No. 42



Technological Innovations and Protection of Personal Data

09 December 2020


RiTo No. 42, 2020

The development of technology and innovation usually go hand in hand. If we want both the government and the private sector to provide better services to the public, it is necessary to find good and safe solutions for data processing.

In the course of data processing, the question of how well the private lives of people are protected inevitably arises. A simple example of data processing is the verification process of the right to be carried in public transport, the purpose of which is to ascertain the existence of the right to be carried. Such a service can work when it is possible to exchange data between parties, and often it takes place in information systems unnoticeably for people. Data-based innovation can create new opportunities in health care and also across sectors. Both in Estonia and at the European Union level, attention is paid to more effective use of data by trying to find better data processing practices, and balance between the use of data and respect for privacy.

Assistance for persons with complicated care needs coordinated between social and health care sectors, which was tested in 2018–2019 within the framework of the InterRai Project, is a good point of use of data fusion. On the basis of the experience acquired from the project, the planned environment of assessment instruments could collect the questionnaires prepared by specialists, use the results of assessments and compare them. The results would give support to service providers in deciding which service or assistance the person needed the most. Another example is the decision support instrument introduced at the beginning of 2020. By fusing the data from the health professionals and the national data base, it enables to provide better treatment recommendations and instructions to patients. The next step from here is using the gene data in health care, which would allow to use all health and gene data of a patient together. In this way, there will be more possibilities for offering a new kind of approach for prevention and treatment of diseases, taking into account the individual differences of people. Such an innovative approach should also be accompanied by a legal space, so that it could be verified how and to what extent the data need to be processed in order to obtain the best result. Although Estonia has been quite progressive in this regard, the transparency of processing has to be improved in processing the increasing amount of data.

As mentioned above, both Estonia and the European Union are striving for innovation that is supported by re-use (secondary use) of data. Secondary using of data is allowed on certain conditions by the General Data Protection Regulation and the Personal Data Protection Act. However, it involves fundamental issues that still need to be discussed. For example, the arguments on when the data can be regarded as identifying a person or whether there are anonymous data at all. Modern technologies enable totally new type of data processing, where a person is not identified, so that there will be no risk of breach of privacy and no need for implementing complicated data protection regulations. Technology makes it possible to process even more data, and at the same time create better technologies for the protection of privacy. How to implement it in Estonia in the future in the least intrusive way has to be discussed in regard to secondary use of data.