Language switcher

You are here

The consent service allows companies to ask the state for your data

The consent service is an e-service developed by the Information System Authority (RIA) which allows a person to give permission to the state to share their personal data with a certain service provider. At the end of the year, the first service in the financial world actually started using the consent service.

From this week, the consent service will be used in the instalment application process in cooperation with AS Inbank and the electronics store Klick. If a person gives their consent in the consent service environment, the bank will check the solvency of the person from the database of the Tax and Customs Board, on the basis of which a data-based decision to allow the person to pay in instalments can be made.

‘The consent service becomes a central place where a person gives their consents and later manages them. It will be possible to see all given consents and withdraw them at any time. Every time data is sent to a service provider, a mark of it is left in the consent service, making the movement of the data very transparent. I am glad that the Tax and Customs Board was ready to implement the new service in its system and that AS Inbank also introduced it immediately,’ said Sander Randorg, Product Manager of RIA.

‘Consent-based sharing of financial data has been our first priority, but certainly not the only one. The bigger goal is to turn the consent service into a universal service that would allow the sharing of, for example, health and education data on the basis of consent, paving the way for new data-based services,’ said Randorg.

As part of the Digital Society Development Plan until 2030, we want to move towards a more human-centred digital state. The country already uses a data tracker to help ensure that people have an overview of the data collected about them, as well as of who uses their data and for what purposes. The consent service is a step forward, giving people more control over what happens to their personal data. On the one hand, the role of the state is to provide an opportunity to share one’s personal data with the private sector and other interested parties, and on the other hand, to ensure transparent data processing,’ said Ott Velsberg, Government Chief Data Officer at the Ministry of Economic Affairs and Communications.

According to Velsberg, the consent service allows a person to decide for themselves who can use their data, for what purposes, and under what conditions. ‘This creates a unique opportunity in the world to boost the data economy and create new and innovative services. Among other things, people will have the opportunity to charge a fee for the use of their data if they so wish,’ said Velsberg, who said that the aim is to gradually introduce the consent service nationwide and thereby support the provision of significantly more personal services.

What is the consent service?

Through the consent service, a person can decide whether or not to share their personal data held by the state with a specific third party. Consent is always asked in the environment of the service provider, but in order to make a decision, the person is directed to the state portal », where both the description of the data to be transferred and the purpose of data processing are displayed. After giving or not giving consent, the process continues in the environment of the service provider. Later, it is possible to see and manage all the consents given from, regardless of to whom the consents have been given.

The use of the consent service and the giving of consents is always voluntary. Consent may be revoked at any time, thereby suspending the further transfer of data to a third party.

The consent service is currently available to Estonian citizens and requires a valid strong authentication tool (ID-card, Mobile-ID, or Smart-ID).

More information about the consent service

More news on the same subject


The new yearbook introduces the work of RIA and the events of 2019 in Estonian cyberspace

24.04.2020 - The yearbook describes the role of the departments of the Information System Authority (RIA) in the e-state and gives an overview of cyber incidents of 2019 in Estonia.