is used.

What is special in Estonia? Key words that describe what a comprehensive e-governance system means are interactivity and interoperability. This means that two-way communication between people and authorities is possible, allowing transactions to be undertaken on-line, so that databases can communicate with one another to facilitate seamless transactions (Nyman-Metcalf, 2017). The former Estonian President, Mr Toomas Hendrik Ilves, used to say that Estonia does not have a digital society – Estonia is a digital society.

Interactivity first: Estonian public administration is based on citizen-centric electronic services in all areas, accessed in the same manner, from one web portal, www.eesti.ee, which makes them easy to use. All communication with authorities can take place electronically and official documents (public or private) can be signed digitally. A digital signature has the same value in law as a traditional one (Madise & Vinkel, 2014: 61). The digital signature has to be secure, but to ensure that people actually use it, it must at the same time be user-friendly. Theoretically, there may be special identification systems for each service, but such a system is rarely user-friendly. In Estonia the same identification and signature are used in all contexts – public and private. It is based on the ID card that everyone has, which is also a real-life ID and travel document, and is used as a customer loyalty card among other functions (https://e-estonia.com/component/electronic-id-card/). This is a good example of public-private partnership, as e-services were first mainly accessed with bank ID, while now most people carry out banking transactions with the official ID. The state and the private banks agreed to accept each other’s identification systems, as they were mutually deemed to be of sufficient quality. The ID card, together with identification codes linked to it, acts as a key that opens various doors, to various databases – nothing is stored on the card as such.

Both interactivity and interoperability rely on another feature of the Estonian administration, namely that data is electronic by default, just as, for example, the valid formal version of legislation is the electronic one. Of course, people may print out official documents or legal texts, but these papers will not take on an official role – that role is held by the data as such: the information the data transmits and not its form.

Now to interoperability: The Estonian system is called X-road. This is an interface that allows different databases to communicate, which means that authorities who are in need of data from any public database will access this database directly rather than ask for the data to be transferred. This permits application of the once-only principle, which means that a person never has to provide data more than once, as those who have a legitimate reason to access it will do so from the core database. It is prohibited by law to create a database with information that already exists (Public Information Act, English translation https://www.riigiteataja.ee/en/eli/514112013001/consolide). This system is secure, as it eliminates the need for officials to ask for or send data between authorities. Such situations of requesting and transmitting are points of risk for data protection as well as for the accuracy of data. Joining X-road does not give the bodies in the system automatic access to the data of others, but agreements are needed that specify exactly what type of data and which individuals in different organisations should have access. For each data access, the person who wants to look at the data must identify themselves, as access is only given to a permitted person via their digital identity. Such limited, monitored and transparent access means that data is more protected even if it is also much more easily available for those with a legitimate reason to access it.

Both interactivity and interoperability entail consequences for the legal system, but do not necessarily lead to a need for new, special legislation. Indeed, one of the key rules for a successful legal approach to e-governance is not to adopt too much special legislation, as this risks creating parallel systems that focus on the way to do things rather than the substance of what is done. E-governance should be seen as a form of governance, not a separate phenomenon. The temptation to draft lots of laws needs to be avoided and lawyers’ efforts instead directed toward analysis of what it is that actually changes, what is required of the legislation to take the technology into account. Legal issues of e-governance do not form a single, unified area of law.

Digital tools for accessing information are legally fairly uncomplicated. Provided that the information is public, there is no need to identify oneself; the public body does not need to know who looks at what or why. The legal difference arises when it is possible to perform transactions on-line. At this point it becomes necessary to have electronic identification and this needs legislation (Wang, 2006).  Data protection is another area in need of attention. It is not only an e-governance issue but given the importance of data for e-governance, the issue needs to be considered throughout the development process. Often e-governance is presented as if there is a need to weigh whether benefits of efficiency and speed make up for data protection risks. However, e-governance can, if properly used, provide greater protection than traditional systems. In Estonia, one of the important features of X-road is that individuals can easily see what data the authorities hold on them, by accessing one web-site (https://www.eesti.ee) from which all public services and databases can be reached (Nyman-Metcalf, 2014). Whenever an authority accesses the data of an individual, this leaves a footprint, which the person can easily see. It says which authority looked at the data at what time. The person concerned is entitled to ask the authority to explain why they did this. It can be seen which person in the authority accessed the data, as any data access is only possible after the authorised person has identified themselves. Authorisations for access to data are not given per authority but specifically, determining which persons can access what type of data. Thus, there is no risk of careless access to data, abusing access rights out of curiosity. Data use is monitored within authorities and by the data protection inspectorate in addition to the possibility of citizens doing their own monitoring (Rull, Täks & Norta, 2014).

Nowadays, Estonia is far from alone in using e-governance tools. There are some solutions in other countries that are at least as useful and exciting, but the comprehensive nature of the Estonian system, as well as its wide use, still set it apart from most comparable systems. In many countries the popular uptake of e-services tends to be uneven or slow, which easily leads to a vicious circle: those responsible for developing services feel that resources are not justified for something only few people use, while people find that it is not worth learning how to use the services or getting the necessary devices for it, if there is little that can be done with that knowledge or those devices later.

For people to embrace e-governance they need to have trust: in how to identify oneself electronically, in what happens with data, in that transactions undertaken electronically will be just as valid – even if needed as evidence in court – as traditional transactions. The challenge for lawyers working on e-governance is that instead of focusing on technology and its complexity, one should take a step back and analyse if things are really different just because the environment has changed. The use of e-governance should mean that governance really is for the citizens and not the other way around. Citizens, residents and companies do not need to go to a place at a time chosen by the authorities, but the authorities come to the people, when and where it suits individuals. If this happens, e-governance becomes a tool for increased trust and participation, leading to a citizen-focused society, which supports rule of law. This does not have to remain just a beautiful policy pronouncement; ICT can be truly transformative. But only if the benefits of technology are not lost by being buried in excessive regulation, or by failing to address the questions where technology really affects the legal landscape.

 

Katrin Nyman-Metcalf
Adjunct Professor of Communications Law, Tallinn University of Technology and Programme Director of Research and Legal Issues, E-Governance Academy, TalTech Law School.

 

This post is a summary of the article How to build e-governance in a digital society: the case of Estonia published in Issue 58 (June 2019) of the Revista Catalana de Dret Públic – Catalan Journal of Public Law.

 

Reference list

Madise, Ülle and Vinkel, Priit. (2014). Internet voting in Estonia: From constitutional debate to evaluation of experience over six elections. In: Tanel Kerikmäe (Ed.), Regulating eTechnologies in the European Union (pp. 53–72). Heidelberg: Springer.

Nyman-Metcalf, Katrin. (2014). E-Governance in law and by law. In: Tanel Kerikmäe (Ed.), Regulating eTechnologies in the European Union (pp. 33–53). Heidelberg: Springer.

Nyman-Metcalf, Katrin. (2017). Drafting e-Governance: A new reality for legislative drafting. International Journal of Legislative Drafting and Law Reform, 5(1).

Rull, Addi, Täks, Ermo and Norta, Alexander. (2014). Towards software-agent enhanced privacy protection. In: Tanel Kerikmäe (Ed.) Regulating eTechnologies in the European Union (pp.73–94). Heidelberg: Springer.

Wang, Minyan. (2006). The impact of information technology development on the legal concept: A particular examination on the legal concept of ‘signatures’. International Journal of Law and Information Technology, 15(3), 253–274.

Leave a Reply