In Estonia, it is customary to trust. Disturbingly so. We trust our state and its digital ecosystem, which for decades has been presented as a model of transparency and citizen oversight. That trust has turned into a Trojan horse, inside which law enforcement agencies march ever deeper into our fundamental rights, using our good faith as a weapon against us.

This is not a hypothetical danger but a reality revealed time and again by both the chancellor of justice and the media — yet one that somehow still fails to receive the necessary attention.

That seemingly sacred trust has recently been shaken by revelations such as the report "Andmejälgija infot näeb vaid 16 andmekogu kohta" ("The data tracker only shows information from 16 databases"). The article revealed that although the state portal presents us with a neat logbook of how our data is being handled, it is merely the tip of the iceberg. In fact, we only have access to a tiny fraction of the inquiries, while we remain completely in the dark about the dozens or even hundreds of databases and hidden registries where our data is processed without our knowledge or control.

A recent analysis by the chancellor of justice uncovered the staggering fact that the Financial Intelligence Unit (FIU), led by Matis Mäeker, had been snooping on the bank accounts of Estonian individuals and companies, ignoring the law and acting without any legal basis, by exploiting backdoors in the enforcement register.

This is not a mere technical violation but a systematic and brazen disregard for the principle of legal reservation. The agency created to fight money laundering has itself taken to breaking the law, apparently in the hope that no one would dare to ask questions — or even notice. The agency has become intoxicated by its own claims about the importance of its core mission and treats its own violations as nothing at all.

Power, more power

And why should they be afraid? As my own practice representing clients shows, FIU has managed to create such a culture of fear that even banks dare not disclose to their clients when their rights have been violated. They refuse, citing non-existent laws, but the real reason is likely fear that otherwise they themselves will become targets of FIU.

And now, imagine this: the very architect of this authoritarian culture, Matis Mäeker, allegedly wants to take over the supervision of Estonia's entire banking sector at the Financial Supervision Authority. Sadly, it is no longer surprising to hear of attempts to export a mentality that normalizes lawbreaking and intimidation straight into the top of our financial oversight system.

We saw the same pattern of abusing the trust of the people and the parliament again recently. Once more, the central figures were FIU and its head, who tried to quietly push through the Riigikogu a legal amendment that would create an artificial intelligence–processed monster database and give them virtually unlimited and unchecked power to deny people access to information about their own data.

Fortunately, President Alar Karis refused to promulgate this law, which so blatantly contradicted the Constitution. In his July 3, 2025, decision, he made it clear that the bill unacceptably infringed on our right to informational self-determination (Constitution § 26 and § 44). The president stressed that the law would have granted FIU a blank check to refuse all information about its activities, using as an excuse a vague and endlessly stretchable clause: if disclosure "would hinder or damage the performance of the anti-money laundering bureau's statutory duties."

What's more, the president pointed out that this approach is in direct conflict with the European Union's General Data Protection Regulation (GDPR), which requires that any restriction on fundamental rights must be set out "clearly and precisely" in law, and its application must be foreseeable. The law FIU wanted was a mockery of that principle.

The grotesque element is the fact that the explanatory memorandum of the bill admitted that FIU's new database would also contain people's political and religious beliefs, as well as their health data. In essence, the aim was to create a Big Brother operating with complete opacity and without accountability, gathering our most intimate information while refusing any form of reporting.

Pattern rather than an isolated incident

Of course, the black sheep of the family is not just the Financial Intelligence Unit. In reality, it is part of a broader and darker picture, where law enforcement agencies seem to operate under the assumption that laws and court rulings are nothing more than annoying suggestions, because their work is supposedly just that "important."

The Prosecutor's Office demonstrates the same pattern. Chief State Prosecutor Taavi Pern has deliberately misled the public by claiming that the legality of using communications data in criminal proceedings is still an open question. In fact, the Supreme Court has repeatedly confirmed — in its rulings directly, and indirectly by refusing to hear the Prosecutor's Office's appeals — that such use of data is illegal, even calling it a "deliberate violation of fundamental rights." It is not credible that this is some accidental mistake; rather, it looks like a deliberate attempt to create a smokescreen of legal confusion in order to continue unlawful practices and justify violations already committed.

The picture becomes even darker when we add to this the credible information that reached Interior Minister Igor Taro's (Eesti 200) desk: in Estonia, tens of thousands of people are likely being wiretapped, even though they are not suspected of any crime and will never know about it.

For years we have been told that surveillance is exceptional, targeted and under judicial oversight. In reality, it is a massive and indiscriminate intrusion into our private lives — even when we are not suspected of any crime, but merely happen to have spoken with the "wrong" person. And what is the minister's reaction? Essentially a shrug: surely the Internal Security Service knows what the Internal Security Service is doing. The legal obligation to notify people of their surveillance is being massively violated, and I dare say it is precisely for this reason that a scandal has so far been avoided — one that would expose the true scale of our supposedly "controlled" surveillance.

These cases form a clear and disturbing pattern. Our trust in the Estonian state and in the institutions created to protect it is being systematically exploited to dismantle our fundamental rights step by step. Security and transparency are promised, but what we receive instead is unchecked power and a veil of secrecy. The question is no longer whether we are being protected, but who will protect us from the protectors themselves. How long will we allow our own trust to be used as a weapon against us?

--

Follow ERR News on Facebook and X and never miss an update!