Statistical confidentiality and personal data protection - Access to microdata
Statistical confidentiality and personal data protection
Statistical data are subject to two data protection frameworks:
- the general personal data protection framework which applies every time information about individual persons is collected no matter for what purpose
- the specific framework for the protection of data collected for statistical purposes.
The general data protection framework applies to personal data collected for all kinds of purposes: administrative, commercial, statistical or any other. The General Data Protection Regulation strengthens the rights of data subjects and obligations of data controllers (data controllers: the organisations that collect and process the data). The personal data protection aspects (data security, data traceability, data access) should be an essential element of the design of any data collection. Further information is available here.
The protection of data collected for statistical purposes – "statistical confidentiality" - is a fundamental principle of official statistics. Statistical confidentiality means that data on individual persons (or business entities) may be used only for statistical purposes and that rules and measures shall be applied to prevent the disclosure of information concerning an individual person or business entity. Further information is available here.
Terms and definitions used in the personal data protection framework and the statistical framework
|Personal data protection framework||Statistical framework|
|'Personal data' means any information relating to an identified or identifiable natural person or "Data Subject". An identifiable person is someone who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity.||‘Confidential data’ means data which allow statistical units to be identified, either directly or indirectly, thereby disclosing individual information. To determine whether a statistical unit is identifiable, account shall be taken of all relevant means that might reasonably be used by a third party to identify the statistical unit.|
|'Data Subject' is the person whose personal data are collected, held or processed by the Data Controller.||‘Statistical unit’ means the basic observation unit, namely a natural person, a household, an economic operator and other undertakings, referred to by the data.|
|Purpose of data collection: all purposes||Purpose of data collection: data collected for statistical purposes|
|Scope: data on persons||Scope: all data collected for statistical purposes on the baisis of the applicable law; data on persons, households, business entities|
Examples of data in and out of the respective legal frameworks
Example 1: statistically confidential personal data
The statistical data collected through questionnaires are stored in files in which each record contains information about individual respondent. These files are called microdata files. They provide the basis for the compilation of statistics or indicators. When these microdata files contain information about natural persons and when these persons are identifiable these data fall both in the scope of statistical confidentiality and personal data protection.
Example 2: statistically confidential but not personal data
Business data are considered confidential if they lead to disclosure of information pertaining to a particular enterprise. For example, aggregated turnover of a specific type of enterprise located in a given region would be considered confidential if in this region there are only 1 or 2 companies of this type. This data is subject to the statistical data protection framework (statistical confidentiality). These data are outside personal data protection framework because they concern legal persons.
Example 3: personal data but not statistically confidential data
The data on natural persons collected for purposes other than statistical fall under the scope of personal data protection.
Why is the protection of personal data important in the context of access to microdata for scientific purposes?
Microdata files for researchers (scientific use files) contain information about persons. These microdata are especially prepared to reduce the risk of identification of respondents. Microdata files released by Eurostat never contain direct identifiers like name, address, identification number. The information about respondents is reduced to ensure their anonymity. The example of protection measures applied on microdata (Labour Force Survey):
AGE – by 5-year bands
NATIONALITY/COUNTRY OF BIRTH – up to 15 predefined groups
NACE – at 1-digit level
ISCO – at 3-digit level
INCOME – only provided as (national) deciles and from 2009
HHNUM - household numbers are randomised per dataset, not allowing to track respondents across time.
Microdata files for researchers are in the scope of both: personal data protection framework and statistical confidentiality framework. Therefore the authorized users of microdata (researchers having fulfilled all conditions described here) are obliged to fulfil the same obligations as other recipients of personal data, for example to use the data for agreed purpose, for a specific period of time and with respect to security rules. The researchers have to follow also requirements of the European statistical legislation, namely: to use the data for scientific purposes only, to respect reliability and confidentiality thresholds and to destroy original data after use.
How is the protection of personal data ensured in the context of access to microdata for scientific purposes?
Eurostat provides access to microdata to researchers belonging to research entities (universities, research institutions, research departments or other organisations) which have been accredited by Eurostat. This accreditation is based on an assessment of the organisation applying for access and of the purpose for which access is requested. The legal basis is Regulation (EU) No 557/2013 on access to confidential data for scientific purposes.
Once accredited, research entities sign an agreement with Eurostat which – in line with the rules in force for the protection of personal data – distinguishes between:
- recipients in jurisdictions recognised by the European Commission as providing an adequate level of personal data protection. These are the EU and EEA countries. In addition, the European Commission has recognized Andorra, Argentina, Canada (commercial organisations), Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay as providing adequate protection: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm
- and recipients in other jurisdictions. For them the template comprises an additional commitment that recipients "have no reason to believe, at the time of entering into clauses, in the existence of any laws to which they are subject that would have a substantial adverse effect on the guarantees provided for under the clauses, and that they will inform Eurostat if they become aware of any such laws".
The table below provides information on the legal acts for personal data protection and for statistical confidentiality applicable in the EU.
|Personal data protection laws||Statistical laws|
|Legal acts applicable in EU Member States||Legal acts applicable in the EU institutions||National - covering all data collected in the countries||European - covering European statistics|
|Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR||Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data||Separate laws in the EU/EEA/EFTA countries, more details can be found here (see Partners / European Union||
Regulation 223/2009 on European statistics
For microdata access: Regulation (EU) No 557/2013 on access to confidential data for scientific purposes