In her opinion on the bill, Chancellor of Justice Ülle Madise said that since access to banking secrecy is a serious infringement on fundamental rights, it must be considered thoroughly and formulated as a carefully defined exception.

"The bill does take the first step toward providing proper protection for banking secrecy, but I believe significant substantive changes are still needed to bring it in line with the Constitution," Madise said.

She noted that granting the state access to banking data must take into account that, for example, a bank statement containing all transactions reveals so much about a person's activities, habits, beliefs, preferences, even whereabouts and social circle, that it makes it possible to profile or in some sense track an individual.

"From that perspective, a bank statement can be regarded as similar to a request for communications data or, in some cases, even surveillance operations," Madise said.

In criminal proceedings, requests for communications data and surveillance activities are allowed only for certain crimes and only with prior authorization from a court or, in some cases, the Prosecutor's Office. In addition, a request for communications data provides only the fact that a call took place or location data, not access to the content of messages.

"Therefore, granting access in administrative proceedings to a bank statement, which contains information on all transactions, requires especially careful consideration of whether, in what cases and under what conditions it can be allowed at all," Madise said.

"Creating such a regulation must also be balanced with the protection of a person's fundamental rights. In other words, access to banking secrecy must be regulated with the same level of care and attention to procedural detail as surveillance measures," she added.

According to Madise, it must be clearly defined under what conditions officials may obtain banking data, to what extent, what they may do with the data, how long they may retain it and whether and when the person concerned will be notified that the state accessed their banking secrecy.

Exact rules must also be set for how such requests are later reviewed.

"Supervision of the compliance register as a data set alone is not sufficient, because it does not cover all the circumstances under which the data is requested or used. It must also be clear how judicial review of access to banking secrecy is carried out," Madise said.

"This is especially important for the Financial Intelligence Unit (FIU), because a person may never learn that their banking data was accessed and therefore has no opportunity to defend their rights," she added.

Madise also pointed out that if the Tax and Customs Board is to be given access to people's bank accounts, the Riigikogu must debate the details. Should access be full or should it be restricted? Should the tax authority be able to access all interactions between a person and their bank or only the account itself?

"The fact that both the MTA and FIU have so far been accustomed to easily obtaining information and deciding for themselves which parts of banking secrecy they needed does not mean this can continue. The Riigikogu must weigh each case separately and set out access for administrative proceedings as a clear exception to the protection of banking secrecy," Madise said.

At the beginning of September, the Ministry of Finance completed draft amendments intended to limit and clarify the rights of the Tax and Customs Board and the Financial Intelligence Unit to access banking data on individuals and businesses via the compliance register.

The bill was prepared in response to the chancellor of justice, who found in July that since the register's introduction last year, authorities had gained access to account holders' banking data without a proper legal basis and tens of thousands of queries had been made to banks.

Until the law is amended, neither the FIU nor the Tax and Customs Board may access banking data through the compliance register.

--

Follow ERR News on Facebook and X and never miss an update!