Docd7a7

[ eGovernment in Estonia ]

2004..................................................

In May 2004, the Estonian Government adopts a new Information Society policy called Principles of the Estonian Information Policy 2004-2006. It maintains most of the principles defined in the 1998 strategy while aiming to align national actions with EU priorities, in particular the objectives set out in the eEurope 2005 Action Plan. An Information Policy Action Plan for 2005 is also adopted.

2003..................................................

In May 2003, Finland and Estonia sign an agreement to harmonise the concepts and practices between the two countries regarding digital signature, document format and exchange. The signature project, codenamed OpenXAdES, is an open initiative which promotes the 'universal digital signature'.

In March 2003, the Estonian Government launches its eGovernment portal eesti.ee. The site is intended to provide a single, one-stop umbrella for the many Government services already online, as well as for all new services being developed.

2002..................................................

In the summer of 2002, together with the United Nations Development Programme (UNDP) and the Open Society Institute (OSI), the Estonian Government establishes an E-Governance Academy (EGA) in order to enable Estonia’s neighbours to benefits from its eGovernment experience and expertise.

In January 2002, Estonia starts the introduction on national electronic ID cards. The card functions are to be used in any form of business, governmental or private communications.

November 2009

2001..................................................

In December 2001, the X-Road system (‘X-tee’ in Estonian) is launched. X-Road is a middle-tier data exchange layer enabling governmental databases to communicate.

In the summer of 2001, the Estonian Government launches an innovative eDemocracy portal, TOM (Täna Otsustan Mina – in English “Today I Make Decisions”) whose aim is to enhance citizens’ participation in the public decision-making process. This portal has now become ‘Osalusveeb’.

In February 2001, the Government approves an updated Information Policy Action Plan.

2000 and before

Launch of the eTaxBoard application in 2000. eTaxBoard enables taxpayers to file, view and correct their income tax returns online, but also to file VAT returns and submit VAT refund applications, to calculate their social tax and view their tax account balances.

The year 1998 marks the adoption of the country’s first Information Society strategy, the ‘Principles of the Estonian Information Policy‘. It is complemented by an Information Policy Action Plan.

The Government-wide backbone network EEBone is launched on the same year.

A Databases Act is adopted in 1997. It regulates the creation and maintenance of digital databases, thus creating a State register of databases.

[9]

In the course of the year 2006, with the latest strategy (2004-2006) coming to an end, the Estonian Ministry of Economic Affairs and Communications started coordinating the elaboration of a new Information Society strategy that would also take into account the objectives and priorities of the new EU-level policy framework, namely: the initiative ‘i2010: A European Information Society for growth and employment’ and the related ‘i2010 eGovernment Action Plan’. This elaboration work involved all ministries, the State Chancellery, as well as organisations representing the third sector and scientific circles.

As a result of this work, the new ‘Estonian Information Society Strategy 2013’ was approved on 30 November 2006 by the Estonian Government. It entered into force on 1 January 2007.

This strategy has been designed as a sectoral development plan, setting out the general framework, the objectives and the respective action fields for the broad use of ICT in the development of a knowledge-based society and economy in Estonia for the period 2007-2013.

Estonia’s eGovernment strategy is closely linked to two previous policy documents: ‘Principles of the Estonian Information Policy’ and ‘Principles of the Estonian Information Policy 2004-2006, respectively approved by the Government in May 1998 and during the spring of 2004.

Principles of the Estonian Information

Society Strategy 2013.........................

