Garante per la protezione dei dati personali (Italy) - 9261093

From GDPRhub
Garante per la protezione dei dati personali (Italy) - 9261093
LogoIT.png
Authority: Garante per la protezione dei dati personali (Italy)
Jurisdiction: Italy
Relevant Law:
Article 2-quinquiesdecies of the Privacy Code (Legislative Decree 196/2003)
Type:
Outcome: n/a
Started:
Decided: 23.01.2020
Published: 23.01.2020
Fine: None
Parties: Istat
National Case Number/Name: 9261093
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Italian
Original Source: Garante per la protezione dei dati personali (in IT)
Initial Contributor: n/a

With the provision No. 10 of 23 january 2020, the Italian Data Protection Authority assessed Istat's request for authorization to process data, pursuant to article 2-quinquiesdecies of the Privacy Code (Legislative Decree 196/2003).

English Summary

Facts

With the provision No. 10 of 23 january 2020, the Italian Data Protection Authority assessed Istat's request for authorization to process data, pursuant to article 2-quinquiesdecies of the Privacy Code (Legislative Decree 196/2003).

Assessment

The Authority:

  • has informed Istat that, from a methodological point of view, the data controller is required to implement adequate technical and organizational measures to guarantee and demonstrate that the treatment carried out is in compliance with the discipline;
  • has prescribed to adopt suitable pseudonymisation techniques to guarantee the effectiveness of the principles of minimization and limitation of conservation;
  • has prescribed to integrate the general census plan with an indication of the methods for returning to the municipalities, in aggregate form, the information collected according of the census;
  • has prescribed to integrate the impact assessment on the protection of personal data relating to statistical works related to the creation of the permanent Census with the indication of the probabilities, through specific metrics, of re-identification of the interested parties.
  • required to Istat to communicate, within 120 days from the notification of this provision, what initiatives it has undertaken or intends to undertake to implement the prescriptions indicated in this provision, especially regarding the techniques of pseudonymisation, and to still provide adequately documented feedback; any lack of feedback may result in the application of the administrative fine pursuant to art. 83, par. 5 of the Regulation.

The Authority authorized Istat to carry out the processing of personal data necessary for the creation of the permanent census, highlighting the persistence of problems and giving explicit warning and prescriptions.

The Data Protection Authority indicates to Istat (national census body) that, in order to carry out the permanent census, it must adopt adequate pseudonymisation techniques within 4 months to avoid identifying people. The production of statistical processing could, for quantity and quality, involve the identification of people.

The procedure proposed by Istat, based on the attribution of a unique code for each individual natural person, adopted for all the institution's databases and for a data retention period that can even be 120 years, is risky as, with respect to the census purpose, there may be processing of irrelevant and excess data.

In the consequence, the Authority prescribed Istat to put in place pseudonymisation measures, for example by carrying out a system of hierarchical decoupling of the codes with the assignment of different pseudonymous codes, each with a limited validity based on the purpose pursued.

The Authority ordered the institute ti integrate the impact assessment due to the probability that the aggregated data could be referable to specific people.


Comment

Share you comment here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the original. Please refer to the Italian original for more details.

PLEASE NOTE: Not finished due to it taking time to manually fixing the formating. Feel free to add.

Ruling of 23 January 2020
Register of measures
n. 10 of 23 January 2020
THE GUARANTOR FOR THE PROTECTION OF PERSONAL DATA
In today's meeting, in the presence of dr. Antonello Soro, president, of Dr. Augusta Iannini, vice president of Dr. Giovanna Bianchi Clerici and Prof. Licia Califano, members, and Dr. Giuseppe Busia, secretary general;

Given the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of natural persons with regard to the processing of personal data, as well as the free movement of such data and which repeals the directive 95/46 / CE (General data protection regulation);

Given the Legislative Decree 10 August 2018, n. 101, containing "Provisions for the adaptation of national legislation to the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 relating to the protection of persons physical with regard to the processing of personal data, as well as the free movement of such data and which repeals Directive 95/46 / EC ";

As per Legislative Decree no. 196 of 30 June 2003, containing the "Code regarding the protection of personal data, as modified by the aforementioned Legislative Decree 10 August 2018, n. 101 (hereafter Code);
Given the Legislative Decree 6 September 1989, n. 322 containing “Rules on the national statistical system and on the reorganization of the Institute national statistics ";

Given, in particular, art. 6-bis, paragraph 1-bis, of the aforementioned Legislative Decree 322 of 1989, inserted by art. 9, paragraph 6-bis, lett. c) of Legislative Decree 28 January 2019, n. 4, converted, with modifications, by l. March 28, 2019, n. 26, according to which "for the processing of personal data,
including those referred to in Article 9 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, carried out for statistical purposes of significant public interest pursuant to article 2-sexies, paragraph 2, letter cc), of the code regarding protection of personal data, pursuant to  Legislative Decree 30 June 2003, n. 196, in accordance with article 108 of the same code, the national statistical program specifies the types of data, the operations that can be carried out and the measures taken to protect rights and the freedoms of the interested parties, if they are not identified by a provision of law or regulation. The national statistical program, adopted after hearing the Guarantor for the protection of personal data, indicates the technical measures and organizational measures to guarantee the lawfulness and correctness of the treatment, with particular regard to the principle of minimization of data data, and, for each treatment, the methods, the categories of interested parties, the purposes pursued, the sources used, the main ones acquired variables, retention times and categories of data recipients (...) ";

