A Gap in Estonia's Digital Law
Estonia already requires court warrants before police can search a home or intercept a phone call. What it has not required — until now — is judicial authorization to search the contents of a seized smartphone, email account, or other digital device. The Justice and Digital Affairs Ministry, backed by Interior Minister Igor Taro of the coalition party Eesti 200, is preparing to close that gap.
The proposal, announced on June 27, 2026, would require investigators to obtain judicial authorization before accessing stored data on digital devices, placing smartphone searches on the same legal footing as a physical premises search. The Ministry is currently seeking stakeholder feedback before presenting the legislative bill to parliament.
Three Stages, One Warrant Requirement
The reform makes a careful distinction that matters practically. Seizing a device, copying its data, and reviewing that data are treated as separate acts. The warrant requirement attaches only at the third stage — when investigators actually access messages, browse location histories, or read email. Physical seizure and forensic copying remain within police discretion as evidence-preservation steps, limiting disruption to fast-moving investigations.
An additional exception is preserved: citizens may voluntarily share specific messages or documents with investigators to refute suspicions, without judicial oversight applying. This protects cooperative disclosure while blocking the kind of open-ended data trawl that a device search without limits would allow.
Taro stated the rationale directly: "Searching a modern smartphone typically constitutes a major intrusion into privacy, as such devices almost always contain messages, documents, photos, contacts, location data and other information that provide a detailed picture of a person's private life."
The Case for Police Discretion
Before endorsing the reform, the strongest counter-argument deserves fair treatment. Criminal investigations move quickly, and digital evidence — unlike a physical object — can be remotely wiped, encrypted, or synced to servers outside the jurisdiction within hours of a device being seized. Even a modest warrant delay carries real operational risk in organised crime or terrorism cases. The proposal's three-stage model mitigates this somewhat — investigators can seize and copy first, seek authorization second — but they remain more constrained than under the status quo.
This concern is genuine. It also explains why emergency exceptions are critical design elements in comparable frameworks. How Estonia ultimately drafts its urgency carve-out will determine whether the reform holds in operational practice or quietly erodes through routine invocation of emergency powers.
European Law Has Already Moved Here
Estonia's proposed reform is consistent with — and arguably anticipated by — the direction of European jurisprudence. In October 2024, the Court of Justice of the European Union issued a significant ruling in Bezirkshauptmannschaft Landeck (Case C-548/21), holding that when police access to mobile phone data poses a serious interference with fundamental rights, it must be subject to "prior review carried out by a court or by an independent administrative body." The Court allowed a narrow urgency exception — post-hoc authorization where volatile data might otherwise disappear — but was unambiguous that law enforcement cannot unilaterally grant itself "full and uncontrolled access to all data stored on a mobile telephone."
The European Court of Human Rights has applied similar reasoning under Article 8 of the European Convention. A pending case, Mutso v. Estonia (no. 37626/23), notified to the Estonian government in October 2024, directly tests whether Estonian procedure adequately protected a suspect's rights before she disclosed her device passwords — exactly the kind of factual pattern a statutory warrant requirement would structurally prevent.
The US Supreme Court reached an equivalent conclusion a full decade earlier. In Riley v. California (2014), a unanimous court held that digital phone contents cannot be searched incident to arrest without a warrant, recognizing that a modern smartphone is not a pocket-sized set of car keys but a comprehensive record of a person's life.
The Digital-State Paradox
What makes Estonia's situation distinctive is the depth of its digital infrastructure. With 92.9 percent of households online and 89 percent of internet users actively using e-government services, Estonia routes more of daily civic life through digital channels than almost any comparable country. Citizens file taxes, vote, and access health records digitally. The X-Road platform links hundreds of public databases. Residents can audit via eesti.ee exactly who has accessed their state-held data.
That same depth means a smartphone in Estonia is something more than a communications device — for most residents, it is a portal to a substantial share of civic and administrative life. Treating it accordingly under criminal procedure is not a policy luxury; it is the correct legal response to what digital devices have actually become.
Urgency was added by a May 2024 civil society investigation that raised concerns Estonian authorities may have had access to Pegasus spyware. The allegation was not confirmed by the government, but it underscores that even a country with a Freedom House internet freedom score of 92 out of 100 — among the world's highest — is not automatically insulated from pressure to expand surveillance capability ahead of judicial oversight.
What Comes Next
The reform is in pre-legislative consultation. There is no parliamentary timetable yet, and the precise design of emergency authorization procedures — the critical implementation question — has not been publicly detailed. Whether urgency exceptions will be narrow and time-limited, or broad enough to become the default, will be the real test of whether the reform achieves its purpose.
Estonia has built its international reputation on the proposition that advanced e-governance and strong individual rights can coexist. Requiring a warrant to read the most data-rich object most citizens carry is a straightforward extension of that proposition — and overdue.