Even though most of the principles underpinning the first Information Society strategies maintained their topicality, the fast development of technology called for several shifts of emphasis. These changes were taken into account into the new principles of the current Estonian Information Society strategy. These principles include the following:

The development of the Information Society in Estonia is a strategic choice and the public sector leads the way in pursuing its principles;

The Information Society is developed in a coordinated manner, in cooperation between the public, private and third sectors;

The public sector is a smart customer, ensuring that as much freedom as possible is left for innovative solutions in public procurement;

The Information Society is created for all, particular attention being paid to the integration of social groups with special needs, the regional development and the strengthening of local selfinitiative;

The consistency of the Estonian language and culture is ensured;

The development of the Information Society must not undermine people’s sense of security. The protection of basic rights, personal data and identity must be ensured, and the mitigation of non-acceptable risks in information systems must be guaranteed;

The Information Society and the opportunities it brings are taken into account in the elaboration of all sectoral policies;

Trends occurring in the EU and worldwide are taken into consideration. Furthermore, as an active partner, Estonia shares its experience and learns from others;

The public sector employs the already existing technological solutions (i.e. the eID card, the data exchange layer X-Road) and avoids duplicating IT solutions;

The public sector re-organises its business processes so as to ensure a one-off collection of data from citizens, entrepreneurs and public bodies;

The public sector gives equal treatment to different hardware and software platforms and ensures interoperability of information systems by using open standards;

The collection of data and the development of ICTsolutions proceed from the principle of reusability.

Despite the achievement of considerable progress in implementing the previous strategies, the past Information Society-related activities were focused on developing the ICT infrastructure and creating systems that were required for putting into action sectoral policies.

Pursuant to the so-called “Vision”, the new Information Society strategy now aims to place more emphasis on: the development of a citizen-centric and inclusive society, a knowledge-based economy as well as a transparent and efficient Public Administration.

For each component of this “Vision”, actions and measures are being taken in three fields as follows:

Action field I: Development of a

citizen-centric and inclusive society......

In the Information Society, most of the information is stored in a universal digital form. In order to ensure citizen welfare, citizens must possess the skills and have willingness to use the opportunities created by the Information Society, while benefiting from a multi-access channel to digital information that suits their needs. In line with the strategy, by 2013, 75 % of Estonian residents should be using the Internet, while household Internet penetration should amount to 70 %. Moreover, by 2010, all public sector websites should comply with the Web Accessibility Initiative (WAI) criteria. To such end, the following actions are foreseen:

Broadening technological access to digital information:

Developing data communications networks in areas of market failure and ensuring their

commercialisation, so as to make high-quality services available throughout Estonia;

Ensuring favourable environments for the development of new telecommunication technologies and technological convergence, including the take-up of digital TV, with the aim to guarantee the smooth launch of new telecommunications-based services while providing services of similar quality, regardless of the solutions used for their transmission;

Bringing public sector websites into compliance with WAI quality criteria, so as to ensure their accessibility for all, including people with special needs;

Further developing the State portal www.eesti.ee by making available all public services on the “virtual office”.

Improving skills and widening possibilities for participation:

Continuous upgrading of knowledge and skills of all members of society in order to ensure their ability to cope with the Information Society;

Developing and promoting Internet-based learning environments (eLearning);

Raising public awareness of the Information Society by informing the population on Internetbased services, as well as on Information Society opportunities and threats;

Digitisation and digital preservation of cultural heritage, making it available via the Internet for citizens, and integrating it with eLearning environments;

Widening opportunities for participation in decisionmaking processes (eDemocracy), by developing Internet-based environments for participation while continuing to use eVoting.

Action Field II: Development of a

knowledge-based economy.................

The strategy foresees that by 2013, the productivity per employee in Estonian enterprises will account for 75 % of the EU average and that the share of ICT

[11]

November 2009

enterprises in the national GDP will amount to 15 %. To reach this objective, the following measures will be taken:

Promotion of ICT uptake by enterprises:

Supporting the ICT uptake and use of eBusiness through business and innovation support measures;

Re-organisation of general, vocational and higher education, so as to ensure the conformity of labour skills with the requirements of the knowledge-based economy;

Developing a common service space for the public, private and third sectors in order to facilitate mutual communication;

Widening the opportunities for the re-use of public sector information by the private and third sectors;

Ensuring a favourable environment for the development of eBusiness by reviewing relevant legislation, including that on privacy, consumer protection and information security-related aspects.

