Here we go! So, why the data collected needs to be saved for a period of seven years if tickets for Tallinn residents are "free" anyways? What "sales" that require accounting do we speak about when there is no money in the game? Pas d'intérêt, pas d'action (no damage, no case), isn't it? And why an e-mail address and telephone number is required? Isn't the address sufficient enough to consult the passenger in written, if really required?

Some people are not Tallinn residents...

very important to protect citizens personal information, there has been much misuse of this information in Estonia by banks, debt collection companies, collection of car parking penalties, and other unsrupulous use by third parties

What ticket sales? If it's free, you're not buying it, so how would the customer request his purchase records? And also, how do they have my email address and telephone number? I didn't provide that info when I personalized my transport card. So I guess they already had it. As for info on the itinerary: they cannot force microchip implants on us. Yet. So it's the second best alternative for monitoring people. Very innovative, way to go!

Yes, indeed some people are not Tallinn residents and so their privacy should be respected. As for Tallinners, they get what they choose.

"As for Tallinners, they get what they choose." I didn't choose anything on this. This is how democracy works: An _electing_ "majority" prescribes other, what to do. As Winston Churchill stated: "Democracy is the worst form of government except for all those others that have been tried." The Irish poet Oscar Wilde described it more drastically: "Democracy means simply the bludgeoning of the people by the people for the people." In any case, who are those pensioners (who were essentially the only who had the time to vote for "free" public transportation during normal working hours) to tell me that I have to be stripped down to the bone by the City Government for their desires, and I even have to pay my daily electorate approved x-ray with my taxes paid to them? These must be not quite right in the head as one should not bite the hand that feeds you!

Couldn't they just not link it to the person unless they choose to? Where I live in the US, we have RFID cards to ride on the subway and buses. You can buy the cards anonymously and then add money in cash using a machine (or credit card). You are not required to register the card online, but if you do (which requires only an email address), then you can go online and see your trip history. So in Tallinn, they can just track that they gave a card to a resident, but not the card number. If the resident loses it, they provide the card number to the government and they cancel that card electronically, before giving them a new one.

All this noise about data collection, privacy, etc. is just that - noise. The EU has already approved (no, demanded) that data on phone calls (made & received) as well as emails (sent & received) be collected and stored for a number of years. People post an unbelievable amount of personal data on sites such as FaceBook and other forums. You don't even want to start thinking about the data a government has available on each and every resident in the country. Get a loyalty card from e.g. an airline or supermarket and you would be shocked with the data they collect and what they do with it. They can even tell you what brand of toilet paper you use ;-) "Data Mining" is a well understood term with all marketing companies. Your data has commercial value. It is collected, stored and sold all the time with and without your knowledge. Nothing new. If it's total privacy you are looking for, find another planet. On this one it disappeared decades ago.

Dutch, all your lobbyism for RFID and comparison with unrelated technologies doesn't make your claims straight. The main issue is even not the technology used, but that clear identification (id card number) without further investigation required can be read from the farecards plus we speak here about a widely used state monopoly implementation with no other reasonable options left to the consumers. Therefore, it is right when the Data Protection Inspectorate is taking actions on this.

Knut, I just had a look at your FaceBook page... you recently got married (on my birthday), photos of yourself, info on your employer, your contact data, photos & names of your wife and child, where you went to school, a list of your friends, your phone number... Now if you also have a loyalty card from Rimi, Selver... they will know how much toilet paper you use and how much coffee (and which brand) you drink. Your Estonian ID number will tell the authorities what your income is, fines received from the police, which doctors you visit and medicines you use. And that's only the tip of the iceberg. Since recently they also know if and how you use the Tallinn transport system. WOW!!! Like that's really fascinating :-) As I said before, if you want privacy, go look for another planet.

Dutch, on facebook I decide myself what information I release and it is soft data only with no relevance at the courts, because maybe its my account or somebody else or some fake account you visited, contrary to state collected data that is verifiable hard data, but according to you who cares about privacy anyways, so would you kindly provide your real name please :)

Knut, you're wrong, I care very much about my privacy. Amongst others, I regularly check my digital footprint on Google and am all smiles when I can't find myself. I have a gmail account specifically for the purpose of registering whatever online, never use real data when registering, etc. I also stay far away from loyalty cards. And on my FaceBook page (with a fake name) I also pull up smoke screens to keep things off balance. That having been said, I also realize that I will never be able to stay under the radar all of the time. Yet, I would not hesitate to carry a RFID/NFC enabled card. Using these cards commercially myself, I am aware of the technical restrictions. And as they become more popular, the people that care about their data will also become more aware of how easy it is to edit the data on these cards. I accept that total privacy is simply not possible. But I am also often shocked by the amount and quality of data that the public happily provides every time again. 98% Of the public either don't care or they are not aware of what is happening. As long as that is the case, any battle for privacy is pretty much lost before it starts. And, believe me, it's not the government you should be worrying about but rather private companies. Google, Yahoo, FaceBook, Microsoft, FourSquare, the apps you download on your smart phone, the data you provide when registering on a site, where and for what you surf on the internet, etc. etc. etc. And lastly, to answer your question, my real name on a public forum... you're joking, right? :-)

