"The entire regulation concerning bank confidentiality in Estonia should be reviewed comprehensively, reworked, and defined anew," Kessler told ERR Wednesday. "This review should take place from two perspectives: Does the regulation comply with the Estonian Constitution, and does it align with the needs of a modern society," he went on.

As a mainstay of Estonia's economy, banks in turn get the funds they need to operate primarily from people's deposits, the very people, he said, whose trust has been abused.

Kessler pulled no punches on what has been going on, namely revelations by the Office of the Chancellor of Justice at the start of this month that authorities accessed account holders' banking information without proper legal basis tens of thousands of times in the period of just over a year.

This is not just the banks who are culpable, but the Estonian state itself, Kessler said.

"The Financial Supervision Authority has penalized banks when they have violated bank secrecy. But now it may be the state that has broken the law. In any case, violations of banking confidentiality must be taken very seriously, to avoid people losing trust in Estonian banks due to such breaches—such as finding that their confidential bank details are being covertly and illegally collected through the enforcement register. Illegal surveillance, however, is a crime," Kessler stated.

Kessler added that using tech developments as a rationale was not satisfactory either.

"While modernity requires greater and more effective use of technology, the latter cannot become a goal in itself that strips away rights and turns the state into an 'all-seeing eye.' Even if the state's use of smart technology to restrict people's rights is legal and proportionate, it still requires strong, public, and independent oversight over the use of that technology to mitigate excesses and other risks," he continued.

Kessler recalled that the Credit Institutions Act, which defines what bank secrecy is and how access to it should be granted, has already been amended multiple times since its adoption, meaning further amendments should be straightforward.
In addition to reviewing legislation, the supervisory authority says it wants to work with banks to examine how their IT infrastructure is organized in relation to the enforcement register, the Authority's head said.

Estonia's Justice Ministry this week began restricting access to the enforcement register, which holds the data in question. Key agencies, including the Police and Border Guard Board (PPA) and the International Security Service (ISS), argue that they still require access to this data to effectively carry out criminal investigations.

--

Follow ERR News on Facebook, Bluesky and X and never miss an update!