Increasing the competitiveness of the Estonian ICT sector:

Bringing IT education in accordance with the requirements of the ICT sector;

Supporting the internationalisation of the Estonian ICT sector;

Facilitating the development of high-quality and innovative Information Society and media services while settling intellectual property-related issues;

Elaboration and implementation of principles concerning the outsourcing of services necessary for the functioning of the State information system;

Increasing the role of the Estonian ICT sector in the development of the country’s defensive capacity.

[12]

[ eGovernment in Estonia ]

Action field III: Development of a citizen-centric, transparent and efficient Public Administration..............

In line with this objective, the Administration should function efficiently while collecting, using and managing data necessary for the provision of public goods in a common and systematic manner. Public sector processes must be transparent and easy to understand. In addition, public services for citizens and businesses must be fully available electronically, widely used and structured around users’ needs. By 2013, the strategy sets the objective of 80 % of citizen satisfaction and 95 % of business satisfaction with regard to the use of public sector eServices. In this light, the following measures will be taken:

Improving the efficiency of the public sector:

Transforming the public sector’s business processes in order to make better use of advantages and possibilities of the application of ICT, e.g. full eArchiving of public sector documents;

Increasing the efficiency of policy formulation through better use of data and increased research on the impact and challenges of the Information Society.

Provision of user-friendly public eServices:

Integration of the public, private and third sectors into a one service space to improve the quality of service provision in the public sector. Citizens shall be able to make use of a common secure service space (based on the “single window” principle) allowing them to use public services and communicate in a single environment with the State, businesses and other citizens;

Identification, development, launch and active implementation of high impact services

(eProcurement, eInvoicing, etc);

Developing public eServices in different fields of life for citizens, businesses and public sector Agencies. Relevant information systems will be developed and implemented in order to increase the efficiency of service provision through ICT. This notably entails making health and social services available independently from one’s location;

[ eGovernment in Estonia ]

Opening up Estonian eServices to citizens of other countries, especially those from the EU Member States.

Implementation Plan of the Estonian

Information Society Strategy...............

The Implementation Plan of the Estonian Information Society Strategy specifies priorities in the shortterm perspective, proceeding from the objectives of the strategy and considering the current situation.

An implementation plan covering a two-year perspective is drawn up annually throughout the period covered by the Information Society strategy. It defines priorities and establishes indicators against which the efficiency of prioritised activities or projects will be measured. In addition, this plan gives an overview of the most significant activities, with costs estimates for its time duration. Actual budgets for specific activities or projects are clearly determined during the budgetary process, or in the course of the EU Structural Funds application process.

The activities described in the implementation plan are grouped according to the action fields set out in the Information Society strategy.

The Government of the Republic approved in January 2009 the Implementation Plan 2009-2010 of the Estonian Information Society Strategy. The priorities of this implementation plan are the following:

Improving skills of and widening opportunities for participation;

Development of eBusiness environment;

Transition to digital management of business;

Development of public e-services, including information services;

Large-scale take-up of eID;

Increasing the interoperability of the state information system;

Raising the quality of statistical analysis through improved use of data in the state information system.

November 2009

Over the years 2009-2010, Estonia is going to allocate around 650 million kroons (approx. €40.625 million) for the development of the information society.

In 2008, the Ministry of Internal Affairs elaborated a development plan called “Information society strategy for local governments 2008-2011” and “Implementation plan 2008-2009 of the information society strategy for local governments” (neither of them are currently available in English). The documents set out objectives for the development of the information society and for improving the availability of public services in local governments.

The aims of the “Information Society Strategy for Local Governments 2008-2011” are the following:

Introduction of electronic public administration in all local governments;

Development of Internet-based tools for the involvement of citizens in the organisation of local life in all local governments;

Ensuring that all local government officials are aware of ICT possibilities;

Development of preconditions for the use of e- services in all local governments;

Establishment of development organisations for the co-ordination of information society development in counties.

