The act covers national and local government agencies, and other legal entities both in public and private law, that are responsible for the delivery of public services in areas such as education, health care, social or other public services. People have the right to make inquiries, and the holders of relevant information are under obligation to reply. In addition, they are also obligated to maintain websites and post relevant information online. These entities are also required to ensure that the information is not ‘outdated, inaccurate or misleading’. Currently, this act also regulates the subject area that was previously covered by the now defunct Databases Act. From the perspective of e-governance the Public Information Act regulates:
● management of the national information system (by Information System Authority)
● data exchange layer of the information system X-Road
● security measures for other information systems
“Estonia has centralized oversight bodies, which deal with the issue of access information.”
Estonia recognizes active and passive release of information, where the obliged bodies should publish information regularly, but the passive release of information based on a request by an applicant is much more common. Similar to all other legislation, anyone can request information and it is not necessary to state reasons for the request. Reasons have to be provided only if the document has particular restrictions on access. The request for information has to be answered in a short period of 5 working days with possible extension. If the obliged body has not responded for the request or it has released a declining statement, the applicant may file an appeal to the Estonian Data Protection Inspectorate. If the applicant is not satisfied with the decision of the Inspectorate, he/she might lodge an appeal to the Estonian Data Protection Inspectorate. If the applicant is not satisfied with the decision of the Inspectorate, he/she might lodge an appeal to court.
In Estonia, there is a single body responsible for carrying out surveillance on the implementation of the Estonian Public Information Act and that is the Estonian Data Protection Inspectorate (the Inspectorate).
The Inspectorate is acting as the defender of all information rights (both privacy and transparency related). To fulfill its purpose of protecting these rights, the Inspectorate can conduct investigations, issue coercive measures such as fines and enforce proceedings without court decision.
There are sanctions in place for violating the time limit to disclose the information, making decisions in conflict with the law and quite importantly for intentional provision of false information. The Inspectorate has the right to address the breaches regarding the time limit, all other breaches as handled according to the Code of Misdemeanor Procedure. Obliged bodies can be fined of up to 1200EUR