Principle 5: Statistical Confidentiality

Statistical confidentiality is guaranteed in law.

Statistical confidentiality gives people and legal entities that provide information used to produce statistics the assurance that they will not be the subject of an individual administrative decision concerning them. It is guaranteed by French Ouvrir dans un nouvel ongletAct No 51-71 of 7 June 1951 on Legal Obligation, Coordination and Confidentiality in Statistical Matters, as amended.

In particular, Article 6 thereof lays down the rules on confidentiality and the conditions that apply to all surveys conducted by the French Official Statistical Service. The data on individuals from these surveys may not, unless the archive administration decides otherwise, be communicated by the department holding the data before a period of 75 years for natural persons and 25 years for legal entities has elapsed.

The obligations relating to statistical confidentiality also apply to administrative data that INSEE or the Ministerial Statistical Offices (MSOs) may receive under Article 7bis of the aforementioned Act.

The confidentiality obligation also applies to private data used for the needs of surveys for statistical purposes by the French Official Statistical Service under Article 3bis of the aforementioned Act.

Finally, Article 6 bis of this Act establishes the Ouvrir dans un nouvel ongletStatistical Confidentiality Committee, the mission of which is to make a decision on any question relating to statistical confidentiality and to issue opinions on requests for the provision of data on individuals collected by means of statistical surveys or transmitted to the French Official Statistical Service for the purpose of compiling statistics.

At European level, the confidentiality of statistical information is ensured by Article 338 of the Ouvrir dans un nouvel ongletTreaty on the Functioning of the European Union: “The production of Union statistics shall conform to [...] statistical confidentiality”. Statistical confidentiality is also addressed in Chapter V of Ouvrir dans un nouvel ongletRegulation No 223/2009, as amended, and in Ouvrir dans un nouvel ongletImplementing Regulation No 557/2013 as regards access to confidential data for statistical purposes.

Staff sign legal confidentiality commitments on appointment.

Pursuant to Article 26 of French Ouvrir dans un nouvel ongletAct No 83-634 of 13 July 1983 on the rights and obligations of civil servants, civil servants are bound by professional confidentiality and must exercise professional discretion over all dossiers and information of which they become aware in their work. In particular, these obligations apply to statistician civil servants working for the French Official Statistical Service.

Since September 2007, the principle of signing a confidentiality commitment has been introduced for all new staff (civil servants, contractors and temporary staff) taking up duties within the French Official Statistical Service, as well as for trainee civil servants. The form for non-civil servant staff is included in the employment contract between them and the Statistics Authority. By signing this document, all staff, regardless of their status, acknowledge that they have been informed that the law requires that they respect statistical confidentiality, a particular application of professional confidentiality. Confidentiality commitments were arranged for staff hired prior to 2007 in 2012. Staff are also informed of the penalties incurred in the event of non-compliance with statistical confidentiality.

This system was updated and further expanded in 2019–2020 (to trainees in particular). In addition, the confidentiality obligation is now also enshrined in subcontracts and agreements with partners.

Penalties are prescribed for any wilful breaches of statistical confidentiality.

Article 226-13 of the French Ouvrir dans un nouvel ongletCriminal Code, as amended, provides for a penalty of up to one year’s imprisonment and a fine of up to €15,000 for any breach of professional confidentiality, of which statistical confidentiality is a particular application.

Penalties may be higher in the event of non-compliance with Article 22 of French Ouvrir dans un nouvel ongletAct No 78-17 of 6 January 1978, as amended, on Data Processing, Data Files and Individual Liberties.

Guidelines and instructions are provided to staff on the protection of statistical confidentiality throughout the statistical processes. The confidentiality policy is made known to the public.

INSEE undertakes to ensure that the processing of personal data which it carries out for statistical purposes complies with the Ouvrir dans un nouvel ongletGeneral Data Protection Regulation (GDPR) and with French Ouvrir dans un nouvel ongletAct No 78-17 of 6 January 1978, as amended, on Data Processing, Data Files and Individual Liberties.

Information on the protection of personal data and respect for statistical confidentiality is published on insee.fr. In particular, that information includes the Guide to Statistical Confidentiality setting out the rules applicable to various situations (surveys, administrative sources, mixed sources) and providing the legal bases for these provisions. In addition, the “Personal Data Protection” section presents the data protection policy, the procedures for exercising rights for individual entrepreneurs and private individuals in relation to the processing and dissemination of personal data, as well as the statistical processing of personal data implemented since 25 May 2018. The guarantee of the confidentiality of the data is also included in the “Respond to an INSEE Survey” section and on the letters informing the respondents that the survey is being conducted.

Statistical confidentiality and confidentiality management are the subject of specific training actions for the staff of INSEE and the Ministerial Statistical Offices (MSOs). Within the Institute, the Legal Affairs and Litigation Unit is the department to contact for questions relating to the GDPR and statistical confidentiality. In addition, specialised teams provide software tools and technical notes allowing the optimal performance of processing related to data confidentiality, train INSEE staff and provide methodological support on the issue.

