The Estonian Constitution states that everyone has the right to education. Protecting and promoting fundamental rights is a constitutional duty of the state. Safeguarding these rights must therefore remain a priority and must not be overshadowed by other objectives. In the case of the right to education, the state must understand and take into account how access to schools, safety, children\u2019s cultural and gender identity, and socioeconomic factors shape educational outcomes. Addressing educational inequality is thus a matter of protecting fundamental rights. <\/p>\n\n
To safeguard fundamental rights, legislation and education policy must be evidence-based. Evidence-based policymaking, in turn, requires data-based decision-making. The methodology for measuring educational inequality is for education researchers and statisticians to determine. From a fundamental rights perspective, however, it must be recognised that the collection, analysis, publication and retention of data \u2013 even when aimed at improving the protection of fundamental rights \u2013 must itself always be grounded in those same rights. In each case, the benefits and risks of collecting personal data must be carefully weighed. Data protection is relevant to all fundamental rights, but in practice it most often concerns the protection of personal data, that is, the right to privacy. <\/p>\n\n
With the rapid development of information technology in the second half of the 20th\u00a0century, the collection, storage and processing of data concerning large numbers of individuals became possible. It soon became clear that if data could easily be copied on lawful grounds, they could just as easily be copied unlawfully \u2013 for example, by disseminating private information or infringing copyright.38<\/a> In this context, the current European data protection framework and practice have evolved: we are more aware of the risks associated with digital information and its impact on private life.<\/p>\n\n The deployment of artificial intelligence presents new challenges for data protection. Both Estonian and European Union data protection law follow a case-by-case approach: each instance of data use must be assessed individually. Data dispersion, transparency of use, reliability and oversight must be ensured. The purpose of data protection law is not to obstruct the development of a data-driven society but to minimise the use of personal data wherever possible. Where objectives cannot be achieved without processing personal data, the associated risks must be assessed and mitigated in a proportionate manner. In a democratic society, risks cannot be eliminated entirely.<\/p>\n\n What constitutes a data-driven education policy that also safeguards fundamental rights?<\/strong><\/p>\n\n The simple answer is that it must strike a balance between the collection of (personal) data and the protection of private life. Privacy is a value that cannot be restored once infringed, for example, through data misuse or loss. Most people do not reflect daily on their right to privacy because they assume that aspects of their lives they do not wish to share are protected by the state and that they retain control over who knows what about them \u2013 whether this concerns their health, bank account or family relationships. Linking datasets (registers) may at times be necessary and justified. However, unconsidered or premature linkage \u2013 without first examining alternatives \u2013 can quickly lead to large-scale data processing that in some cases should be avoided altogether or requires particularly strong safeguards. In the use of register data, one practical way to strike a balance is through the application of privacy-enhancing technologies.<\/p>\n\n Privacy-enhancing technologies are information technology solutions that prevent or reduce the processing of identifiable personal data within an information system while preserving its functionality.38<\/a> For example, they can reduce the risk of personal data leakage during statistical or machine learning analysis. They support three core privacy objectives: unlinkability (data cannot be linked to an identifiable individual during processing), transparency (if personal data are processed, the individual can know whether and how this has occurred \u2013 in identifiable or non-identifiable form) and intervenability (the individual can influence or halt the processing of their data).<\/p>\n\n It is possible to create secure data environments in which even system administrators cannot access raw data, while analyses can still be carried out and results made available only to authorised users. Privacy-enhancing technologies ensure that data are not transferred in unprotected form to a central server but are processed in encrypted form or through hardware-based security measures. For example, within a secure data environment, artificial intelligence should not make decisions autonomously but provide decision support.39<\/a> If an algorithm is based on a simple formula, the system may generate only a draft decision. If a more complex model is used, the system should present both the decision and the underlying data to ensure algorithmic transparency.40<\/a> Privacy-enhancing technologies safeguard privacy, but they do not resolve the substantive or ethical aspects of algorithmic decision-making. If a decision is unethical without privacy safeguards, it remains unethical even when such technologies are applied.41<\/a><\/p>\n\n Privacy-enhancing technologies are not a universal solution. Their use requires resources, both financial and technical expertise. However, they may help to achieve the necessary balance between the protection of fundamental rights and the collection and use of data.42<\/a><\/p>\n","protected":false},"featured_media":0,"parent":1490,"menu_order":0,"template":"","chapter":[3],"class_list":["post-1489","article","type-article","status-publish","hentry","chapter-hariduse-andmetarkus"],"acf":[],"_links":{"self":[{"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/article\/1489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/article"}],"about":[{"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/types\/article"}],"up":[{"embeddable":true,"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/article\/1490"}],"wp:attachment":[{"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/media?parent=1489"}],"wp:term":[{"taxonomy":"chapter","embeddable":true,"href":"https:\/\/2026.inimareng.ee\/en\/wp-json\/wp\/v2\/chapter?post=1489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}