Personal Data Usage Monitor Ivo Mehide <ivo@degeetia.ee> Degeetia OÜ 25.08.2016

Personal Data Usage Monitor – why? From the Estonian Personal Data Protection Act, §19 subsection 1: At the request of a data subject, a processor of personal data shall communicate the following to the data subject: ... 5) third persons to whom the personal data of the data subject have been transferred From the Estonian Personal Data Protection Act, §25 subsection 2: 3) prevent unauthorised recording, alteration and deleting of personal data and to ensure that it be subsequently possible to determine when, by whom and which personal data were recorded, altered or deleted or when, by whom and which data were accessed in the data processing system; Solution: Registrate this kind of information and share this through common flexible software. Procurements from Information System Authority, financed by European Regional Development Fund: Analysis and Design of Personal Data Monitor Development of Personal Data Monitor Standard Solution

Conceptual diagram

Components Extractor – examines X-road messages for personal data and send general information about the messages (service code, receiving party, personal codes etc) to the Data Recorder. Logger – stores information about the X-road messages in database and shares this to the Eesti.ee portal. Service in eesti.ee portal – user interface for data subjects.

Extractor Works as transparent proxy between infosystem and X-road security server Contains rules of determining if transferred X-road message contains personal data. Contains rules about how to extract general message information (receiver, timestamp, service name, etc) and personal code(s) from the message body. Extraction rules are going to apply for all the messages that are catched by the filter. Extracted information is going to transferred to the Logger component.

Logger Separate component for storing and retrieving personal data usage information. Provides REST services for storing and retrieving. Provides X-road service for eesti.ee portal in order to search and retrieve logged information. Provides simple web-based UI for internal use.

Eesti.ee portal Data subjects can use eesti.ee portal in order to get information from which database, when and to what third party their personal data was transferred. Currently there are agreed to present such information from: Elering Data Warehouse (electricity consumption points) Population Register Health Insurance Register Social Services Register Unemployment Insurance Registry

Different configuration options Personal Data Usage Monitor components can be used also separately. The possible configurations are as follows: Both Extractor and Logger components are in use. Only Logger component is in use. Infosystem writes personal data information directly to Logger Only Extractor component is in use. Extractor writes log information to infosystem and infosystem implements needed X-road service. There are no Extractor and Logger components in use. Infosystem implements internally both personal data logging and corresponding X-road service.

Additional information Documentation, full source code and binary packages are available on GitHub: https://github.com/e-gov/AJ/