Statistical confidentiality and personal data protection
Statistical data are subject to 2 data protection frameworks:
- specific framework for the protection of data collected for statistical purposes
- general personal data protection framework, which is applicable whenever information about natural persons is collected.
Protection of data collected for statistical purposes
The protection of data collected for statistical purposes, also called statistical confidentiality, is a fundamental principle of official statistics. Statistical confidentiality means that data on individuals or business entities may only be used for statistical purposes and that rules and measures must be taken to prevent disclosure.
General data protection framework (GDPR and EUDPR)
The general data protection framework applies to personal data that is collected for administrative, commercial, statistical or other purposes. The general data protection regulation (GDPR) ensures the rights of data subjects and imposes obligations on data controllers (organisations that collect and process the data). The personal data protection aspects, like data security, transparency or lawfulness of data processing should be a key part of the design of any data collection.
The data protection regulation of EU institutions, bodies, offices, and agencies (EUDPR) is applied by Eurostat. The EUDPR includes very similar rules like the GDPR.
Further information information is available on the data protection website of the European Commission.
Terms and definitions
| Personal data protection framework | Statistical framework |
|---|---|
| ‘Personal data’ means any information relating to an identified or identifiable natural person or data subject. An identifiable person is someone who can be identified, directly or indirectly, with reference to an identification number or to one or more factors specific to their physical, physiological, mental, economic, cultural or social identity. | ‘Confidential data’ means data that allow statistical units to be identified, either directly or indirectly, thereby disclosing individual information. To determine whether a statistical unit is identifiable, all relevant means that might reasonably be used by a third party to identify the statistical unit must be considered. |
| ‘Data subject’ is the person whose personal data are collected, held or processed by the data controller. | ‘Statistical unit’ means the basic observation unit, namely a natural person, household, economic operator, and other undertakings, referred to by the data. |
| Purpose of data collection: data collected for different purposes | Purpose of data collection: data collected for statistical purposes |
| Scope: data on persons | Scope: all data collected for statistical purposes based on the applicable law; data on natural persons, households, and businesses |
Microdata files
Microdata files for researchers contain information about individual persons (natural or legal). These microdata files are prepared to reduce the risk of respondents being identified. Microdata files released by Eurostat never contain direct identifiers like names, addresses or identification numbers. The information on respondents is reduced to ensure their anonymity.
Below an example of protection measures applied to microdata of the EU statistics on income and living conditions:
- age: top coded 80y and above
- year of birth: recoded: year of survey minus 81 and below
- region: NUTS 1 level
- year of immigration: grouped into 5-year classes
- country of birth: recoded (reference country, other EU country, other country - non EU)
- citizenship: recoded (reference country, other EU country, other country - non EU)
- education: highest level attained according to the 'International Standard Classification of Education' (ISCED) classification
Microdata files containing information on natural persons fall within the scope of both the personal data protection framework and statistical confidentiality framework. Researchers who have met all access conditions are allowed to use microdata and are therefore required to follow the same rules as anyone else who receives personal data. For example, researchers must use the data for the agreed purpose, for a specific period, and with respect to security rules. The researchers also must follow the requirements of EU statistical legislation, namely: to use the data for scientific purposes only, to respect rules for publication of results and to destroy original data after use.
Personal data protection rules for microdata files
Eurostat provides access to microdata to recognised research entities, such as universities, research institutes, research departments or other organisations.
Once accredited, research entities sign an agreement with Eurostat. In line with the rules in force for the protection of personal data, 3 types of agreements exist:
- agreement with recipients in jurisdictions recognised by the European Commission as providing an adequate level of personal data protection. These are:
- countries in European Economic Area (EEA)
- jurisdictions recognised by the Commission as providing adequate level of protection (Andorra, Argentina, Canada (commercial organisations), the Faroe Islands, Guernsey, Israel, the Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, the United States (commercial organisations participating in the EU-US Data Privacy Framework), and Uruguay).
- agreement with recipients in other jurisdictions, not recognized by the Commission as providing adequate level of protection
- agreement with recipients in international organisations.
The template of the agreement with recipients in other jurisdictions and of the agreement with recipients in international organisations, comprises the necessary additional commitment that recipients need to satisfy in line with Chapter V of the Regulation on the protection of personal data by EU institutions (EU DPR) on transfer of personal data to third countries or international organisations.
Applicable legal acts
The table below provides information on the legal acts for personal data protection and for statistical confidentiality applicable in the EU.
| Personal data protection laws | |
|---|---|
| Legal acts applicable in the EU Member States | Legal acts applicable in the EU institutions |
| EU regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR). | EU regulation 2018/1725 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (EU DPR) |
| Statistical laws | |
|---|---|
| National laws covering all data collected in the countries for statistical purposes | European laws covering European statistics |
| Separate laws in the EU/EEA/EFTA countries | EU regulation 223/2009 on European statistics For microdata access: EU regulation 557/2013 on access to confidential data for scientific purposes |