Interior Minister Taro Orders Audit of Police and Security Service Access to Personal Data

Interior Minister Igor Taro (Estonia 200) plans to conduct a thorough audit of the Police and Border Guard Board and the Security Police to determine which personal data employees can access and whether their queries comply with the law. As an initial step, the minister has ordered both agencies to review health data queries from the past year.

Interior Minister Igor Taro (Estonia 200) has decided to conduct a comprehensive audit of the Police and Border Guard Board (PPA) and the Security Police (KAPO) to determine which employees have access to personal data and whether all queries made are lawful and justified.

As a priority, Taro tasked both agencies with reviewing health data queries conducted over the past year. Health data falls within the category of particularly sensitive personal data and can only be processed with clear legal grounds.

This initiative reflects the interior ministry's commitment to ensuring that state institutions do not exceed their authority in handling citizens' private data. Personal data protection in Estonia is regulated by both national legislation and the EU General Data Protection Regulation (GDPR), which sets strict requirements for data processing.

The audit covers both the PPA and the Security Police, which are Estonia's two principal law enforcement and security agencies. The audit should provide an overview of whether existing internal control mechanisms are sufficient to prevent misuse of personal data.