Text size:

Security Authorities Act

Content

Security Authorities Act - content
Issuer:Riigikogu
Type:act
In force from:05.06.2020
In force until:30.06.2022
Translation published:03.06.2020

Security Authorities Act

Passed 20.12.2000
RT I 2001, 7, 17
Entry into force 01.03.2001

Amended by the following legal instruments (show)

PassedPublishedEntry into force
05.02.2001RT I 2001, 100, 64306.01.2002
19.06.2002RT I 2002, 61, 37501.08.2002
12.02.2003RT I 2003, 23, 14701.04.2003
18.12.2003RT I 2003, 90, 60101.01.2008
19.05.2004RT I 2004, 46, 33201.01.2005
08.12.2004RT I 2004, 87, 59301.01.2005
18.05.2005RT I 2005, 32, 23619.06.2005
11.10.2006RT I 2006, 48, 35718.11.2006
25.01.2007RT I 2007, 16, 7701.01.2008
19.12.2007RT I 2008, 3, 2128.01.2008
19.06.2008RT I 2008, 35, 21301.01.2009
11.11.2009RT I 2009, 57, 38101.01.2010
26.11.2009RT I 2009, 62, 40501.01.2010
27.01.2011RT I, 17.02.2011, 201.01.2012
17.02.2011RT I, 21.03.2011, 201.01.2012 Repealed [RT I, 29.06.2012, 2]
08.12.2011RT I, 22.12.2011, 323.12.2011 Repealed [RT I, 29.06.2012, 2]
06.06.2012RT I, 29.06.2012, 209.07.2012, partially 01.01.2013
13.06.2012RT I, 06.07.2012, 101.04.2013
14.03.2013RT I, 26.03.2013, 201.04.2013
19.02.2014RT I, 13.03.2014, 401.07.2014
19.06.2014RT I, 29.06.2014, 10901.07.2014, titles of ministers replaced on the basis of § 107³ (4) of the Government of the Republic Act.
19.11.2014RT I, 13.12.2014, 101.01.2016, date of entry into force amended 01.07.2016 [RT I, 17.12.2015, 1]
11.02.2015RT I, 12.03.2015, 101.01.2016
18.02.2015RT I, 19.03.2015, 229.03.2015, the word “kaitsevägi” (the Defence Forces) has been substituted for the word “Kaitsevägi” throughout the Act.
25.11.2015RT I, 17.12.2015, 120.12.2015
20.04.2017RT I, 05.05.2017, 101.07.2017
20.02.2019RT I, 13.03.2019, 215.03.2019
13.05.2020RT I, 26.05.2020, 105.06.2020

Chapter 1 GENERAL PROVISIONS  

§ 1.  Scope of application

 (1) This Act provides for the functions and competence of security authorities in ensuring national security and constitutional order, and the procedure for the exercise of supervision over the activities of security authorities.

 (11) This Act provides for the bases for the processing of personal data, including special categories of personal data, and the restriction of the scope of the rights of data subjects by security authorities and the procedure for the exercise of supervision over compliance with the requirements for personal data processing.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The provisions of the Administrative Procedure Act apply to administrative proceedings prescribed in this Act, taking account of the specifications provided for in this Act.
[RT I 2002, 61, 375 – entry into force 01.08.2002]

§ 2.  Objective of activity of security authorities

 (1) The objective of the activity of security authorities is to ensure national security by the continuance of constitutional order through the application of non-military means of prevention, and to collect and process information necessary for formulating the security policy and for national defence.

 (2) Achievement of the objectives specified in subsection (1) of this section shall take place in the Defence Forces pursuant to the procedure provided for in this Act unless otherwise provided by the Estonian Defence Forces Organisation Act.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 3.  Principles of activity of security authority

 (1) A security authority collects and processes information, including personal data, insofar as this is necessary for performing its functions, considering the following principles:
 1) the manner and scope of collection and processing of information and the organisational and technical safeguards applied may not excessively adversely affect the fundamental rights of a person compared to the objective pursued by the security authority;
 2) the collection and processing of information may not endanger the life or health of a person, unnecessarily endanger property or the environment or unnecessarily infringe other personal rights;
 3) information is processed and retained for as long as necessary for the performance of the security authority’s function and in accordance with the objective of the activity of the security authority;
 4) information is collected and processed in a manner which ensures its security, including protects against unauthorised or unlawful processing and accidental loss or destruction thereof or damage thereto by applying appropriate technical or organisational measures.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) A security authority shall only use measures necessary for performing its functions. In the case there are several possible measures, the security authority shall use the measure which restricts the fundamental rights of persons as little as possible in connection with the performance of a function of the security authority. A measure which does not restrict the fundamental rights of an individual excessively compared to the objective pursued by the security authority may be used.

