Category Archives: Legal Aspects

Talk by IT law and data protection specialist professor Lee Bygrave

Lee A. Bygrave

The IT law programme invites you to a discussion with a distinguished IT law and data protection specialist professor Lee Bygrave from Oslo University. He will give his talk on Friday, October 9, 2015, from 14.15 to 17.30 at the University of Tartu, Faculty of Law, Näituse 20 room 103. The talk will cover the following topics:

  • the US-EU cleavage on data protection regulatory policy;
  • the extent to which data protection rules can and ought to apply to use of human biological material;
  • regulatory policy on privacy-enhancing technology and privacy/data protection by design.

Lee Bygrave’s visit to Estonia is organized by the IT Law Programme. Additional information: Helen Eenmaa-Dimitrieva, Director of the IT Law.

Links:
http://www.ut.ee/itlaw
http://www.jus.uio.no/ifp/english/people/aca/lee/

Sensitive information related to cyber security will be classified as a state secret

kapo_state_secrets

The amendments in the State Secrets And Classified Information Of Foreign States Act, which will define a state secret any classified information related to cyber security or critical information infrastructure protection, will increase number of officials who will have access to state secrets and their responsibility towards their employers.

Estonian Internal Security Service (KaPo) is responsible for maintaining information about people with state secrets clearance.
“KaPo has never disclosed how many people exactly have the right to access the state secrets and classified information of foreign states. It is clear that these (cyber security) persons now will also need the access, but precise number we will not disclose.” said KAPO spokesman Harrys Puusepp.

“The need to access state secrets is always derived from the particular job description, it is not granted for fun. The employer’s primary responsibility is to protect state secrets, and now he will also have a sufficient possibility to do that. The amendments to the Act will certainly help to do that.” added Puusepp.

According to Interior Ministry spokesperson Toomas Viksi the amendments of the Act primarily concerns employees of Estonian Information System Authority (EISA).

The head of EISA PR department, Rauno Veri said that today EISA staff already have the necessary clearance thus the amendment will not raise the number of people eligible to access the state secrets.

In mid-December the government passed a draft making an obligation for officials having access to state secrets to inform about their private trips abroad. The list of countries will be established by the Ministry of the Interior. Viks noted that the obligation to notify will not apply to European Union, the Schengen Agreement and NATO member countries.

Additions to the current version of the State Secrets And Classified Information Of Foreign States Act:

Paragraph 10  [list of State Secret subcategories] is amended by clause 9 as below:
EISA risk assessments, monitoring data, information gathered during supervisory actions about critical vulnerabilities in information systems; to the extent that such information contains technical data on the critical vulnerabilities of the information systems of: constitutional institutions, government agencies and their subordinated institutions; vital service providers, international organizations which security is provided by Estonia; and, if the revelation of such information to the irrelevant parties could raise the risk of a security incident in these fields, except such information, which, if revealed, will not endanger the security of the Estonian Republic; such information will be classified up to 10 years on “restricted” level.

Links:
http://www.postimees.ee/3035403/riigisaladuse-loaga-ametnike-arv-jaab-saladuseks
http://www.riigikogu.ee/?op=ems&page=eelnou&eid=12261279-a8d0-4246-be4a-8c9c0405b3e1&