Estonia features a punishments register with misdemeanours and crimes listed by all people. For the benefit of potential employers, for instance. Then there is a judicial decisions database where expired crimes can often still be detected. In these two, names and other data of victims and witnesses are almost never found – the occasional typo excluded. Turns out, there is a third database with judicial decisions prior to 2006. In it, glaring problems are obvious regarding personal data protection, as it holds details of entire criminal acts as well as names of criminals, victims, witnesses and experts. At times, names of close relatives are included, and home addresses at the time.
Estonian Data Protection Inspectorate PR-adviser Maire Iro agrees and says and claims people responsible at State Gazette (Riigi Teataja) database have repeatedly been notified of the problem. The justice ministry press rep Maria-Elisa Tuulik said the data has been uploaded pursuant to old legislation and the people had the right, and still do, to apply to relevant courts for removal of their data in such instances. Ms Tuulik admits people might have difficulty doing that and have insufficient knowledge. She cites the excessive amount of manual labour required to sort out the data. They may thus take it all offline as public interest is waning anyway, with time passing.
For some of the decisions State Gazette has tried to anonymize personal data, but using ineffective technical means (see picture above).