DATA PROTECTION
Electronic invoicing: the the Italian Data Protection Authority ask for more guarantees for data storage. Opinion on the technical rules to be enacted by the Revenue Agency.
The Italian Data Protection Authority has expressed a favorable opinion on the draft provision of the Director of the Revenue Agency relating to the new technical rules for storing electronic invoices, to be used for risk analysis and control for tax purposes and for economic and financial police functions. However, greater data protection safeguards must be ensured and the legislation governing the sector adapted.
The scheme presented to the Italian Data Protection Authority governs the methods by which the Agency intends to store and make available, to its staff and to the Financial Police, the xml format files of electronic invoices and the data contained therein, including, with some exceptions, those relating the nature, quality and quantity of the goods and services purchased.
In order to properly assess, in practice, the proportionality of the treatment proposed by the Agency, the Italian Data Protection Authority has acquired a representative sample of electronic invoices issued to consumers (almost one billion per year) for sectors of activity that present greater risks for rights and the freedoms of the interested parties, in light of the type of goods and services invoiced and of the irrelevance - for the purposes of deduction / deduction - of the expenses incurred. The analysis revealed that the invoices may contain extremely delicate data, referable to specific natural persons, such as judicial data relating to claims for damages, or information relating to investigative services, details on purchased goods (including intimate products), food consumed , places where you slept and with whom, how to move. But also data referable to minors, such as judicial data relating to minor custody cases.
The complete storage of electronic invoices, with the consequent massive collection of data on purchasing behavior, determines the construction of a specific, detailed "profile" of all consumers based on their tastes, their choices, their habits. In light of the serious risks associated with the proposed data processing, the Italian Data Protection Authority has asked the Revenue Agency to adopt further measures to protect the privacy of consumers, in order to make it compliant with the requirements imposed by European (GDPR) and national legislation on protection. some data.
The information contained in the electronic invoices - with the exception of the checks carried out in relation to requests for deduction / deduction of the expenses incurred - cannot be used towards the consumer except as a result of tax checks already initiated on economic operators, which leave a presupposition of a risk of tax evasion by the consumer himself. Control and monitoring systems must also be activated on compliance with these guarantees in the use of information contained in electronic invoices.
Data relating to the legal sector must be made unintelligible.
Furthermore, the Italian Data Protection Authority, at the same time as issuing the opinion to the Revenue Agency, reported to Parliament and the Government the opportunity to introduce a legislative provision to limit the use of the information contained in electronic invoices for the sole purpose of combating tax evasion. tax, limiting the rights of access to administrative documentation by persons not connected to the invoice, in compliance with the principles of proportionality, lawfulness and correctness, purpose limitation and minimization of processing.
Finally, the Italian Data Protection Authority is intervening with the trade associations of economic operators to remember that electronic invoices should not be issued in place of other commercial documents, such as the receipt, except in the cases provided for by law or at the request of the consumer.
(Source: Web site garanteprivacy.it – Author and Ownership of the contents: Italian Data Protection Authority).
The scheme presented to the Italian Data Protection Authority governs the methods by which the Agency intends to store and make available, to its staff and to the Financial Police, the xml format files of electronic invoices and the data contained therein, including, with some exceptions, those relating the nature, quality and quantity of the goods and services purchased.
In order to properly assess, in practice, the proportionality of the treatment proposed by the Agency, the Italian Data Protection Authority has acquired a representative sample of electronic invoices issued to consumers (almost one billion per year) for sectors of activity that present greater risks for rights and the freedoms of the interested parties, in light of the type of goods and services invoiced and of the irrelevance - for the purposes of deduction / deduction - of the expenses incurred. The analysis revealed that the invoices may contain extremely delicate data, referable to specific natural persons, such as judicial data relating to claims for damages, or information relating to investigative services, details on purchased goods (including intimate products), food consumed , places where you slept and with whom, how to move. But also data referable to minors, such as judicial data relating to minor custody cases.
The complete storage of electronic invoices, with the consequent massive collection of data on purchasing behavior, determines the construction of a specific, detailed "profile" of all consumers based on their tastes, their choices, their habits. In light of the serious risks associated with the proposed data processing, the Italian Data Protection Authority has asked the Revenue Agency to adopt further measures to protect the privacy of consumers, in order to make it compliant with the requirements imposed by European (GDPR) and national legislation on protection. some data.
The information contained in the electronic invoices - with the exception of the checks carried out in relation to requests for deduction / deduction of the expenses incurred - cannot be used towards the consumer except as a result of tax checks already initiated on economic operators, which leave a presupposition of a risk of tax evasion by the consumer himself. Control and monitoring systems must also be activated on compliance with these guarantees in the use of information contained in electronic invoices.
Data relating to the legal sector must be made unintelligible.
Furthermore, the Italian Data Protection Authority, at the same time as issuing the opinion to the Revenue Agency, reported to Parliament and the Government the opportunity to introduce a legislative provision to limit the use of the information contained in electronic invoices for the sole purpose of combating tax evasion. tax, limiting the rights of access to administrative documentation by persons not connected to the invoice, in compliance with the principles of proportionality, lawfulness and correctness, purpose limitation and minimization of processing.
Finally, the Italian Data Protection Authority is intervening with the trade associations of economic operators to remember that electronic invoices should not be issued in place of other commercial documents, such as the receipt, except in the cases provided for by law or at the request of the consumer.
(Source: Web site garanteprivacy.it – Author and Ownership of the contents: Italian Data Protection Authority).
