Sa, 25.03.2023

Head of data protection failed EISS security check

Heelia Sillamaa
, reporter
Head of data protection failed EISS security check
Facebook LinkedIn Twitter
Marko Aavik.
Marko Aavik. Photo: Justiitsministeerium

The Ministry of Justice announced two days ago that Marko Aavik, who had just been appointed the new head of the Estonian Data Protection Inspectorate, gave up the position of his own free will. The long-time deputy secretary general of the ministry actually failed the internal security service’s security check.

The Estonian Internal Security Service (EISS) did not say why they found it impossible to give Aavik access to state secrets.

“The security check revealed that I had not properly notified the justice ministry of one of my side activities – participation in international cooperation as an expert for the Council of Europe,” Aavik explained. He claimed that while he had informed the ministry of the fact verbally, he took responsibility and gave up the position because he failed to submit a written notification.

Information available to Postimees suggests Aavik was denied access to state secrets because of his activities in the Council of Europe; however, it is clear the EISS does not fail people for nothing – something in his work must have been the reason Aavik was denied access.

Aavik decided to leave Estonia after announcing his decision not to accept the position. “I refute claims that I’m leaving the country because of circumstances that came to light during the security check and assure everyone that I plan to return to Estonia,” he wrote.

There are other confusing aspects about the former deputy secretary general’s appointment. The Estonian data protection act states that candidates for the position of data protection chief must pass the security check before they are appointed. Aavik was appointed on the morning of June 21, before the security check was concluded.

The ministry points to conflicting legislation. The public service act prescribes that the competition to find the new head of the agency automatically fails if no candidate has been appointed inside 120 days of the deadline for applications.

This means that the entire process of going through documents, interviews and checks must be completed in 120 days. The result is that people are sometimes appointed before the security check can be carried out because there is not enough time.

The Government Office admitted problems with competitions to find executives. “We admit that there is a problem with competitions that require security in the law. The top executives’ selection committee will discuss how to bypass this problem before a new competition to find the inspectorate’s director is held,” said the Government Office’s Head of Communication Kristiina Tiimus.