The Italian DPA rejects basic aspects of the law-imposed centralized electronic invoicing system because it had serious privacy flaws

The centralized electronic invoicing system (e-invoicing), as originally structured by the Agenzia delle Entrate (“Agenzia”), the Italian tax authority, has been significantly curtailed by a recent decision of the Italian DPA (Garante Privacy, “Garante”). In its decision, the Garante found that the system contained major critical issues vis-a-vis data protection law.

The e-invoicing is a system in which a provider of goods and services will use software to prepare and issue its invoices, use a digital signature to sign it, and then send it through the so called SDI, inter-exchange system run by the Agenzia.  Legislative Decree 127/2015 allowed providers to use e-invoices starting January 1, 2018, while the Budget Law 2018 made e-invoicing compulsory starting January 1, 2019 for all the invoices issued between Italian residents (B2B and B2C, with few exceptions). Last April the Director of Agenzia issued a decision providing instructions on the SDI.

The numbers are huge: in 2017 in Italy 2.1 billion invoices were issued; we are talking of a massive amount of data.

As originally designed, the Agenzia would not only work as an “intermediary” in sending the invoices to the payees but it would store in its data base all the electronic invoices that it would “inter-exchange”. The problem is that the invoices to be stored contain detailed information – many of which are absolutely irrelevant from a tax perspective but quite personal – describing purchased goods and services, and therefore revealing tax payers’ spending habits and other personal information connected to the purchase (e.g., utility bills, the use of means of transportation  and communication such as flight tickets, train tickets, hotel bills, tolls, etc.) and sometimes even revealing special categories of information (such as health care information — sometimes of children — in case of medical bills) and information related to the legal needs of the tax payers when issued by lawyers.

In the “new” centralized electronic invoicing system (i.e., the system as “re-written” by the Garante) the Agenzia will only store that data that is necessary to allow automatic tax checking (i.e, the information that allows the Agenzia to spot the inconsistency between stated revenues and revenues as coming out from the data available to the Agenzia). Importantly, the description of purchased goods and services will not be stored. The system will need to be modified according to the Garante’s decision.

The Garante also decided that health care providers shall not be required to use the centralized electronic invoicing system for their invoices.

The decision of Garante can be found here:
For more information, Francesca Giannoni-Crystal