Thursday, November 28 2019
The Privacy Guarantor, Antonello Soro, stated in an interview with the Sole 24 Ore: "It is not us who block the Inland Revenue in the law enforcement activity through the use of data. We only give indications to protect information".
We report the entire interview because it contains very interesting ideas.
"A gigantic hoax, a colossal bale". Antonello Soro, Privacy Guarantor, does not use words to define the news that has been circulating for a few months, according to which the Authority he directs to block the fight against evasion. "The Guarantor - adds - he has become the scapegoat. Authoritative exponents of the business world, former ministers, managers of the Bank of Italy, magistrates: all uninformed and all telling this story that today the Inland Revenue is not able to perform the function of data processing, profile analysis of risk because the Guarantor or the privacy prevent it ". A scenario that has taken shape in the rule of the maneuver (the article 86) that asks the Treasury to find evaders by resorting to the processing of data contained in its own archives, in particular that of financial relations, and the interconnections between them. And at the same time, it sterilizes some privacy rights.
Norma that evidently takes its cue from that fake news. But it is from the 2011 that the Inland Revenue can and must do the analysis and the crossing of all the data available to it. In this regard, the Guarantor has only provided indications to secure information, to avoid data breach: this was our role in these years. And also the reference that the rule makes to pseudonymisation of data - not decisive because, due to the degree of detail of such large databases, re-identification is very easy - it is a problem that we have never posed. All the data that the Inland Revenue has - school fees, mortgages, insurance, building interventions, domestic workers, leases, utilities, travel expenses, means of transport, current accounts - can already be analyzed and crossed. There has never been any objection from the Guarantor. "
Then we should ask ourselves two questions. We assume that in all these years the Revenue Agency has done the work of analyzing and processing data and profiling those at risk of evasion. Has the system worked? No one asks. In case it didn't work, there are only two possible explanations. One is technological: given the vast amount of data at its disposal, the IT resources of the Revenue are inadequate. In this case, all that remains is to invest further. If this were the case, it is paradoxical to ask - as the tax law decree examines the Parliament - to continue to feed the Registry with the data, including those that are not fiscally relevant, of electronic invoices.
The second reflection?
We admit that the Tax Registry is very good at analyzing and processing data. Once, however, once a potential evader has been identified, he must be informed and begin an assessment procedure and an adversarial procedure. Activities that require staff resources that the Tax Office may not have. On the other hand, if in front of 4,7 millions of VAT declarations have been started in the past few years little more than 160 thousand assessments, there is to think that something doesn't work.
It is no secret that the Revenue Agency is understaffed.
So what does privacy have to do with it? I would have liked to hear the voice of the Inland Revenue Director giving an answer to these questions or denying the false news that the Guarantor is putting the sticks in the wheels.
And that is why they have limited taxpayers' privacy rights?
According to the 86 article, citizens can no longer intervene, for example, to correct a wrong tax figure. Now, it is understandable that there may be steps in the fight against tax evasion to be removed from a direct relationship with the tax payer, but these are situations that must be circumscribed. Otherwise we are creating a unicum in our legal system, that is, that a piece of the State finds itself living in a sort of cloud of impermeability in the relationship with citizens. With potentially very dangerous consequences. We hypothesize that when the data breach of Sogei occurred two years ago, the authors of that external intervention had manipulated my data: according to the article 86 I could have denied myself the right to say that that information has been modified and are inaccurate.
To freeze privacy rights in the name of the fight against tax evasion, the new law inserts the hunt for tax evaders among activities of significant public interest. Was this legislative maquillage necessary?
If the fight against evasion were not a primary general interest, when would a country like ours admit to transfer billions of sensitive information to the tax register? It therefore goes without saying that the fight against those who do not pay taxes is a public interest. There is no need for a new provision to emphasize this. Tax loyalty is a prerequisite for the right of citizenship.
However, the limitation of privacy rights has already been envisaged as an anti-money laundering function.
But there the measures are limited: phases of the procedure have been identified in which citizens' rights are limited. However, there is no generalized impediment, as happens with the new norm. If the latter makes an objective reading of it, the Inland Revenue becomes a place of public administration to which citizens can access only through the Guarantor. Imagine if such a large interposition activity can be moved to the Authority.
However, likely, if the tax authorities are behind taxpayers' requests for privacy, the rest of the business slows down.
The Inland Revenue or the Economy Minister tells us how many citizens who, through the exercise of their right to data protection, have blocked the tax machine. We have no figures to that effect. It is a not very credible hypothesis. And anyway, let's not forget that a citizen who, for example, asks for the correction of information, allows the tax registry to have up-to-date and, therefore, more effective data for the fight against tax evasion. Then there is another aspect: the right of taxpayers to interact with the financial administration remains, because the statute of the tax payer provides for it. Also in this respect, the rule is useless.
Useless and in contrast with the Gdpr?
If it is stored as is, the problem arises. But first of all the contrast is already with common sense. We must stop indicating the activity of the Privacy Authority as a brake on the fight against tax evasion. If one shows me that the privacy code is an impediment, we will confront each other. But to date I have never done anyone.
Is the tax register safe?
The security of the most important Italian database is a process that needs continuous updating. There is never a database that can be considered 100% secure. However, the implementation of the measures we suggested during the various inspections should have put the Registry in the condition of being a protected database. On the other hand, if the data is not protected and safe, the fight against evasion is ineffective.