Estonian Administrative Court Press Representative Found Guilty of Violating Data Protection Laws
Maria Joost, the Press Representative of the Estonian Administrative Court, has been handed a lifetime ban from working in public service and organizations handling personal data following serious violations of data protection laws.
Unlawful Disclosure of Personal Data
Maria Joost unlawfully disclosed special categories of personal data, including information on social benefits, subsistence benefits, and housing applications, without a legal basis or the consent of the data subject. Such information is classified as special category data under Article 9 of the General Data Protection Regulation (GDPR) and is subject to strict processing conditions. Her actions not only breached European data protection laws but also the fundamental right to privacy of the individuals affected.
Breach of Confidentiality in Court Proceedings
As the Press Representative of the Administrative Court, Joost was entrusted with ensuring the confidentiality of sensitive judicial information. Her unauthorized disclosure of personal data violated both procedural rules governing court confidentiality and international data protection principles, undermining the integrity of judicial proceedings.
Legal Consequences for Maria Joost
Disciplinary Measures
The disciplinary bodies of the Administrative Court have taken action against Maria Joost, leading to her dismissal and a lifetime prohibition from working in public service or any organization handling personal data.
Violation of Data Protection Laws
Under the General Data Protection Regulation (GDPR) and Estonia’s Personal Data Protection Act (IKS), her actions could lead to:
- Financial penalties
- Orders to rectify the breach
- Additional legal accountability to her former employer
Criminal Responsibility
Under Estonian law, Maria Joost’s actions may amount to criminal offenses:
- Section 157¹ of the Penal Code: Disclosing personal data without consent may result in a monetary fine or up to one year of imprisonment.
- Section 157² of the Penal Code: If significant moral or material harm was caused, the offense may be considered a breach of privacy, punishable by up to five years of imprisonment.
Civil Liability
Individuals harmed by Joost’s data breach have the right to seek civil compensation for non-material damages such as stress and reputational harm, as well as material damages arising from the breach.
A Landmark Case in Data Protection Enforcement
The case of Maria Joost sets a precedent for strict enforcement of data protection laws in Estonia and the European Union. Her lifetime ban underscores the seriousness of GDPR violations, reinforcing the need for strict adherence to confidentiality and data security in public service and judicial institutions.
Stay tuned for further developments on this case and its implications for data protection enforcement in Estonia and beyond.