§ 4.  Combating criminal offence

  For the purposes of this Act, combating a criminal offence means prevention of a criminal offence in any lawful manner before the offence is committed.

Chapter 2 ORGANISATION AND FUNCTIONS OF SECURITY AUTHORITIES  

§ 5.  Security authorities

  The security authorities are the Estonian Internal Security Service and the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 6.  Functions of Estonian Internal Security Service

  The functions of the Estonian Internal Security Service are:
 1) prevention and combating of changing the constitutional order or territorial integrity of the state by force, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 2) prevention and combating of intelligence activities directed against the state, including protection of state secrets and classified information of foreign states in the cases and pursuant to the procedure prescribed in the State Secrets and Classified Information of Foreign States Act (counter-intelligence), except in the cases specified in clauses 7 (1) 2) and 3) of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 21) prevention and combating of terrorism and terrorist financing and support, and collection and processing of information necessary for such purpose;
[RT I 2008, 3, 21 – entry into force 28.01.2008]
 22) prevention and combating of corruption endangering national security, and collection and processing of information necessary for such purpose;
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]
 3) combating of those criminal offences the pre-trial investigation of which is within the competence of the Estonian Internal Security Service, except in the cases specified in clauses 7 (1) 2) and 3) of this Act;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 4) pre-trial investigation of criminal offences in the cases prescribed by law.

§ 7.  Functions of Estonian Foreign Intelligence Service

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) The functions of the Estonian Foreign Intelligence Service are:
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]
 1) collection and processing of information concerning foreign states, or foreign factors or activities, which is necessary for the state in formulating the foreign, economic and national defence policy and for national defence;
 2) conduct of counter-intelligence for the protection of the foreign missions of the state and such structural units or staff of the Defence Forces which are outside the territory of the state;
[RT I 2008, 35, 213 – entry into force 01.01.2009]
 3) conduct of counter-intelligence for the protection of the staff of the Estonian Foreign Intelligence Service, persons recruited for co-operation, and property in the possession of the Estonian Foreign Intelligence Service;
 4) organisation and verification of INFOSEC and special communications services.
 5) [repealed – RT I 2003, 23, 147 – entry into force 01.04.2003]

 (2) In the collection of information by electronic means, the Estonian Foreign Intelligence Service shall provide professional assistance to the Estonian Internal Security Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (21) Upon conduct of military intelligence, the Estonian Foreign Intelligence Service shall provide professional assistance to the Defence Forces.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (3) In order to organise special communications services, the Estonian Foreign Intelligence Service may enter into an administrative contract with an undertaking which has, pursuant to the procedure provided for by legislation, the right to provide electronic communications services and to access a state secret classified as “top secret”.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 71.  Special communications services

  Special communications services are electronic communications services for the safe and reliable transmission of messages containing a state secret and classified information of foreign states.
[RT I, 17.02.2011, 2 – entry into force 01.01.2012]

§ 8.  Number and composition of posts in security authority

 (1) The number of posts in a security authority shall be determined by the Government of the Republic by an order.

 (2) The composition of posts in a security authority shall be established by the relevant minister or by the head of an authority authorised thereby.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

§ 9.  Organisation and harmonisation of work of security authorities

 (1) The Prime Minister and the ministers who head the ministries in whose area of government the security authorities are shall constantly co-operate with each other to organise and harmonise the work of the security authorities.

 (2) The Government of the Republic shall establish, by an order, for each year a plan regarding the obtaining and analysis of state security information. The plan regarding the obtaining and analysis of state security information shall provide for the functions set for the security authorities and the Defence Forces upon conduct of military intelligence and the list of information to be collected, in the order of relevance.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 10.  Security Committee of Government of Republic

 (1) The Security Committee of the Government of the Republic (hereinafter Security Committee) shall:
 1) coordinate the activities of the security authorities;
 2) analyse and assess the security situation in the state;
 3) determine the state’s need for security-related information;
 4) perform the functions imposed on the Security Committee by the National Defence Act and other Acts and the Government of the Republic.

 (2) The government authorities are required to give assessments of threat and other information related to the security of the state and national defence to the Security Committee, the Government of the Republic, relevant government authorities, the President of the Republic, the President of the Riigikogu and relevant committees of the Riigikogu. Where necessary, the Security Committee shall organise the communication of information related to national defence to the persons and authorities specified in this subsection.

