Purpose



EUROPEAN COMMISSIONEUROSTATDirectorate B: Methodology, corporate statistical and IT servicesUnit B-1: Methodology and corporate architectureESTAT/B1/WGM(18)Available in EN only3rd meeting of theWorking Group on Methodology (WGM)Luxembourg, 3 May 2018Eurostat building BECH, Room Ampere Item 4.1Recent activities in confidentiality and micro data accessPurposeThe objective of this document is to provide the Working Group (WG) Methodology with an overview on recent activities in microdata access and statistical confidentiality. The last part of the document introduces the General Data Protection Regulation and its implications on the European Statistical System. The members of the WG are invited to:take note of the report;share information on related activities at national level, e.g. with regard to analysing researchers' publications based on national microdata, note the publication of the first European public use files and to support their production for further data sets (see para REF _Ref511219160 \r \h 2.3)foster national implementation of the recommendations for a harmonised protection of the 2021 census round (see para REF _Ref511219198 \r \h 3.1)provide feedback on the use of helpdesk services for the ESS statistical disclosure control tools (see para REF _Ref511219234 \r \h 3.2).Microdata accessIn 2013 the new Regulation governing access to microdata has been adopted. The principles remained the same (access for scientific purposes), but access procedures changed. The objective of the new law was to allow access to some new types of research organisations, to enlarge the scope of the European microdata sets offered and to allow for new modes of access. Since 2013 Eurostat has signed almost 750 eligibility agreements with research organisations all over the world. From these entities around 1500 applications for access were received, and each year a steady growth in demand can be observed. Over the past 5 years five new datasets have become available for scientific purposes so that now there are overall 12. Modernisation of microdata access systemEurostat is continuously striving for modernising the practical implementation of the Regulation and to improve access procedures for researchers. In January 2017 Eurostat implemented an on-line submission of microdata access requests. In 2018, following the agreement by the WG, the transmission of scientific use files via the secure S-CIRCABC platform was introduced. The on-line transfer will make the data delivery faster and more convenient for researchers. For Eurostat it comes with increased efficiency and transparency. The new system ensures security through a 2-factor authentication and data encryption. In 2018 Eurostat launched a dedicated website through which publications written using European microdata can be accessed. At the end of their research project, researchers are obliged to inform Eurostat about such publications. The website is constantly updated and will be further enriched with new features (for example filters). Microdata access Network Group (MANG)In June 2017 Eurostat organised a first meeting of the Microdata Access Network Group (MANG). The Group advises Eurostat on current and future developments of the European microdata access system. In particular the MANG discusses the modes of access to microdata, access procedures and data collections released. The Group brings together representatives of different microdata stakeholder groups and facilitates connections between them. The group comprises:National Statistical InstitutesRepresentatives of the research communityData archives, CESSDAESAC (European Statistical Advisory Committee)Researchers from European Commission Directorates GeneralAt the 2017 meeting the group in particular prioritised the microdata collections to be made available for scientific purposes, expressing a clear demand for time use survey. It also discussed the new modes of access and proposed some concrete improvements to the current Eurostat microdata access system (especially to the on-line submission system). The next meeting is scheduled on 14 June 2018. All information is available here. Public use files Based on a development by the Centre of Excellence on Statistical Disclosure Control, the WG on Methodology accepted in 2017 the methodology for the production of EU-Statistics on Income and Living Conditions (EU-SILC) and the EU Labour Force Survey (EU LFS) public use files. The EU-SILC PUFs for those 20 countries from which national statistical authorities gave their agreements are now published on the Eurostat website.The preparation of the EU LFS public use files could only be finalised in January 2018 as additional work was necessary to automatise the anonymisation of the more than 1000 files. Now most of the files are ready and will be sent to the LFS contact persons in the national statistical institutes with the request to agree to their publication. Modes of access to microdata - plans for 2018 and beyondEurostat currently offers microdata in two complementary modes of access: Secure use files are close to original data, only direct identifiers are removed. Due to the high risk of disclosure, these files are available only inside the Eurostat secure environment – the safe centre.Scientific use files are partly anonymised to reduce the probability of identification of the records/respondents. Partial anonymisation compensates for the increased risks. Scientific use files are transmitted to researchers via the secure S-CIRCABC platform. Secure use files have the highest value for researchers because they offer the highest level of detail. However, accessing these files comes with high costs, both for researchers and for Eurostat. For researchers, access to secure use files means travelling to and staying in Luxembourg for some days. For Eurostat, the costs are related to the provision of support to researchers during their stay and to manual output checking, i.e. the verification of the researchers' results from the point of view of data confidentiality. In principle the following modes of access can be considered that could overcome these impediments:decentralised or remote access: while these would allow a researcher to obtain access through safe centres in national statistical institutes or at their own premises, Eurostat remains responsible for checking the output;remote execution: this simplifies the output checking as the protection of the data can be done automatically – "on the fly" – on the basis of predefined routines. The second option – remote execution - presents the highest potential in terms of scope (broad range of possible service users and datasets to be offered) and long-term cost-efficiency (automatic output checking). Document 4.3 of the agenda describes in more detail the current activities towards the implementation of this concept in Eurostat. Centre of Excellence on Statistical disclosure control (SDC)Since 2014 Eurostat collaborates on statistical disclosure control (SDC) with seven national statistical institutes (NSI) which signed the Framework Partnership Agreement on SDC. The FPA brings together SDC experts