Information & Ethics committee  The system works this way. When I want to access government services, I have to go to the state portal, which is basically the Internet site where all government services are listed and presented. When I log in to the state portal, I will see first all the information that the government has about me: my name, whether or not I have a driver's licence or medical insurance, and whether or not I own real estate or vehicles.

Information & Ethics committee  This portal is designed for citizens and for residents as well. There are different.... Let's put it this way. Different state agencies provide different electronic services. Altogether, we have about 1,500 different electronic services. If you want to access these services, you can do it directly through the agencies' websites.

Information & Ethics committee  Actually, it's an area where the EU has put a lot of attention in the last 10 to 15 years.

Information & Ethics committee  In Estonia we have a data protection agency, and every European country that belongs to the EU must have such an agency. The agency has the power to supervise everything related to data protection.

Information & Ethics committee  I don't have the figures, but concerning the Estonian files, the agency has about 100 people. It's not a massive organization, but I would say that over the years their role has become more significant, because the whole of society has been digitized.

Information & Ethics committee  In our situation, actually there is not a single agency that can get access to all exchanged information. That's why what you see on the slide is each route. This secure data exchange environment we also call the secure Internet. It works the same way as the Internet. The data exchange happens among different organizations or among the organizations and citizens.

Information & Ethics committee  There is no single answer to that, because when we talk about security, there are three main categories that we need to keep in mind. One is confidentiality. The breaches can be against confidentiality. The second is data integrity. It means, for example, that in the population registry where we have citizens' names, there is nothing secret about the names, but we have to keep the integrity of this data.

Information & Ethics committee  That's what the General Data Protection Regulation is all about, putting in place different mechanisms to control the digital service providers. One very similar principle is that, for example, as a data owner, I must always get an overview of how my data is used. For example, if I use Facebook, when I approach Facebook and want to know how Facebook has used my data, they have to give a total overview of how they have done it.

Information & Ethics committee  I will confirm that the study that you were referring to is correct. Our approach to cybersecurity is that it is a continuous process. We work on a daily basis to make it better and better and to coordinate with general ICT development. Here's just one example. The whole security system that we use in Estonia is based on a state-of-the-art encryption system.

Information & Ethics committee  That's exactly what Liia Hänni was talking about regarding the ID cards that we use. We call them ID cards, but from the security point of view, it is an encryption device that every citizen has in Estonia. On the ID cards, we have a chip that contains a cryptoprocessor, so basically, when a citizen uses an ID card, they actually use an encryption system.

Information & Ethics committee  We have not centralized the databases, but the logic behind no overlapping databases is that we don't collect the same data in different databases. For example, if we have a population registry containing basic information about citizens and residents, then when police forces create their own police database, we don't allow them to collect the same basic information there.

Information & Ethics committee  If I may add, the very typical situation in different countries is that different organizations have developed their systems themselves, and the systems are not interoperable. That's the very basic problem. The second problem is how to ensure security if you establish connectivity between different systems.

Information & Ethics committee  I can assure that the situation is exactly as it was in the report [Technical difficulty—Editor].

Information & Ethics committee  We have the mike at the other side of the table, but the wire wasn't—

Information & Ethics committee  Can you hear now? The wire is...I have to sit closer, then.