 (3) The composition of the Security Committee shall be determined and the statutes thereof shall be established on the basis of the National Defence Act.
[RT I, 12.03.2015, 1 - entry into force 01.01.2016]

§ 11.  Co-operation between security authorities

 (1) The security authorities shall co-operate with each other through mutual assistance and exchange of information.

 (2) Exchange of information between the security authorities shall take place on the basis of the plan regarding the obtaining and analysis of state security information.
[RT I 2008, 35, 213 – entry into force 01.01.2009]

§ 111.  Possession of state assets

 (1) In the state immovable property register specified in subsection 95 (1) of the State Assets Act shall not be entered information specified in subsection (2) of the same section concerning immovable property in the possession of the security authorities, or it shall be entered using shadow information.
[RT I 2009, 57, 381 – entry into force 01.01.2010]

 (2) A separate register which has been established by and the statutes on the maintenance of which shall be established by the Government of the Republic shall be maintained concerning state assets in the possession of the security authorities.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

Chapter 3 SERVICE IN SECURITY AUTHORITY  

§ 12.  Specifications concerning service in security authority

 (1) The Civil Service Act applies to an official of a security authority with the specifications arising from this Act. The Employment Contracts Act applies to an employee of a security authority with the specifications arising from this Act.

 (11) The provisions of § 41 of the Civil Service Act governing rest time do not apply to an official of a security authority if such a specification is included in the official’s job description and working does not harm the health or safety of the official.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) The Police and Border Guard Act applies to a police officer of the Estonian Internal Security Service with the specifications arising from this Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (21) When an active serviceman is referred to a security authority, the term provided for in subsection 119 (21) of the Military Service Act is applied.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A probationary period of four months up to one year shall be applied to an official of a security authority upon his or her first appointment to office.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

 (4) Sections 17–19 of this Act do not apply to a police officer of the Estonian Internal Security Service.
[RT I, 26.03.2013, 2 – entry into force 01.04.2013]

§ 13.  Specifications concerning service in Government Office

  Specifications provided for an official of a security authority apply to an official of the Government Office whose function is to co-ordinate the work of the security authorities.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 14.  Employment in service

 (1) A citizen of the Republic of Estonia who has at least secondary education and full active legal capacity, and who is proficient in Estonian to the extent provided by law or on the basis of law may be employed in service or employed as an official and an employee of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (2) It is prohibited to employ in service and employ in a security authority a person:
 1) who receives a pension, remuneration or other regular compensation from a state which is not a state within the European Economic Area or Switzerland or which does not belong to the North Atlantic Treaty Organisation;
 2) who lacks a Personnel Security Clearance for access to a state secret of a required level or a Personnel Security Clearance Certificate for access to classified information of a foreign state of a required level if this is a prerequisite for working in a position of an official or of an employee.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

 (3) An official of a security authority may be appointed to a position without competition.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 15.  Appointment of head of security authority to position

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]
The Government of the Republic shall appoint a head of a security authority to office for a period of five years at the proposal of the relevant minister, after having heard the opinion of the Security Authorities Surveillance Committee of the Riigikogu. The head of a security authority shall not be appointed to office for more than two consecutive terms.

§ 151.  Release of official of security authority from service when official is appointed to position in or employed by another authority or organisation

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) An official of a security authority, except for an active serviceman referred to a security authority, may, with his or her consent, be released and appointed to a position in or employed by another authority, authority governed by a government authority, legal person governed by public law, international organisation, or a position or employment established in the framework of international co-operation for up to three consecutive years. With the consent of the official of the security authority the term may be extended once by up to three years upon the expiry of the term.

 (2) Upon the expiry of the term provided for in subsection (1) of this section, the official of the security authority shall be appointed back to the same position or another position of the same official rank. If no such positions are vacant, the official of the security authority may, with his or her consent, be appointed to another position or an employment contract may be concluded with him or her.

 (3) An official of a security authority appointed to a position or employed as an employee by another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position established in the framework of international co-operation on the basis and for the period of time provided for in subsection (1) of this section shall be paid wages or remuneration which shall not be less than his or her wages as an official of the security authority.

 (4) The period of service in another authority, authority governed by a government authority, legal person governed by public law, international organisation or a position or employment established in the framework of international co-operation shall be included in the period of service in the position which the official had before appointment to or employment by another authority or organisation.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 152.  Identifications of officials of security authorities and badges of office of police officers

 (1) The description and the format of the identifications of officials of security authorities and the badges of office of police officers shall be established by a regulation of the minister responsible for the field governed by the Ministry of the Interior or the Ministry of Defence.

