Chamber of Commerce and Bar Association: Large database unconstitutional
The Estonian Bar Association and the Estonian Chamber of Commerce and Industry consider the amendments to the Money Laundering and Terrorist Financing Prevention Act adopted by the Riigikogu last week, in their current form, to be contrary to both the Estonian Constitution and EU law.
In an appeal to President Alar Karis, the Estonian Chamber of Commerce and Industry and the Estonian Bar Association say that due to possible contradictions, the law ought to be thoroughly reviewed before it is promulgated.
According to Mait Palts, director general of the Estonian Chamber of Commerce and Industry, the law was rushed through and important steps were missed. For example, it was not preceded by a draft proposal and not enough people and organizations were involved in the process.
"Even though the planned changes concern both individuals and companies involved in business, neither the Estonian Chamber of Commerce and Industry nor other umbrella organizations were among those involved," said Palts, adding that the rushed process was justified by referring to the need to use the resources from the European Union's recovery fund.
"That cannot be sufficient justification in a situation where the law has an impact on society as a whole," said Palts.
The lack of involvement and rushed drafting process have led to significant errors in both the content of the law and the impact assessment, according to Imbi Jürgen, chair of the Estonian Bar Association.
According to the Estonian Bar Association, the draft law lacks a proportionality analysis of the infringement of fundamental rights. It also has no data protection impact analysis and ignores the requirements of the EU regulation on artificial intelligence.
"The data processing proposed by this law allows for a more effective prevention of money laundering, but this objective alone does not justify the extremely intensive infringement of the fundamental rights of individuals or the imposition of extensive obligations on companies," Jürgen said.
Both organizations point out that the explanatory memorandum lacks a substantive analysis of whether the amendments are in line with the Estonian Constitution, including whether the objectives could be achieved through less intrusive data processing measures.
They also consider the data protection impact assessment to be inadequate, stating that, in their view, it does not meet the requirements of the EU General Data Protection Regulation (GPDR) or the EU Artificial Intelligence Act.
There is also no assessment of how the rights of data subjects to automated decision-making and to challenge automated decisions will be guaranteed, according to the appeal.
---
Follow ERR News on Facebook, Bluesky and X and never miss an update!
Editor: Barbara Oja, Michael Cole
