| Dokumendiregister | Andmekaitse Inspektsioon |
| Viit | 2.2-9/25/796-2 |
| Registreeritud | 03.04.2025 |
| Sünkroonitud | 04.04.2025 |
| Liik | Väljaminev kiri |
| Funktsioon | 2.2 Loa- ja teavitamismenetlused |
| Sari | 2.2-9 Selgitustaotlused |
| Toimik | 2.2-9/2025 |
| Juurdepääsupiirang | Avalik |
| Juurdepääsupiirang | |
| Adressaat | Danish Agency for Digital Governance |
| Saabumis/saatmisviis | Danish Agency for Digital Governance |
| Vastutaja | Liina Kroonberg (Andmekaitse Inspektsioon, Koostöö valdkond, Koolitus- ja ennetustiim) |
| Originaal | Ava uues aknas |
ERAELU KAITSE JA RIIGI LÄBIPAISTVUSE EEST
Tatari tn 39 / 10134 Tallinn / 627 4135 / [email protected] / www.aki.ee
Registrikood 70004235
Line Fensten Jørgensen
Danish Agency for Digital Governance
Yours: 12.03.2025 Ours: 03.04.2025 nr 2.2-9/25/796-2
Answer to request Estonian Data Protection Inspectorate (DPI) has received your letter where You are particularly interested in fines imposed on infringements of article 5(1) and 5(3) of the directive on privacy and electronic communications (directive 2002/58/EC). You ask how often Estonian DPI impose administrative fines, what has been the level of the fines and how are the fines calculated and if there are any differences between the issuing of fines for respectively cookies and similar technologies and breaches on the processing of electronic communications data. In European Union Member States, administrative fines have been widespread for a long time, but Estonian legal system do not have a legal concept of an administrative fine. So Estonian DPI does not impose administrative fines now. Estonian DPI conducts oversight in cases of electronic communications mostly in combination of General Data Protection Regulation (GDPR). When processing personal data, the controller shall ensure that the data processing is lawful, fair and transparent to the data subject (GDPR article 5 (1) a). It is also important that persons are not provided misleading information concerning the processing of data. The Data Protection Inspectorate has the right to issue a proposal on electronic communications with the imposition of a penalty payment each time if the submitted proposal is not responded to (for example cases about cookies etc). Penalties are not as high as in Europe, as Estonian legal framework nor society is not ready for this yet. Company's turnover must also be considered. Until we have better legal framework about acceptable penalties, the Estonian DPI has taken an approach that seeks to strongly advise and guide companies and institutions in the event of violations of data protection requirements, rather than to apply immediate punishment. Punishment is not a main goal. Rather, it is a good and necessary tool for maintaining order when a legitimate need arises and nothing but financial punishment help. Cases beyond our competence are handled by other law enforcement agencies, such as the police. I hope my explanations are helpful. Respectfully
Liina Kroonberg
lawyer
authorized by Director General
| Nimi | K.p. | Δ | Viit | Tüüp | Org | Osapooled |
|---|