Data for good: the e-Estonia precedent
Interview: Anna Piperal, managing director of the e-Estonia Showroom, talks about transparency and incentives in the country's pioneering work on digital services
Estonia is a small country with a big reputation for digital public services – so big it was described as the rock'n'roll star of the sector at last week's Socitm Spring Conference.
Reports of its achievements have been circulating for several years, with 99% of its state services online, 95% of tax filing carried out online, 99% of medical prescriptions issues electronically, and the widespread integration of information from different state bodies in its service delivery.
In doing all this, it appears to have cracked the big challenge that hangs over most efforts to better integrate services in the UK – sharing people's personal information without stirring up a hornets' nest over the implications for privacy and civil liberties.
A conversation with Anna Piperal, managing director of the e-Estonia Showroom, suggests it is down to an intelligent use of the available technology, and some sharp differences in attitudes to those that have coloured a lot of the debate in the UK.
As an ambassador for the country's expertise in digital services, and selling itself as a hub for innovation, she emphasises the importance of getting the infrastructure right to support the automatic sharing of information.
The core element was put in place back in 2001, when the X-Road was created for the Tax and Customs Board. It is an open platform for data exchange that originally made it possible to prepopulate tax forms with details from the Population Register – which includes names, ID codes, birth dates, places of residence and nationality – and the banks. But now it has evolved into the backbone of the country's e-infrastructure, providing a hub to which all relevant government databases are linked.
It works as as a distributed model, in which one organisation can only check the relevant details for a process against those on another database.
“By logging in I allow them to pull the data together,” Piperal says. “They see what my boss declared, then got confirmation from the bank that the taxes were paid, but don't see how much is in the bank account, and it also pushes data on what is tax deductible. This is how my tax registration gets prepopulated, and all I have to do is check and submit it.”
The wider use took off because different government organisations could see the benefits.
“There's no duplication in the data the bodies are holding because they are connected to one road where the data can be transmitted according to the rules,” she says.
“When it was understood there was no need any more to duplicate and print out data other institutions started to attach themselves to the X-Road. The Ministry of Communications manages the X-Road and attaches new partners with the adapters and security.”
So there has been an incentive for the organisations to use the X-Road, but what about the consent process? Piperal says that logging into the Tax Board service implies consent, and that this has been repeated for the other services using the platform.
This seems at odds with the argument that is often raised in the UK that the right to privacy involves explicit consent, but she says that in Estonia the public are relaxed with the arrangement largely because there is plenty of transparency.
“The real difference why people feel safe and trust the government is that, not only is it providing the services online, but allowing me to see what kind of information they have collected on me. I can repair that information on different registries; if I tell them what's wrong and prove it they will change it.
“And I can see the log file on how different government bodies used my information. If there was a notary when I bought property, this was my consent to check with them the documents are correct; I can see it in the log file. The log files are on the state portal for different services, and you can get a more detailed file in Excel format from the Population Register for all the data exchanges.”
Similarly, Estonia's identity card has become a key part of the infrastructure since it was launched in 2003, with 94% of the public carrying one not just for public services but private business. Encryption and a strong security network have played their part in encouraging take-up, but Piperal says the emphasis on convenience and an early incentive have also been big drivers.
“The first selling point was public transport discount in 2003, one year after the launch. Then the banks came in, and by taking state issued identity got free of charge the strongest security for identifying the customers.
“They began to use it for transactions in e-banking and promoted to their customers, giving out card readers and changing certificates in the chip. They liked it because they didn't have to pay anything for it.
“Now it's available for use with range of services. All the private sector institutions can use the same ID card, to log in for telecommunications contracts, to enrol into university, to obtain loyalty discounts in stores. The businesses are happy to promote it because they don't pay for it.
“It's also a library card.”
There are similar incentives and more for the Mobile-ID, that makes it possible to use a smartphone as an electronic identifier. It sits on a SIM card issued by the telcos on behalf of the government and plants an app that can be used for identification and digital signatures. When logging into a service it produces a once only control code which the user can accept to acknowledge the transaction, then asks for the relevant PIN code, one for a log-in, the other for a digital signature.
Piperal emphasises its convenience, saying she's an enthusiastic user, but says that five years after its launch its penetration is much lower than the physical card at just 7-8%. The likely explanation is that when people are doing online banking or anything that demands a secure log-in, they feel a lot more confident at home on a big screen with a secure connection.
It is open to debate whether these solutions could be develop as smoothly and accepted as enthusiastically in the UK. Estonia has had the advantages of serving a much smaller population – just 1.3 million – and starting from scratch without a bunch of legacy systems in the 1990s.
There are probably cultural differences at work as well. It has become a much more open society since the early 1990s and any anxieties about government's use of personal data are small compared to what it has experienced in the past.
But it has set a precedent for striking a workable balance and subsequently won a lot of admirers in the digital services world.