The Implementation Plan of the Estonian

Information Society Strategy for the years 2007 and 2008 had set out the following priorities:

Improving the IT knowledge, skills and opportunities of all members of society in order to help them to reap the benefits of the Information Society;

Development of the electronic business environment;

Transition to the paperless management of business in the Public Administration;

Further development of public services, including notification services;

Ensuring the security of the electronic environment and promoting the wide take-up of the eID.

In compliance with the State Budget Strategy and according to the estimated calculations, 290-320 million kroons (approx. €18.5-20.5 million) per year or 2.13 billion kroons (approx. €136 million) altogether were planned be spent on the development of the Information Society over the 2007-2013 period.

The new, updated Implementation Plan for the period 2008-2009 was approved on 5 June 2008 by the Estonian Government. Published by the Department of State Information Systems (RISO), it reiterates the priorities set out in the previous Implementation Plan 2007-2008. Over the years 20082009, Estonia is going to allocate 585.3 million kroons (approximately €37.41 million) in the development of the Information Society. In order to find the necessary projects for achieving the goals set out in the Implementation Plan, the Estonian Informatics Centre (RIA) announces open call measures.

Information Security Policy..................

In November 2005, Estonia launched a nation-wide

Information Security Policy that specifies and coordinates the upcoming eSecurity-related initiatives.

[14]

The new policy notably aims to create a secure ‘eEnvironment’ for business and consumers.

The main goal of the Estonian Information Security Policy is to found a secure, security-aware, internationally cooperating and enabling Estonian Information Society.

Specific goals include the elimination of nonacceptable risks, the defence of basic human rights, information security awareness and training, participation in international eSecurity-related initiatives, as well as the competitiveness of the economy.

Secure eGovernment must be based on appropriate legislation, standards, and procedures, such as security requirements for databases, services, and State procurement. Regulations in this field are coordinated by the Ministry of Economic Affairs and Communications, together with the Ministry of Internal Affairs.

eGovernment Legislation.....................

There is currently no overall eGovernment legislation in Estonia.

Freedom of Information Legislation......

Public Information Act

The first version of the Public Information Act (PIA) was approved in November 2000 and took effect in January 2001. A newly revised, updated Public Information Act was passed by Parliament in December 2007 and entered into force on 1 January 2008 (note: this new version has not been made available in English yet).

The Act covers State and Local Agencies, legal persons in public law and private entities that are conducting public duties including educational, health care, social or other public services. Any person may make a request for information and the holder of information must respond within five working days. Requests for information are registered. Fees may be waived, if information is requested for research purposes.

This Act also includes significant provisions on electronic access and disclosure. Government Departments must maintain document registers. National and Local Government

Departments and other holders of public information have the duty to maintain websites and post an extensive list of information on the Web, including statistics on crime and economics; enabling statutes and structural units of Agencies; job descriptions of officials, their addresses, qualifications and salary rates; information relating to health or safety; budgets and draft budgets; information on the state of the environment; and draft acts, regulations and plans including explanatory memorandum. These entities are also required to ensure that the information is not “outdated, inaccurate or misleading.” In addition,

email requests must be treated as official requests for information. The Act is enforced by the Data Protection Inspectorate.

Since 1 January 2008, the Act has been also regulating the field of the former Databases Act (in force from 1997 to 2007); it thus sets out the general principles for the creation and maintenance of databases, as well as the monitoring of databases management.

The Act allows making the databases of the State information system service-oriented, creating a data exchange environment containing information about the existing information systems and databases, and monitoring data flows between information systems. Pursuant to the Act, information system managers are obliged to register their databases and information systems in a support system for the State information system (RIHA) and ensure that the related metadata are up-to-date.