 (2) A list of positions in which police officers are issued with a badge of office shall be established by a decree of the head of the relevant security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 16.  Wages

  [RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (1) The basic wages or the range of the basic wages of officials of the Estonian Internal Security Service and the bases for increasing the basic wages are established by a regulation of the minister responsible for the field.

 (2) The basic wages of officials of the Estonian Internal Security Service and the degree of wages of police officers are increased by 10–50% for the performance of duties relating to security.

 (3) The officials and police officers specified in subsection (2) of this section shall not be paid additional remuneration for working overtime, nor for working at night-time or on a public holiday.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) The wage system of those officials of the Estonian Foreign Intelligence Service who are not in the police service or active service is governed by the Civil Service Act with the specifications provided for by this Act.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 17.  Compensation in case official of security authority falls ill or suffers bodily injury

  [Repealed - RT I, 13.12.2014, 1 - entry into force 01.07.2016 (entry into force amended - RT I, 17.12.2015, 1)]

§ 18.  Compensation for proprietary damage

 (1) Direct proprietary damage caused to an official of a security authority or his or her family members in the course of performance of his or her functions shall be compensated for by the state.

 (2) The limits of and the procedure for compensation for proprietary damage shall be established by the Government of the Republic by a regulation.

§ 19.  Medical examination of official of security authority

 (1) The bases and frequency of and the procedure for the performance of medical examinations of an official of a security authority at the expense of the state shall be established by the Government of the Republic by a regulation.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) Subsection (1) of this section does not apply to medical examinations prescribed on the basis of another Act.

§ 20.  Restrictions imposed on official and employee of security authority

 (1) An official and an employee of a security authority may not:
 1) work for another employer, except with the written consent of the head of the authority;
 2) participate in a strike;
 3) be a member of a political party.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 201.  Additional holiday of official of security authority

  If justified, an official of a security authority may be granted paid additional holiday up to ten calendar days a year. A claim for such an additional holiday expires after one year as of the end of the service year for which the additional holiday is calculated. Additional days of holiday which have not been used and which have not expired are not compensated for in money upon release from service.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 202.  Storage of information concerning official and employee of security authority

  A security authority need not present information to the database specified in section 106 of the Civil Service Act. A security authority shall ensure the storage of information specified in subsection 106 (3) of the Civil Service Act concerning its officials and employees.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

§ 203.  Incentive

 (1) Incentives applied to an official and an employee of a security authority for long-time impeccable work or for outstanding performance of duties of employment are:
 1) expression of thanks;
 2) grant of a service medal;
 3) grant of a monetary award;
 4) grant of a valuable gift;
 5) grant of an inscribed cut-and-thrust weapon or firearm.

 (2) Several incentives may be applied concurrently.

 (3) The right to apply an incentive is vested in the head of a security authority and the relevant minister. The right to apply the incentive specified in clauses (1) 2) and 5) of this section is vested only in the relevant minister or the Director General of the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (4) The description of the service medal and the procedure for the grant and wearing thereof shall be established by the relevant minister by a regulation.

 (5) For outstanding services, the incentives provided for in clauses (1) 1), 2), 4) and 5) of this section may also be applied to such persons who are not officials or employees of a security authority.
[RT I, 06.07.2012, 1 – entry into force 01.04.2013]

Chapter 4 POWERS OF SECURITY AUTHORITY  

§ 21.  Powers of Estonian Internal Security Service

 (1) Chapter 22 of the Police and Border Guard Act applies to the activity of the Estonian Internal Security Service with the specifications arising from this Act.

 (2) A police officer of the Estonian Internal Security Service has, in the performance of his or her duties, the right to apply a state supervision measure and direct coercion on the bases and pursuant to the procedure provided for in the Law Enforcement Act. Upon the exercise of state supervision the restrictions on the rights of data subjects provided for in subsection 211 (3) of this Act may be applied.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (3) In applying that arising from the Police and Border Guard Act, the Director General of the Estonian Internal Security Service shall fulfil, in deciding over a measure and actions related thereto and in applying Chapter 22 of the Police and Border Guard Act, the duties of the Director General of the Police and Border Guard Board.
[RT I, 29.06.2012, 2 – entry into force 01.01.2013]

§ 211.  Collection and processing of information and restrictions on rights of data subjects

 (1) For the performance of its functions or ensuring the performance thereof, a security authority may collect and process, among others, the following information:
 1) personal data;
 2) special categories of personal data;
 3) data rendered anonymous;
 4) data addressed to the public and available from public sources.

 (2) Information shall be collected and processed directly by a security authority or an authority authorised for such purpose or a person recruited for co-operation.

