Estonia Flag Estonia

E-Commerce Laws

Estonian E-commerce Act 

(E-kaubanduse seadus)

Law No. RT I 2002, 43, 261

Date published: March 14, 2002

Purpose: To regulate electronic commerce in Estonia and ensure a level playing field for e-commerce businesses while promoting consumer protection.

Regulation: The Estonian E-commerce Act establishes a legal framework for e-commerce activities in Estonia, including provisions on online advertising, contracts, payment methods, and dispute resolution. The law also sets out requirements for information disclosure by e-commerce businesses, such as the provision of terms and conditions, contact information, and privacy policies.

Electronic Communications Act 

(Elektroonilise side seadus)

Law No. RT I 2004, 76, 521

Date published: June 29, 2004

Purpose: To regulate electronic communications in Estonia, including those related to e-commerce, and promote the development of a competitive telecommunications market.

Regulation: The Electronic Communications Act regulates electronic communications services, including internet access and data transmission services used in e-commerce activities. The law sets out provisions related to network security and data protection, as well as the protection of consumer rights in relation to electronic communications services.

Personal Data Protection Act 

(Isikuandmete kaitse seadus)

Law No. RT I 2007, 24, 127

Date published: March 20, 2007

Purpose: To regulate the processing and protection of personal data in Estonia, including in e-commerce activities.

Regulation: The Personal Data Protection Act sets out requirements for the collection, storage, use, and disclosure of personal data in Estonia, including in e-commerce activities. The law establishes the rights of data subjects and the obligations of data controllers, and sets out provisions related to data security and data breaches. The law also establishes the Estonian Data Protection Inspectorate as the supervisory authority responsible for enforcing the law.

Consumer Protection Act 

(Tarbijakaitseseadus)

Law No. RT I 2017, 13, 137 

Date published: February 22, 2017

Purpose: To protect the rights of consumers in Estonia, including those engaging in e-commerce activities, and ensure fair business practices.

Regulation: The Consumer Protection Act sets out requirements for consumer protection in Estonia, including in relation to e-commerce activities. The law establishes the rights and obligations of consumers and e-commerce businesses and sets out advertising, contracts, warranties, and dispute resolution provisions. The law also establishes the Consumer Protection and Technical Regulatory Authority as the supervisory authority responsible for enforcing the law.

Information Society Services Act

Law No. 34

Date published: May 1, 2002

Purpose: To regulate the provision of information society services in Estonia, including e-commerce services.

Regulation: The Information Society Services Act establishes the legal framework for providing information society services in Estonia, including e-commerce services. The law provides for the rights and obligations of service providers and users, as well as the liability of intermediaries. The law also regulates issues related to personal data protection, electronic marketing, and the use of cookies.

Consumer Protection Act

Law No. 56

Date published: June 2, 1994

Purpose: To protect the rights of consumers in Estonia and regulate unfair business practices.

Regulation: The Consumer Protection Act establishes the legal framework for consumer protection in Estonia, including e-commerce transactions. The law provides for consumer rights and obligations, regulating advertising and labeling, and protecting against unfair or abusive business practices. The law also establishes the Consumer Protection Board (Tarbijakaitseamet) to oversee consumer protection in Estonia.

Data Protection Act

Law No. 6

Date published: February 26, 2003

Purpose: To regulate the processing of personal data in Estonia and protect the rights of data subjects.

Regulation: The Data Protection Act establishes the legal framework for the protection of personal data in Estonia, including in e-commerce transactions. The law provides for the rights of data subjects, the obligations of data controllers and processors, and the regulation of cross-border data transfers. The law also establishes the Data Protection Inspectorate (Andmekaitse Inspektsioon) to oversee law enforcement.

Information Society Services Act (ISSA)

Law No. 40

Date published: May 12, 2004

Purpose: To regulate e-commerce activities and provide a legal framework for information society services in Estonia.

Regulation: The Information Society Services Act provides a legal framework for e-commerce activities in Estonia. The law regulates issues related to the provision of information society services, electronic contracts, electronic signatures, data protection, and the liability of intermediaries in the online environment. The law also establishes the Estonian Information System's Authority as the regulatory body responsible for enforcing the law.

Electronic Communications Act (ECA)

Law No. 86 

Date published: June 29, 2011

Purpose: To regulate electronic communications networks and services in Estonia.

Regulation: The Electronic Communications Act regulates the provision of electronic communications services and networks in Estonia, including those related to e-commerce. The law provides for the protection of consumer rights, the regulation of interconnection and access to electronic communications networks, and the management of radio frequencies. The law also establishes the Estonian Technical Surveillance Authority as the regulatory body responsible for enforcing the law.

Data Protection Act (DPA)

Law No. 26

Date published: March 29, 2018

Purpose: To regulate the processing of personal data in Estonia and ensure compliance with the General Data Protection Regulation (GDPR).

Regulation: The Data Protection Act regulates the processing of personal data in Estonia, including in the context of e-commerce activities. The law provides for the rights of data subjects, the obligations of data controllers and processors, and the regulation of cross-border data transfers. The law also establishes the Estonian Data Protection Inspectorate as the regulatory body responsible for enforcing the law.