Dutch, let me give some examples to clarify the difference between government obtained data and data collected by private parties, consumers (however stupid) voluntary provide. If I sign up for a bonus card with RIMI, I do this voluntary and sign a contract with them and give my consent to allow them to collect information about me how often I buy toilet paper at their place, so they can analyze my bowel movement. This is soft data as this information collected is of no legal relevance and mostprobably like not linked to my data from the population registry, plus I do have a choice to sign up with them and they do not hinder me to buy at their groceries in case I do not sign up for their card (I just loose this or another special offer reserved for such card holder only), but even if, there are other groceries that happely would serve me instead (and if not, the market would mostprobalby provide that if someone sees that there can be made money with such a barrater). When the government, however, provides me with some service they have a monopoly on it and requires me to get a card with my id card number, address, phone number and email address on it in order to make use of that service, then I am left with no choice but have to sign up for it involuntary. Now, let's say you are interested in buying my data, then the RIMI collected data is of no legal use and unverified, meanwhile the government collected data is not only verifiable, you already know that this data is verified officially and therefore qualifies of legal use (in case its legal to collect that information in the first place, which is still to be determined by the Data Protection Inspectorate). That gives the data collected with the "green" farecards a whole different quality compared to RIMI's data collection, or google, facebook, twitter or whatever service from the private economy (yes, I know there are some services with government approved elevated rights such as the database of krediidiinfo, but that's a different story, though). Now just think about a court case where the government sues you and about the release of information for resolving a case. Well, the government collected data with the "green" farecards qualifies (for the reason stated above) by default as presumptive evidence, meanwhile the RIMI collected data doesn't and requires a judicial order on top of that which will be not granted unless serious crimes do apply. I mean try to call to an internet operator and demand for the release of the user information of an IP adress you assume was used by me. They will mostprobably like reject your claim unless you have a executory title (or you are working for KAPO to combat terrorists). This is why it is so severe when the government tracks you where you jump in to their buses all the time with your verified data attached. On top of that, the potential misuse by third parties who can read and manipulate the data in your name, but the technology used is in itself the least problem.

Knut, your sense of "free will" where providing data is a bit over drawn. The farecard enables one to track which buses you take from A to B. That's about it. They already had your ID number, address, phone nr and possibly your email address before the farecard came along. Like the world gives a hoot about which bus you were on. (don't flatter yourself). If the government, police, kapo or whoever become interested in your whereabouts, there are much easier, cheaper, efficient and more reliable methods available. Verifiable data? If you're worried about this aspect, it takes less than 10 seconds to edit your ID nr., name, address and any other data on the farecard. Compared to what private companies are gathering, the farecard data is, in the best of cases, a joke. Even I (and I'm fairly paranoid in this respect) have no problem with it. Which bus I was on is not at all of any interest. And that I couldn't excercise my "free will"... I don't know what planet you are on but here on earth that disappeared decades ago (although most don't realize it).

Dutch, what is considered sensitive data is quite a philosophic question and when you ask 100 people on this, you will mostporbably get 100 different answer to that. Therefore, it is not relevant what you and me consider private, but ultimately the legal system and the acting government defines that. The thing is that we should not take our liberties for granted. On Estonian soil, for instance, we just enjoyed a relative wide range of liberties for just 40 years of all history, from 1919-1940 and from 1992 until present. All other times, this region was oppressed in this or another way with far far less liberties. And once an autocratic regime comes to power, the very first thing they do is to make use of all the information collected by the state and to use this as an oppressive tool against those that oppose them, no matter how meaningless you consider the information meant to be. Just check the story around IBM's punch card system during the Third Reich, the so called "programmed mass slaughter" which was in relation to our todays technologies datawise totally innocent. The story behind this is that IBM's German daughter company "Deutsche Hollerith Maschinen Gesellschaft (Dehomag)" best client has been the population statistician of the Third Reich. IBM CEO Watson personally traveled to Berlin, as its Germany branch has won the contract to evaluate the German census in 1933. Within four months, for the first time in human history, IBM's punch cards allowed to determine the proportion of Jews in each city, occupation or household in the Third Reich. Their statistical officers, for example, then could determine that the Berlin district of Wilmersdorf had the "strongest penetration with Jews" (13.54 percent), that 5.28 percent of all furriers were what they called "fur Jews" or to take into account that the emigration figures mid-1936 still expected 415,000 to 425,000 practicing Jews in the German Reich. This technology was the heart of the "automatic reporting system" for the Third Reich and later on also used for their military logistics, namely also for the deportation transports to the death camps. Of course you may argue that the Third Reich would have done all the crimes anyway and could have collected the data in different ways also, but this has been irrefutable a useful tool to support and automate these actions. Now, the "green" farecards are actually indeed an electronic continuation of the punch cards, that, as it stands, give a precise footprint by name for a data retention period of seven years, meanwhile, say GSM data has detention period of two years in Estonia (and is not a precise unless in combination with other tools enabled). You also have to view this in the light of post 9/11 (and also the London bombing in 2005 in particular), where certain state agencies in Europe and America felt forced to take detialed actions on tracking down its population, which some critics say is directing to a surveillance society, namely in the EU concerning the INDECT project, which is aimed to detect automatically "abnormal behavior" of people in public in order to "predict" crime (and is not just limited to CCTV surveillance, btw). And once a new techonology is introdcued that widely covers the tracking of large parts of a population, this creates desire to make use of the data collected for a variety of reasons, even if this would be just as a supplement. In a surveillance society, however, people automatically and silently are pushed into situations, where they "voluntary" change their behaviour, what they do, how they do, and finally what they say and do not say, simply because they subconscious know that they are observed and in order to avoid to attract attention that may lead to unpleasant situations. By that point, you actually can hardly argue that we still live in a free society, but is morelike a subversive version of an autocracy, where people are not forced openly to change their pattern of behavior (like under the gun of dictatorships), but where self-censorship leads to similar effects. For that reason, we should restrict governments on the personalized information they are _legally_ able to collect about its population, because they have the ultimate monopoly of power over them with the greatest potentials of misuse.