 (3) Upon collecting and processing information, a security authority may restrict the rights of data subjects, including the right to:
 1) be informed of the processing of their personal data, whether or not by automated means, including which personal data is processed and the purpose and scope of and legal basis and reason for processing;
 2) be informed of the recipients of their personal data and the categories of personal data disclosed and information concerning whether their personal data is transferred to a foreign state or an international organisation;
 3) be informed of the period of retention of their personal data or the criteria for determining such a period;
 4) be informed of the technical and organisational safeguards for the processing of their personal data;
 5) access personal data collected and processed;
 6) request that the processing of their personal data be restricted;
 7) request that their personal data be transferred;
 8) object to the processing of their personal data;
 9) be informed of any violations relating to their personal data.

 (4) Under subsection (3) of this section the rights of data subjects may be restricted if not restricting may:
 1) adversely affect the performance of the functions of a security authority;
 2) prevent the combating of a criminal offence;
 3) adversely affect the rights and freedoms of data subjects or other persons.

 (5) A security authority may process collected information for the performance of a function provided for in this Act or in another Act or for ensuring such performance. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, personal data obtained from a foreign state or an international organisation may be processed.

 (6) A security authority shall retain information collected under this or another Act for as long as necessary for the performance of its functions provided for in this Act or until the need for further processing cannot be excluded.

 (7) That provided for in this section may be applied by a security authority to the processing of personal data in the course of exercise of state supervision and to the employment of an official in service and employment of an employee of the security authority and during service or employment.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 22.  Provision of assistance to security authority

 (1) State and local government authorities and officials as well as legal persons in public law shall, within the limits of their competence, provide assistance to a security authority in the performance of its functions. The expenses incurred by a local government authority or legal person in public law in the provision of such assistance shall be covered from the state budget.

 (2) In the case of a direct threat to national security, a security authority may demand a private individual to provide assistance necessary for the performance of the functions of the security authority unless other means are available.

 (3) The procedure for compensation for the expenses arising from the provision of the assistance provided for in subsection (2) of this section shall be established by the Government of the Republic by a regulation.

§ 23.  Shadow information and covert measures

  [RT I, 05.05.2017, 1 – entry into force 01.07.2017]

 (1) For the performance or ensuring the performance of its functions a security authority may use shadow information and covert measures in order to hide from the data subject the performers of the act, the target of the act and the ownership of the rights and obligations and immovable and movable used.

 (2) The transactions related to the activities specified in subsection (1) of this section are deemed to be transactions made by the security authority.

 (3) The security authority shall be responsible for the accuracy of a database entry related to the activities specified in subsection (1) of this section.

 (4) The procedure for maintaining records of the acts related to the activities specified in subsection (1) of this section shall be established by a decree of the head of the security authority.
[RT I, 05.05.2017, 1 – entry into force 01.07.2017]

§ 231.  Use of legal person in private law

 (1) A security authority may use a legal person in private law for the performance or ensuring the performance of its functions on the basis of a resolution of the head of the security authority, using shadow information or covert measures pursuant to the procedure specified in § 23 of this Act.

 (2) Every six months the head of the security authority shall submit to the relevant minister information concerning the activities of a legal person in private law specified in subsection (1) of this section.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

§ 232.  Undercover staff official and employee of security authority

 (1) A security authority may appoint on a post or recruit an undercover staff official or employee of the security authority on the basis of the resolution of the head of the security authority.

 (2) For the purposes of this Act an undercover staff official or employee of the security authority is an official or employee of the security authority whose employment or service relationship with the security authority is not known to a third person and who collects information covertly or helps to ensure that the collection of information is covert.

 (3) The personal data and employment and service relationships with the security authority of an undercover staff official or employee of the security authority shall be kept secret also after termination of the covert collection of information if the disclosure of personal data may endanger the life, health, private life or property of an undercover staff official or employee or the persons connected with them or his or her further activities as an undercover staff official or employee of the security authority.

 (4) The procedure for maintaining the records of the acts related to the activities of the undercover staff official or employee of the security authority shall be established by a decree of the head of the security authority.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

§ 24.  Manner of collection of information

  [Repealed – RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 241.  Recruitment of person to secret co-operation

 (1) A security authority has the right to recruit a person with active legal capacity to secret co-operation with his or her consent.

 (2) For the purposes of this Act, a person who has been recruited to secret co-operation is a person whose co-operation with the security authority is not known to a third person.

 (3) Covert collection of data or making an act on the assignment of the security authority is deemed to be co-operation with the security authority of a person recruited to secret co-operation, taking account of the provisions of § 23 of this Act. Being present at the act performed by the security authority is not secret co-operation.

 (4) A person who is recruited to secret co-operation is remunerated from the budget of the security authority.

