PPA Admits: Health Data Retrieved Without Citizens' Consent

The Police and Border Guard Board (PPA) has confirmed, based on evidence presented by a lawyer, that it retrieved health data without the consent of individuals, despite previously claiming the opposite to both Postimees and the Ministry of Justice and Digitalisation. Legislation governing this practice is currently being amended.

The Police and Border Guard Board (PPA) has admitted to requesting health data without the consent of individuals – despite earlier assurances to the contrary. The agency told both Postimees and the Ministry of Justice and Digitalisation that health data requests were made only with the explicit consent of the persons concerned.

The situation changed when a lawyer presented concrete evidence to the agency, upon which PPA officials admitted that requests without consent had indeed been made. This means the agency acted in contradiction to its public statements and raised serious questions about the state's protection of personal data.

The currently applicable law permits such actions by police under certain interpretations, but amendments are already underway at the legislative level. The relevant legal provision is being revised, suggesting that lawmakers regard the previously existing regulation as insufficient for protecting individuals' health data.