Estonia wants to introduce administrative fines into its legal system to allow for a more effective response to data protection law violations


On 6 May 2020, the Estonian Ministry of Justice sent for coordination round the concept of administrative fines. The goal is to introduce into the Estonian legal system a new administrative penalty – administrative fine – in order to react more efficiently to financial, competition and data protection law violations.

As also stipulated in Recital 151 of the GDPR, the Estonian legal system does not currently allow for administrative fines as set out in the GDPR. The rules on administrative fines may therefore be applied in such a manner that in Estonia the fine is imposed by the supervisory authority in the framework of a misdemeanour procedure.

The Estonian Data Protection Inspectorate has recommended to introduce the concept of administrative fines into the Estonian legal system already earlier, saying that sanctioning legal persons through misdemeanour proceedings is inefficient and burdensome to all parties involved. To the best of my knowledge, the Estonian Data Protection Inspectorate has not yet imposed any fines for GDPR violations. In the latest annual, the Head of the Inspectorate hinted that one reason for it was the uncomfortable nature of misdemeanour proceedings and the fact that GDPR fines are intended to be administrative fines by their nature.

According to the concept, the changes are likely to improve companies' compliance with the law, especially because the procedural process of imposing the fine is simplified and shortened.

It remains to be seen whether and how the concept of administrative fines will translate into law and whether that will change companies’ compliance with the GDPR and/or the number of fines issued in Estonia. The expected time for sending the draft for approval and opinion is summer 2020 and the expected time for entry into force is in the first quarter of 2021.


Article provided by: Mari-Liis Orav (TGS Baltic, Estonia)



Discover more about INPLP, the INPLP-Members and the GDPR-FINE database

Dr. Tobias Höllwarth (Managing Director INPLP)

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.