 (5) A person who is recruited to secret co-operation is required to refrain from knowingly forwarding false or defamatory information and maintain the confidentiality of the co-operation with the security authority, the data which he or she has become aware of in the course of secret co-operation, as well as the means, methods and tactics used upon collection of data.

 (6) A person who is recruited to secret co-operation has the right to refuse to perform an act with regard to a person who is connected with him or her.

 (7) The procedure for recruitment of a person to secret co-operation shall be established by a decree of the head of the security authority.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

§ 242.  Compensation in case person recruited to secret co-operation gets killed, dies or work ability decreases

 (1) If a person who is recruited to secret co-operation gets killed or dies due to the performance of a task related to secret co-operation, his or her child, parent or widow(er) or a dependant for the purposes of the Family Law Act shall be paid a lump-sum benefit.

 (2) If partial or no work ability due to the performance of the task related to secret co-operation is established with regard to a person who is recruited to secret co-operation, he or she shall be paid a lump-sum benefit.

 (3) In the cases specified in subsection (1) and (2) of this section the lump-sum compensation shall be paid pursuant to the same basis and procedure which is prescribed upon payment of compensation in the cases provided for in §§ 49 and 491 of the Civil Service Act, taking account of the specifications provided for in this section..

 (4) The calculation of the compensation specified in subsection (1) and (2) of this section shall be based on:
 1) the basic wage rate corresponding to the lowest wage grade or the lowest basic wages of an official of the Estonian Internal Security Service, except the police officer, if the contract on recruitment of a person to secret co-operation has been entered into with the Estonian Internal Security Service;
 2) The lowest basic wages of an official of the Estonian Foreign Intelligence Service if the contract on recruitment of a person to secret co-operation has been entered into with the Estonian Foreign Intelligence Service.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

§ 25.  Restrictions on right to confidentiality of messages

 (1) In the cases provided for in this section, a security authority is permitted to restrict a person’s right to the confidentiality of messages sent or received by him or her by post, telegraph, telephone or other commonly used means.

 (2) A security authority may, within the limits of its competence, restrict a person’s right to the confidentiality of messages in order to combat a criminal offence if there is sufficient information to indicate that a criminal offence is being prepared or committed.

 (3) A person’s right to the confidentiality of messages is restricted by:
 1) examination of a postal item;
 2) wire-tapping, observing or recording a message or other information transmitted over an electronic communications network;
 3) wire-tapping, observing or recording information communicated by any other means.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 26.  Restrictions on right to inviolability of home, and family or private life

 (1) A security authority may restrict a person’s right to the inviolability of home, and family or private life in the cases provided for in this section.

 (2) An official of a security authority may, within his or her competence and in order to combat a criminal offence, enter or search a person’s premises, building, enclosed area, vehicle or computer system without the consent of the person on the order of the head of the security authority in order to ensure national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and if collection of information is necessary for combating the criminal offence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) A person’s right to the inviolability of home, and family or private life is restricted by:
 1) collection and processing of personal data;
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]
 2) covert surveillance;
 3) covert establishment of identity;
 4) collection of information on the fact, duration, manner and form of transmission of messages over an electronic communications network, and on the personal data and location of the sender or receiver of such messages;
 5) covert entry in the person’s premises, building, enclosed area, vehicle or computer system for the purposes of covert collection or recording of information or installation and removal of technical aids necessary for such purposes;
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]
 6) covert examination of an item and, if necessary, covert alteration of the item, damage to the item or replacement of the item.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (4) On the basis of a written agreement entered into with a security authority and within the competence of the security authority, also a person recruited for secret co-operation may restrict a person’s right to the inviolability of home, and family or private life pursuant to the procedure provided for in section 27 of this Act.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 27.  Procedure for restriction of right to confidentiality of messages and right to inviolability of home, and family or private life

 (1) In the case of a need to restrict a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 26 (3) 5) of this Act, the head of a security authority shall submit to the chairman of an administrative court or an administrative judge appointed by the chairman a reasoned written application for the corresponding permission. The application shall set out the manner of restriction of the corresponding right.

 (2) Grant, extension and revocation of a permission and declaration as justified of restriction of a person’s right to the confidentiality of messages or to the inviolability of home, and family or private life in the manner specified in clause 26 (3) 5) of this Act shall be decided without a delay and without holding a court session, pursuant to the provisions of the Code of Administrative Court Procedure concerning granting permission for administrative measure. Permission may be granted for a period of up to two months or extended for the same period at a time.