Data Protection/Privacy Legislation......

Personal Data Protection Act

The Personal Data Protection Act (PDPA) was passed by Parliament in June 1996 and entered into force on 19 July 1996. The Act was amended in 2003 to be made fully compliant with the EU Data Protection Directive 95/46/EC. The PDPA’s lastly amended version came into force on 1 January 2008 (note: this new version has not been made available in English yet).

The Act protects the fundamental rights and freedoms of persons with respect to the processing of their personal data, in accordance with the right of individuals to obtain freely any information that is disseminated for public use.

The 2008 version of the Act has introduced several changes. First, the previous classification of personal data into three groups (non-sensitive personal data,

November 2009

private personal data and sensitive personal data) has been replaced by two data categories: (1) “personal data” and (2) “sensitive personal data”, the latter being the sub-class under special protection.

Processed personal data are protected by organisational and technical measures that must be documented. Chief processors (i.e. controllers) must register the processing of sensitive personal data with the Data Protection Inspectorate, the data protection supervision authority. The PDPA also allows individuals to obtain and correct records containing their personal information held by public and private bodies.

In addition, the previous list of “private personal data” has been transferred to the new Public Information Act and stipulated as a single ground for establishing restrictions on access to public information. For clarity purposes, the definition of “personal data” has been specified in the new PDPA Act, stating that the protection of personal data shall extend to all forms of data, including audio and graphic data, as well as biometric data.

Moreover, the new PDPA Act extends all general principles applying to the processing of personal data to the processing of the personal identification code (the unique number assigned to every Estonian citizen and resident). Lastly, the new Act contains a new definition relating to the “person liable for the protection of personal data” while regulating the processing of personal data for research and statistics purposes.

eCommerce Legislation.......................

Information Society Services Act

The Information Society Services Act was passed on 14 April 2004 and entered into force on 1 May 2004. It implements EU Directive 2000/31/EC on certain legal aspects of Information Society services, in particular electronic commerce, in the Internal Market. It establishes the requirements pertaining to Information Society service providers, as well as the organisation of supervision and liability in the case of violation of these requirements.

[16]

[ eGovernment in Estonia ]

eCommunications Legislation...............

Electronic Communications Act

The Electronic Communications Act was passed on 8 December 2004 and entered into force on 1 January 2005 in order to implement the EU Regulatory Framework for Electronic Communications.

The purpose of this Act is to create the necessary conditions to promote the development of electronic communications networks and communications services while ensuring the protection of the interests of users of such services. The Act provides requirements for: publicly available electronic communications networks and communications services; radio-communication; management of radio frequencies and numbering; apparatus and State supervision over the compliance with the requirements.

Following the recommendation of the European Commission inviting Member States to complete the transition to digital television broadcasting by 2012 at the latest, Estonia started the transition process in January 2006. The necessary measures have been adopted by the Government and the legislative process is currently under way.

eSignatures Legislation.......................

Digital Signature Act

Approved on 8 March 2000, the Digital Signatures Act (DSA) entered into force on 15 December 2000. It grants similar legal value to digital and handwritten signatures while setting an obligation for all public institutions to accept digitally signed documents.

In the summer of 2006, a working group was formed under the Ministry of Interior in order to investigate and work out proposals for amending the DSA. Two major issues were identified and included in the draft DSA Act:

A clear reference to a Secure SignatureCreation Device (SSCD), as required in the EU Directive 1999/93/EC on a Community framework for electronic signatures. The aim of the SSCD is to

[ eGovernment in Estonia ]

ensure the functionality of advanced electronic signatures;

Provisions on the use of digital stamps: Digital signatures based on certificates issued to a company shall be regulated, as this technological solution already exists. Those signatures are called “digital stamps” in order to distinguish between the ‘real’ electronic signatures and the automatically created ones. Thus, a digital stamp should enable the determination of the time at which the stamp is given and the person who has given it, and link the digital stamp to data in such a manner that any subsequent change in the data or in the meaning is thereof detectable. In addition, the draft DSA Act includes a principle according to which the system has to allow for the identification of the application principles followed.

eProcurement Legislation....................

