Estonia Creates World’s First-Ever ‘Data Embassy’ to Improve Information Security

The high-tech country’s decision to move highly sensitive databases to another country could be a model for other nations hoping to maintain their data security.

• By Haley Samsel
• Jul 03, 2019

Nearly all embassies are staffed with an ambassador and other diplomatic officials focused on building relationships and serving their citizens in foreign countries.

That’s why Estonia’s choice to establish an embassy in Luxembourg populated with databases rather than people is so unusual. In June, the country began moving core servers holding sensitive records, including land and business registries, to one of Luxembourg’s highly secure data centers, NBC News reported. The new “data embassy” is believed to be the first of its kind.

The rationale in moving the servers lies in Estonia’s desire to ensure that its citizens’ most sensitive data is not threatened by Russia, which the Estonian government believes was responsible for a series of 2007 cyberattacks that paralyzed the country’s internet services. Now, even if Estonia suffers a military attack and its main servers are shut down, the government should be able to keep its core services running, according to the NBC report.

The move is even more crucial given the fact that Estonia is one of the most Internet-savvy countries in the world. The government assigns each citizen a digital ID that allows them to do their taxes, bank, vote and complete other tasks online. In turn, Estonians share a higher-than-usual amount of sensitive information with the government -- all of which could be vulnerable if the country was attacked.

Estonia’s agreement with Luxembourg, which gives Estonia full jurisdiction over the data and prevents Luxembourg officials from entering unless they have permission, could set a precedent for other countries concerned about data security. Monaco is already planning a similar move, having signed an agreement with Luxembourg in December, according to NBC.

“Our government provided data center services along with immunity. This is the innovative part of it,” Patrick Houtsch, the director of Luxembourg’s government information technology center, told NBC. “Of course, they could have stored their data in some public cloud or service provider, but they would not have the same guarantees in terms of being able to completely protect and know where the information is.”