 (21) In emergencies if there is a threat to the national security or if there is sufficient information to indicate that a criminal offence is being prepared or committed and the act specified in subsection (1) of this section is necessary to combat a criminal offence and it is impossible to apply for the permission specified in subsection (2) of this section, the act may be performed with the permission of the administrative court, which is issued in a manner which can be reproduced. The head of the security authority shall submit a reasoned application which can be reproduced as a basis for the permission to the chairman of an administrative court or an administrative judge appointed by the chairman at the first opportunity but no later than on the day following the day of commencing the act. The application sets out the manner and duration of the restriction of the specified right. The chairman of an administrative court or an administrative judge appointed by the chairman shall decide on the continuation of the act with the permission specified in subsection (2) of this section.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

 (22) The permission which is issued in an emergency in a manner which can be reproduced shall include the following data:
 1) the name of the person who issued the permission:
 2) the date and time of issue of the permission;
 3) the act for performing of which the permission is issued;
 4) the name of a person with regard to whom the act is performed if it is known;
 5) the term of the permission.
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]

 (3) Restriction of a person’s right to the inviolability of home, and family or private life shall be decided by the head of a security authority or an official authorised by him or her in case of an action specified in clauses 26 (3) 2) through 4) and 6) of this Act. The decision shall be valid for the term indicated therein but for no longer than two months.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) The acts specified in clause 25 (3) 2) and in clause 26 (3) 4) of this Act shall be performed in accordance with the relevant provisions of the Electronic Communications Act.
[RT I 2004, 87, 593 –entry into force 01.01.2005]

§ 28.  Methods and means of covert collection of information

  The methods and means to be used by a security authority in covert collection of information shall be established by the relevant minister by a regulation. The regulation shall be submitted to the Security Authorities Surveillance Committee of the Riigikogu for information purposes.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 29.  Notifying persons of act

  [RT I, 26.05.2020, 1 – entry into force 05.06.2020]

 (1) A person in respect of whom an act referred to in subsection 25 (3) or clause 26 (3) 2), 5) or 6) of this Act was performed or whose fundamental rights or freedoms were significantly restricted by said act and who was identified in the course thereof shall be notified by a security authority of the time and type of the act promptly after the declassification of information collected by the act.

 (2) A security authority need not notify a person of the time and type of an act referred to in subsection (1) of this section if notification may:
 1) significantly harm another person’s rights and freedoms guaranteed by law or put another person at risk;
 2) endanger the confidentiality of the security authority’s means, methods or tactics;
 3) endanger the source of information or a person recruited to secret co-operation;
 4) harm exchange of information between security authorities or co-operation with a foreign state or an international organisation.

 (3) By a resolution of the head of the security authority which performed an act or a resolution of an official authorised thereby, a person need not be notified until the basis for not notifying of the act as provided for in subsection (2) of this section ceases to exist.

 (4) If one year has passed from the declassification of information collected by an act and the basis for not notifying of the act as provided for in subsection (2) of this section has not ceased to exist, the head of the security authority or an official authorised thereby shall decide to never notify the person, except in the event provided for in subsection (5) of this section.

 (5) If one year has passed from the declassification of information collected by an act provided for in subsection 25 (3) or clause 26 (3) 5) of this Act and the basis for not notifying of the act as provided for in subsection (2) of this section has not ceased to exist, the head of the security authority which performed the act or an official authorised thereby shall apply, no later than 15 days before the end of said time limit, to the president of the relevant administrative court or an administrative court judge designated thereby for a permission to never notify the person. Grant or refusal of permission shall be decided under the provisions of the Code of Administrative Court Procedure that govern granting permission for an administrative measure.
[RT I, 26.05.2020, 1 – entry into force 05.06.2020]

§ 30.  Storage of information

  Information collected in the manner provided for in sections 25 or 26 of this Act shall be stored in information files. A separate information file shall be opened for each individual case. The procedure for keeping and storing files shall be established by a regulation of the minister responsible for the field governed by the Ministry of the Interior or the Ministry of Defence.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 31.  Communication of information to security authority

 (1) For the performance of its functions, a security authority has the right to obtain personal data and other information from:
 1) a state authority;
 2) a local authority;
 3) a legal person in public law;
 4) a holder of office in public law;
 5) a person performing administrative duties upon the performance of public law functions;
 6) a natural person or legal person in private law.

