Tallinn Required to Make Changes in Farecard System to Ease Privacy Concerns
The Data Protection Inspectorate has taken issue with the level of privacy in Tallinn's public transport ticketing system, proposing numerous changes which the city has pledged to implement next week.
An investigation of the system was launched in January, shortly after the electronic ticketing system was launched, a statement from the Data Protection Inspectorate said.
The transport database has so far kept a precise record of ticket information. When a farecard is personalized, a passenger's name, home address, national ID code, location of use, discounts (such as for a disability), and in some cases email and phone numbers are stored for seven years.
The investigation found no reason to keep the records for such a long period of time. The agency suggested the location of use - at a given bus stop when a farecard is waved by a validator upon boarding - be only stored in the database for up to seven days. Other information, such as the transport route of use and personal data, should only be stored for two years, the agency said. Information such as a passenger's discounts will also have to be hidden from ticket checkers.
The city has said that the travel records are being kept to improve supply-and-demand planning of public transport routes. The Data Protection Inspectorate said the solution that has been offered still allows the city access to information needed for this purpose.