Public Procurement Act

A new Public Procurement Act came into force in May 2007, thus transposing the EU Directives on public procurement (2004/17/EC and 2004/18/EC). It includes legal provisions enabling the further development of eProcurement (eAuctions, Dynamic Purchasing System, eCatalogues etc.) so as to give better opportunities for taking forward a fully electronic Procurement tendering process.

It is worth mentioning that the previous version of the Public Procurement Act (October 2000) had already established rules for the eNotification of public tenders through the country’s Public Procurement State Register.

November 2009

Re-use of Public Sector Information

(PSI)..................................................

Public Information Act

The Public Information Act covers the provisions of the

EU Directive 2003/98/EC on the re-use of public sector information (PSI). Estonia has thus notified full transposition of the PSI-directive.

eHealth Legislation........................

Health Services Organisation Act and Associated

Acts Amendment Act

On 20 December 2007, the Parliament ratified the Amendment Act establishing the legal basis for implementing the eHealth projects, such as the Electronic Health Record, Digital Image, Digital Registration and Digital Prescription. The goal of the new Act is to unify all information systems created for the needs of specific health care organisations into one central Health Information System.

The concept of eHealth is to create a basis to enable the electronic processing of different medical documents. Paper documents will be gradually replaced by digital documents. The diagnostic systems and medical equipment will be interfaced with the information systems that allow processing information faster while using modern methods of telemedicine.

The aim is to enhance the protection of public health and patients’ interests by increasing the availability and security of data. By laying down the general principles for the management of health information, the Amendment Act has set the grounds for the maintenance of medical registers.

The Amendment Act entered into force on 1 September 2008. The gradual digitisation of medical documents will continue until 2013 – the official deadline for the implementation of eHealth in Estonia.

[17]

National eGovernment........................

Policy/Strategy

Ministry of Economic Affairs and

Communications

The Ministry of Economic Affairs and Communications holds political responsibility for the development and implementation of the State information policy. The Ministry’s Department of State Information Systems (RISO) plays a major role in the elaboration and implementation of this policy and the related ones.

Coordination

Department of State Information Systems (RISO)

The Department of State Information Systems, part of the Ministry of Economic Affairs and Communications, is responsible for the coordination of State information systems, as well as the development and implementation of State IT strategies.

Estonia is a rather decentralised country concerning the development of information systems, which mostly falls under the responsibility of IT managers in ministries, county Governments, boards and

inspectorates. The central coordination deals with strategic planning, setting priorities and ensuring financing for these, creating cooperation networks while ensuring their functionality, drafting IT legislation, as well as elaborating IT standards.

Estonian Informatics Centre (RIA)

The Estonian Informatics Centre, which is a subdivision of the Ministry of Economic Affairs and Communications, is the supporting Agency for the development of common information systems in the Estonian Administration. It develops, coordinates, implements and operates the main components of Estonia’s national eGovernment infrastructure, including the State portal www.eesti.ee, the middleware system X-Road, the Government backbone network EEBone, the administration system of the State information system (RIHA) and the electronic document exchange centre (DEC).

Estonian Informatics Council

The Estonian Informatics Council is an advisory committee for the Government of Estonia. Made up of experts, it is the body in charge of implementing the general coordination of the State information policy.

Implementation

Department of State Information Systems (RISO)

The Department of State Information Systems, part of the Ministry of Economic Affairs and Communications, is responsible for the coordination of State information systems, as well as the development and implementation of State IT strategies at central level.

Estonian Informatics Centre (RIA)

RIA develops, coordinates, implements and operates the main components of Estonia’s national eGovernment infrastructure, including the State portal www.eesti.ee, the middleware system X-Road, the