INSEE thus applies strict rules in the dissemination of data to ensure that statistical units cannot be identified (individuals, households, companies, etc.). The data published on the basis of surveys do not allow for the identification, whether directly or indirectly, of respondents. In the case of data relating to companies, no results are published if they concern less than three statistical units or if a single statistical unit contributes more than 85% of that result.

As an exception, following the opinions of the National Council for Statistical Information (CNIS) adopted at the plenary assembly of 3 July 1986, once a year, INSEE may publish the total number of employees of a business and of each of its establishments, its turnover bracket and its share of exports, unless the business expressly objects.

The necessary regulatory, administrative, technical and organisational measures are in place to protect the security and integrity of statistical data and their transmission, in accordance with best practices, international standards, as well as European and national legislation.

As a directorate of the Ministry for the Economy, INSEE is subject to the national regulations on information systems security (Ouvrir dans un nouvel ongletFrench State Information System Security Policy) as well as to the ministerial and practical versions thereof drawn up by the “Information System Security” authority of the Ministry.

The various facets of data security, namely integrity, confidentiality and availability, are at the heart of the security policy of INSEE’s information system. This security policy aims to provide a high level of risk control over the entire information system, designed as a set of both technical and organisational elements. These include not only the IT infrastructure but also the processes for information processing, people and any system that collects, processes and disseminates information on behalf of INSEE. This dual consideration, both business and technical, has resulted in the creation of a Digital Security Advisor position in 2021 to mirror the more technical position of Information System Security Manager.

Thus, the guarantees provided in terms of data protection go far beyond merely the issues of secure storage or management of authorisations and access: they are part of a global information system management system, which alone ensures the availability, integrity and confidentiality of the data collected and stored by the Institute. A cornerstone of this system is the creation, in 2018, of the Information System Directorate alongside a reorganisation of the teams responsible for the security and risk management of the INSEE information system, in particular the applications and infrastructure. In terms of applications, the reliability of INSEE’s applications is based on a certification policy that has been in place since 2010, the scope of which has gradually expanded to eventually cover all the constituent parts of the Institute’s information system. In terms of infrastructure, the reliability of INSEE’s infrastructure is based on two data centres administered by the national IT support and services department, which offers all resources for the statistical process processing chains and the harmonisation of business applications. The Infrastructure Security Policy was accompanied by an organisational review of the management of technical changes and the development of a multi-year plan to strengthen security levels. The security policy of INSEE’s information system also requires the support of internal users in order to ensure compliance with good digital practices. Finally, the security of the information system is linked to other aspects such as the safety of buildings and people.

Strict protocols apply to external users accessing statistical microdata for research purposes.

Within the strictly defined limits of French Ouvrir dans un nouvel ongletAct No 51-711 of 7 June 1951 on Legal Obligation, Coordination and Confidentiality in Statistical Matters, and of French Ouvrir dans un nouvel ongletAct No 78-17 of 6 January 1978, on Data Processing, Data Files and Individual Liberties, as amended, all information produced by the French Official Statistical Service (data and studies) is made available free of charge and in accordance with statistical confidentiality rules in the form of publications and on IT platforms and the websites of INSEE and the Ministerial Statistical Offices (MSOs). In particular, the anonymised detail files provided on the insee.fr website can be downloaded free of charge and the data contained in those files may be reused, including for commercial purposes, without a licence and without the requirement to pay a fee, in accordance with the legal notices published on the website.

However, a limited audience, especially researchers, can access confidential micro-data. The Ouvrir dans un nouvel ongletQuetelet-Progedo portal provides pseudonymised databases, so as to minimise the risks of re-identification through the recombination of variables needed for their processing operations. Researchers sign an individual commitment that includes, in particular, a clause regarding the exclusive purpose of the research.

In addition, the Secure Access Data Centre (Ouvrir dans un nouvel ongletCASD) provides equipment designed to enable researchers to work remotely from their research laboratories, under high security conditions, using data on individuals from Official Statistics that are subject to enhanced confidentiality obligations. In particular, the Secure Access Data Centre has ISO 27001 certification, the international standard for information systems security and ASIP Santé’s “Health Data Host” (Hébergeur de données de santé) certification.

To obtain access to confidential databases, authorisation from the Archives administration is required, which is provided after obtaining agreement from the producing service and an opinion from the Ouvrir dans un nouvel ongletStatistical Confidentiality Committee. In all cases, researchers must sign an individual confidentiality commitment, which informs them of the criminal penalties applicable. To access the data of the Secure Access Data Centre, users must attend a mandatory information and awareness raising session. During this session, each user is given a smart access card, on which a digital fingerprint is saved. The signing of a contract is also required. Since micro-data files accessible via Quetelet-Progedo and the Secure Access Data Centre may contain personal data, users are required to ensure that they comply with the obligations arising from Ouvrir dans un nouvel ongletRegulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation) and Title 1 of French Ouvrir dans un nouvel ongletAct No 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties, as amended.