Furthermore, having regard to art. 15, paragraph 1, lett. b) of Legislative Decree 322 on the basis of which Istat has the task of providing for the "execution of the censuses and other statistical surveys required by the national statistical program and entrusted to the execution of the Institute ";

Given the law of 27 December 2017, no. 205 containing "State budget for the financial year 2018 and multi-year budget for the three-year period 2018-2020 "(budget law), which assigns Istat the task of carrying out various censuses, including the" census permanent population and housing, pursuant to article 3 of decree-law 18 October 2012, no. 179, converted, with amendments, by law no. 221, and of the decree of the President of the Council of Ministers 12 May 2016 in population census and national archive of house numbers and urban streets ”- following census permanent- (Article 1, paragraph 227, letter a));

Given the art. 1, paragraph 228, of the budget law under which “permanent censuses are based on the integrated use of sources administrative and other sources of data useful for census purposes and on the performance of periodic surveys. For the purpose of data integration for the execution of the censuses referred to in paragraph 227, without prejudice to further provisions in the national statistical program,
entities, administrations and bodies responsible for the databases indicated below are required to make them available to ISTAT, according to the methods and times established in the General Census Plans, referred to in paragraph 232, and in the subsequent educational documents: archives on workers and pensioners of the INPS; b) archive of mandatory communications from the Ministry of Labor and Policies
social; c) national registry of students and national registry of students and graduates of the universities of the Ministry education, university and research; d) archives on migration flows of the Ministry of the Interior; e) Integrated information system of Single purchaser SpA on the consumption of electricity and gas, after stipulating a memorandum of understanding between ISTAT and the Single Buyer SpA, after consulting the Authority for electricity, gas and the water sector, renamed pursuant to paragraph 528, the
Guarantor for the protection of personal data and the Authority for competition and the market; f) administrative archives on AGEA farms and geographic data; g) tax registry, archives of tax models, building cadastre, land cadastre e properties, including the geographical component, archives on lease and sale and purchase agreements for land and buildings of the Revenue Agency "

Given the art. 1, paragraph 232, of the budget law under which the "ISTAT carries out the operations of each census through the General census plans "(...) which must define, in particular:

"The methods and times of supply and use of data from administrative archives and from other sources necessary for carrying out the census operations; the subjects required to provide the requested data, the measures for the protection of personal data and the protection of the statistical confidentiality referred to Article 9 of Legislative Decree 6 September 1989, n. 322, the methods of disseminating data also in disaggregated form and with a frequency of less than three units, in accordance with article 13 of the same decree; the methods of communication of elementary data, without identifiers, to the public bodies and bodies referred to in letter a), even if they are not part of the National statistical system, necessary for statistical treatments instrumental to the pursuit of their respective purposes institutional, in compliance with current legislation on the protection of personal data "(letter b) and c))

Given the art. 1, paragraph 233 of the budget law, as amended by art. 22, paragraph 7 of Legislative Decree 101 of 2018, based on which “Istat, in agreement with the Ministry of the Interior, defines, through the General Plan of the permanent census of the population and housing, circulars and technical instructions, the methods for returning information in aggregate form to municipalities collected as part of the census, necessary for the purpose of revising the resident population registries referred to in Article 46 of the regulation referred to in the decree of the President of the Republic 30 May 1989, n. 223, as well as the technical methods and the periodicity of this review ";

Given the "Ethical rules for treatments for statistical or scientific research purposes carried out within the Statistical System national ", Annex A.4 to the Code;

Having regard to the opinion on the 2017-2019 National Statistical Program outline, 2018-2019 update (PSN) of 9 May 2018(doc. web 9001732 ), with which the Guarantor expressed an unfavorable opinion, in particular, in relation to the statistical works related to the implementation of the permanent census which have been suspended (see point 4);

Given the provision of 4 October 2018 (web doc. 9047672 ) with which the Guarantor, in authorizing Istat to start operations census of field data collection -prescribing, at the same time, that within the Areal survey (A) interested in the possibility of using at least one alternative method of data collection, in addition to the door to door detection by the the surveyor- also deemed it necessary, expected high risks for the freedoms and rights of the interested parties, to continue the investigations carried out, also in collaboration with the Institute, aimed at complying, with the legislation on the protection of personal data, i treatments under examination;

Given the note of the Office of the Guarantor, of 19 November 2019 (prot. No. 40041), with which the Institute was asked to formalize sending the necessary documentation for the Authority's assessments in relation to the data protection aspects personal data connected to the realization of the permanent census and which, at the outcome of the opinion of 4 October 2018, presented still specific criticalities indicated  in the note itself;

Given the note, of 29 November 2019 (prot. No. 3081653), with which Istat, following the aforementioned provision of the Guarantor of the October 4, 2018 and the numerous discussions with the Authority, in representing the need to "have to take action as soon as possible possible time for the release of a first part of the tables foreseen in the plan of diffusion of the permanent census so respond to the information needs of users and, in particular, of local authorities, first of all of the municipalities that they collaborate with Istat in conducting the data collection activity ", sent a new updated version of the scheme General census plan (hereinafter also PGC only) and related impact assessment;

Given the art. 2-quinquesdecies of the Code which implements art. 36, par. 5 of the Regulation in relation to the treatments that present high risks for performing a public interest task; Having regard to the documentation in documents;

Given the comments made by the secretary general pursuant to art. 15 of the Guarantor regulation n. 1/2000;
Speaker dr. Antonello Soro;

[...]