A lot has been talked about and everyone knows it now: we refer to the ticket, or rather to the access contribution to Venice, the system designed to manage the influx of visitors in the historic city and in the minor islands of the lagoon. The goal was to protect the assets, improve livability for residents and workers and monitor tourist flows. However, something did not go according to the plans.
The Municipality of Venice was in fact sanctioned by the Guarantor for the protection of personal data following a management deemed illegal of the data related to the access contribution.
But let’s start from the beginning: it is from 2024 that a daily ticket system has been activated in Venice, with exemptions for residents, students, workers and other categories. Also to obtain the exemption, it is necessary to register early on the municipal portal and it is precisely here that a privacy problem has arisen, according to the guarantor.
Because the Guarantor sanctioned the Municipality
The Guarantor’s procedure was born following reports that had highlighted problems in the compulsory registration necessary to obtain the access to access to Venice. Registration did not concern only tourists, but also people normally exempt from payment, such as workers, commuters, temporary residents, people with disabilities, visitors engaged in medical treatment and several other categories.
According to the Authority, this has led to a preventive and disproportionate collection of data, including information not strictly necessary, such as movement reasons or personal details, which could have been requested only in the event of direct controls on the spot.
Another delicate point concerns the electronic totems installed in the city for registration. During the checks of the Guardia di Finanza it emerged that these devices were not fully safe: in fact it was enough to change the browser settings to make data made previously by other users. Even if they were only initials or validity dates, crossing that information with other elements, you could still identify people, exposing them to risks for their confidentiality.
No less problematic was the issue of data storage: a lot of information remained stored for months before the person actually accessed in Venice, in contrast with the principle of temporal limitation established by the GDPR. Although the Municipality has introduced some corrections – as more slender procedures and an expansion of the exemptions – for the guarantor these changes were not enough to resolve the main nodes.
In light of these critical issues, the Authority has therefore declared the processing of data by the Municipality illegal and imposed a series of interventions: to restrict the obligation to register preventive only to a few truly necessary cases, suspend the collection of data on the guests of the residents and make both the online portal and the devices used.
Sanctions
The Guarantor imposed a fine of 10,000 euros from the Municipality of Venice, a figure reduced to the possible penalties provided for by the GDPR in the event of more serious violations, which can reach up to 20 million euros or 4% of the annual turnover of the responsible body. The current sanction is really very low considering the revenues of the ticket and has above all symbolic value, also because the Municipality has collaborated with the authority and has made itself available to quickly correct the critical issues.
In fact, the provision provides that the Municipality adopts the corrective measures indicated by the authority, with the aim of ensuring that the collection and processing of data are proportionate, safe and compliant with privacy legislation.
To enter Venice, the ticket remains active: the Municipality will simply have to review the methods for the collection and management of personal data to align with privacy rules.
Political reactions
The affair aroused conflicting reactions in the city council. The Democratic Party group presented a question, criticizing the administration for having adopted an ineffective system in the management of tourist flows and for violating fundamental rights to the protection of personal data and confidentiality.
The Municipality, for its part, has started an investigation to examine in detail the findings formulated by the Guarantor and evaluate the actions necessary to protect the work of the Administration. The Councilor for the Budget stressed that the resources collected, net of management costs, will be intended for interventions for the benefit of residents and economic activities, such as the reduction of Tari.
Don’t you want to lose our news?