from different countries and helps to develop methodological solutions common to the whole ESS and for different statistical domains. The FPA has come up with several outcomes so far, namely: Methodology for public use files for EU-SILC and EU-LFS (see item REF _Ref510600374 \r \h 2.3), Recommendations for a harmonised approach to protect the 2021 census resultsUser support and maintenance of SDC tools. Recommendations for SDC in the 2021 census roundThe project was carried out between 1/09/2016 and 31/08/2017 and produced recommendations for a harmonised protection of census 2021 tables. The project recommended using record swapping and the cell-key method (a random noise perturbation method) for the protection of cells with few observations. These methods guaranty consistency of the protection across linked tables and across different outputs: tables, ad hoc queries, grid cells etc. At their meeting on 14 November 2017, the EG on SDC validated the approach to be used on an ESS-wide basis. Moreover, at their meeting on 23 November 2017, the Census Working Group endorsed the approach, and particularly welcomed the provision of appropriate software.NSIs are now invited to implement the recommended approach. To foster its ESS-wide implementation, Eurostat makes available the SAS codes for record swapping and the cell-key method on a dedicated page on the CROS portal. NSIs are also invited to provide feedback to: estat-confidentiality@ec.europa.eu. As a next step, it is envisaged to translate the SAS-code for record swapping and the cell-key method into an open source language. To this end, Eurostat has recently signed a new project under the FPA with the seven NSIs (see more: item 4.3 of the agenda). User support for and maintenance of SDC toolsThe objective of this project is to ensure support, testing, maintenance and development of SDC software of interest to the NSIs in the ESS. There are 5 participating NSIs: Statistics Netherlands (project coordinator), Statistics Austria, DESTATIS, INSEE and SURS. The main outcome of the project is the central GitHub site where all codes and new releases of the respective open source software are stored. The project partners provide support on the use of tabular (tau Argus and sdcTable) and microdata (mu Argus and sdcMicro) protection software tools. The project runs until December 2018. Expert Group on Statistical disclosure Control (EGSDC) The Expert Group advices Eurostat on SDC methods and tools and discusses current questions in this field. In 2017 the Group was involved in the development of the anonymisation method for the Farm Structure Survey (see item 4.2 of the agenda), validation of the FPA projects outcomes and discussion on differential privacy and its potential use in the European Statistical System. The Expert Group provided as well some valuable comments on the draft confidentiality charter for pesticides statistics. The confidentiality charters lay down rules for the protection of EU aggregates if the national data are marked as confidential. All documents discussed by the EG are available on CIRCABC here. General Data Protection Regulation (GDPR) and its implications on European Statistical System (ESS)The General Data Protection Regulation (GDPR) which enters into force on 25 May 2018 introduces new rules for personal data protection. It will replace 28 national laws transposing directive 95/46/EC. The GDPR applies in all EU and EEA countries and on all “personal data” processed by the bodies performing their activities based on the national or EU laws. NSIs process personal data and are in the scope of the GDPR.The GDPR states that personal data shall be: processed lawfully, fairly and in a transparent manner collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; accurate and, where necessary, kept up to date; kept in a form which permits identification of data subjects for no longer than is necessary; processed in a secure manner. The GDPR defines and specifies the conditions of “lawful” processing; namely that the data subjects - the persons to whom personal data relate – agree to the processing and that the processing is legally or contractually necessary. The GDPR enforces the rights of data subjects. These rights include:Right to be informed (about a purpose and rules of processing, the information about processing must be provided to data subjects in clear and plain language; this information should be easy to access);Right to rectification (correction of data); Right to erasure ("to be forgotten");Right to restriction of processing;Right to data portability: right to have data transferred if possible;Right to object to data processing.NSIs collect and process personal data on the basis of the specific legislation on the production of statistics. The respondents (“data subjects”) are informed about the purpose of the data collection and give their consent to the use of the data for production of statistics. The specific role of statistics is recognised in the GDPR. Processing of personal data for statistical purposes benefits from many derogations from the normal rules in the GDPR, as it is considered to always be in the public interest (if carried out by national statistical authorities). More specifically:Further processing is generally not considered to be incompatible with the initial purposes for which the data were collected (example: administrative data transferred to NSIs for production of statistics).Personal data may be stored for longer periods than otherwise.Processing of "special categories" of data, e.g. health data, is not prohibited.No obligation to inform the data subject if this is impossible or would involve a disproportionate effort (this derogation does not apply if the personal data have been obtained directly from the data subject, it does apply if the data have been obtained from other sources, for example administrative). No right to erasure ("to be forgotten") for the data subject if this would render impossible or seriously impair the statistical objectives.No right to object for the data subject if the processing is necessary for the performance of a task carried out for reasons of public interest.The rights of data subjects (right of access, right to rectification, right to restriction of processing and right to object) may be restricted even further. The GDPR states that these additional derogations may be introduced in the Union or Member State law, but only if these rights are likely to render impossible or seriously impair the achievement of the specific statistical purpose and if such a derogation is necessary for the fulfilment of that purpose (Article 89). In February 2018, the ESS Committee discussed the implications of the GDPR on the statistical system. Most countries declared that they had already started introducing additional derogations in their national laws. The Committee decided that at a later stage - once the experience with application of GDPR has been collected - the implementation of additional derogations at the EU level (for example in Regulation 223/2009) could be considered. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download