 (2) In the case of subsection (1) of this section, the authority and person who provided information may apply the restrictions provided for in subsection 211 (3) of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 311.  Access to databases

  For the performance of their functions imposed by law, security authorities have access, free of charge, to information held in databases established on the basis of the Public Information Act.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 32.  Communication of information by security authority

 (1) Information which is received in the performance of the functions of a security authority must be communicated to another state authority if it is necessary for the performance of the functions imposed on the state authority and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (2) Information which is received in the performance of the functions of a security authority must be communicated to another state authority and to a natural or legal person if it is necessary for combating a crime of terrorism or if it is related to a threat of commission of a crime of terrorism and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (3) Information which is received in the performance of the functions of a security authority may be communicated to a company with state participation if it is necessary for the performance of its functions and it does not harm the performance of the functions of the security authority.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

 (31) Information which is received in the performance of the functions of a security authority may be transferred to another person or authority if it is necessary for the performance of the functions of the security authority. For the performance of obligations arising from an international agreement, legislation of the European Union or other laws, information which is received in the performance of the functions of the security authority may also be transferred to a foreign state or an international organisation.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (4) An authority or a person who has received information under subsections (1) through (31) of this section may apply the restrictions on the rights of data subjects provided for in subsection 211 (3) of this Act when processing information which contains personal data.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

§ 33.  Organisation of protection of communications

  The requirements for special communications services shall be established by a regulation of the minister responsible for the field. The regulation shall be submitted to the Security Authorities Surveillance Committee of the Riigikogu for information purposes.
[RT I, 19.03.2015, 2 – entry into force 29.03.2015]

§ 34.  Exchange of information with foreign state and international organisation

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 35.  Use of firearm

 (1) An official of a security authority has the right to carry a firearm and use it as a last resort if the performance of the duties of service assigned to him or her is otherwise not possible without endangering life or health, in the following cases:
 1) obstructing a criminal attack which endangers the life of another person or the life of the official of the security authority;
 2) disarming or detaining an armed person;
[RT I, 05.05.2017, 1 - entry into force 01.07.2017]
 3) combating a group or an armed attack against the official of the security authority.

 (2) A firearm may not be used:
 1) against a minor, an elderly person or a woman with obvious signs of pregnancy, except in order to combat or prevent an armed or group attack by him or her or in order to disarm him or her;
 2) in a foreign diplomatic or consular representation, or in a building, on the premises or the territory of a representation enjoying immunity on the basis of an international agreement, or against a vehicle subject to diplomatic immunity, except with the consent of the head of the corresponding representation or in the case specified by any other international agreement;
 3) in a building or on premises where an explosive substance or highly flammable or toxic substance, which upon the use of a firearm may endanger the life or health of a person, is produced or stored.

Chapter 5 SUPERVISION  

§ 36.  Security Authorities Surveillance Committee of Riigikogu

 (1) The Security Authorities Surveillance Committee of the Riigikogu is a select committee of the Riigikogu which exercises supervision over authorities of executive power in matters relating to the activities of the security authorities and surveillance agencies, including compliance with requirements for personal data processing, guarantee of fundamental rights and efficiency of the work of the security authorities and surveillance agencies, and also in matters relating to supervision exercised over the security authorities and surveillance agencies.
[RT I, 13.03.2019, 2 – entry into force 15.03.2019]

 (2) The Prime Minister and a relevant minister shall inform the Committee of the activities of the security authorities and surveillance agencies and of supervision over their activities, including submit an overview of such matters at least once in every six months.

 (3) In order to perform functions related to the work of the Committee, the Committee has the right to summon persons and require documents for examination.

 (4) The Committee shall deliberate the draft budget of a security authority concurrently with the deliberation of the draft state budget in the Riigikogu.

 (5) The Committee shall submit an overview of the activities and the results of the Committee to the Riigikogu at least once a year.

 (6) If an offence is discovered, the Committee is required to forward the relevant materials to an investigative body or the Chancellor of Justice.

 (7) The members and officials of the Committee are required to maintain the confidentiality of a state and personal secret as well as classified information of a foreign state which have come to their knowledge in the course of their work.
[RT I 2007, 16, 77 – entry into force 01.01.2008]

§ 37.  Restrictions of communication of information to the Security Authorities Surveillance Committee

  [Repealed – RT I 2007, 16, 77 – entry into force 01.01.2008]

Chapter 6 IMPLEMENTING PROVISIONS  

§ 38.  Transformation of select committee of Riigikogu formed for verification of lawfulness of activity of Estonian Internal Security Service and of surveillance activities

  The select committee formed by a resolution of the Riigikogu of 29 April 1999 for the verification of the lawfulness of the activity of the Estonian Internal Security Service and of surveillance activities shall be transformed into the Committee provided for in section 36 of this Act.

§ 39. – § 47. [Omitted from this text.]

§ 48.  Entry into force of Act

  This Act enters into force on 1 March 2001.

https://www.riigiteataja.ee/otsingu_soovitused.json