18.6.2013

EN

Official Journal of the European Union

L 164/16

---

COMMISSION REGULATION (EU) No 557/2013

of 17 June 2013

implementing Regulation (EC) No 223/2009 of the European Parliament and of the Council on European Statistics as regards access to confidential data for scientific purposes and repealing Commission Regulation (EC) No 831/2002

(Text with EEA relevance)

THE EUROPEAN COMMISSION,

Having regard to Regulation (EC) No 223/2009 of the European Parliament and of the Council of 11 March 2009 on European statistics (1) and in particular Article 23 thereof,

Having regard to the opinion of the European Data Protection Supervisor,

Whereas:

(1)	Regulation (EC) No 223/2009 establishes a legal framework for the development, production and dissemination of European statistics, including the general provisions on protection of and access to confidential data.

(2)	The benefits of data collected for the purposes of European statistics should be maximised, inter alia, by improving the access to confidential data by researchers for scientific purposes.

(3)

Many questions raised in the fields of economic, social, environmental and political sciences can be answered adequately only on the basis of relevant and detailed data allowing in-depth analyses. The quality and the timeliness of available detailed information for research has, in this context, become an important component of a science-based understanding and governance of society.

(4)

The research community should, therefore, enjoy wider access to confidential data used for the development, production and dissemination of European statistics, for analysis in the interest of scientific progress, without compromising the high level of protection that confidential statistical data require.

(5)	Bodies with the objective of promoting and providing access to data in the interest of scientific research in socially- and policy-relevant areas could contribute to the process of releasing confidential data for scientific purposes, thereby improving the accessibility of confidential data.

(6)	A risk management approach should be the most efficient model with a view to making a wider range of confidential data available for scientific purposes while preserving the confidentiality of respondents and statistical units.

(7)	The physical and logical protection of confidential data should be ensured by regulatory, administrative, technical and organisational measures. These measures should not be so excessive as to limit the utility of the data for the purpose of scientific research.

(8)	To this effect, in accordance with Regulation (EC) No 223/2009, Member States and the Commission should take appropriate measures to prevent and sanction any violations of statistical confidentiality.

(9)	This Regulation ensures, in particular, full respect for private and family life and for the protection of personal data (Articles 7 and 8 of the Charter of Fundamental Rights of the European Union).

(10)

This Regulation should apply without prejudice to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to processing of personal data and on the free movement of such data (2) and to Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (3).

(11)

This Regulation should apply without prejudice to Directive 2003/4/EC of the European Parliament and of the Council of 28 January 2003 on public access to environmental information (4) and to Regulation (EC) No 1367/2006 of the European Parliament and of the Council of 6 September 2006 on the application of the provisions of the Aarhus Convention on Access to Information, Public Participation in Decision-making and Access to Justice in Environmental Matters to Community institutions and bodies (5).

(12)	Commission Regulation (EC) No 831/2002 of 17 May 2002 implementing Council Regulation (EC) No 322/97 on Community statistics, concerning access to confidential data for scientific purposes (6) should be repealed.

(13)	The measures provided for in this Regulation are in accordance with the opinion of the European Statistical System Committee (ESS Committee),

HAS ADOPTED THIS REGULATION:

Article 1

Subject matter

This Regulation establishes the conditions under which access to confidential data transmitted to the Commission (Eurostat) may be granted for enabling statistical analyses for scientific purposes, and the rules of cooperation between the Commission (Eurostat) and national statistical authorities in order to facilitate such access.

Article 2

Definitions

For the purposes of this Regulation, the following definitions shall apply:

(1)	‘confidential data for scientific purposes’ means data which only allow for indirect identification of the statistical units, taking the form of either secure-use files or scientific-use files;

(2)	‘secure-use files’ means confidential data for scientific purposes to which no further methods of statistical disclosure control have been applied;

(3)	‘scientific-use files’ means confidential data for scientific purposes to which methods of statistical disclosure control have been applied to reduce to an appropriate level and in accordance with current best practice the risk of identification of the statistical unit;

(4)	‘statistical disclosure control methods’ means methods to reduce the risk of disclosing information on the statistical units, usually based on restricting the amount of, or modifying, the data released;

(5)	‘access facilities’ means the physical or virtual environment and its organisational setting where access to confidential data for scientific purposes is provided;

(6)	‘national statistical authorities’ means the national statistical institutes and other national authorities responsible in each Member State for the development, production and dissemination of European statistics as designated in accordance with Regulation (EC) No 223/2009.

Article 3

General principles

The Commission (Eurostat) may grant access to confidential data for scientific purposes held by it for the development, production or dissemination of European statistics as referred to in Article 1 of Regulation (EC) No 223/2009, provided that the following conditions are satisfied:

(a)	access is requested by a recognised research entity;

(b)	an appropriate research proposal has been submitted;

(c)	the requested type of confidential data for scientific purposes has been indicated;

(d)	access is provided either by the Commission (Eurostat) or by another access facility accredited by the Commission (Eurostat);

(e)	the relevant national statistical authority which provided the data has given its approval.

Article 4

Research entities

1.   Recognition of research entities shall be based on criteria referring to:

(a)	the purpose of the entity; the assessment of the purpose of the entity shall be carried out on the basis of its statute, mission or other declaration of purpose; the purpose of the entity shall include reference to research;

(b)

the established record or reputation of the entity as a body producing quality research and making it publicly available; the experience of the entity in carrying out research projects shall be assessed on the basis of, inter alia, available lists of publications and research projects in which the entity was involved;

(c)

the internal organisational arrangements for research; the research entity shall be a separate organisation with legal personality, focused on research or a research department within an organisation; the research entity must be independent, autonomous in formulating scientific conclusions and separated from policy areas of the body it belongs to;

(d)	the safeguards in place to assure security of the data; the research entity shall fulfil technical and infrastructure requirements assuring security of the data.

2.   A confidentiality undertaking covering all researchers of the entity who will have access to the confidential data for scientific purposes and specifying the conditions for access, the obligations of the researchers, the measures for respecting the confidentiality of statistical data and the sanctions in the event of a breach of these obligations shall be signed by a duly designated representative of the research entity.

3.   The Commission (Eurostat) shall, in cooperation with the ESS Committee, establish guidelines for the assessment of research entities, including the confidentiality undertaking referred to in Article 4(2). When duly justified, the Commission (Eurostat) shall update the guidelines, in accordance with procedural arrangements approved by the ESS Committee.

4.   Reports on the assessments of research entities shall be made available to the national statistical authorities.

5.   The Commission (Eurostat) shall maintain and publish on its website an updated list of recognised research entities.

6.   The Commission (Eurostat) shall perform regular re-assessments of the research entities included in the list.

Article 5

Research proposal

1.   The research proposal shall indicate in sufficient detail:

(a)	the legitimate purpose of the research;

(b)	the explanation why this purpose cannot be fulfilled using non-confidential data;

(c)	the entity requesting access;

(d)	the individual researchers who will have access to the data;

(e)	the access facilities to be used;

(f)	the data sets to be accessed, the methods of analysing them; and

(g)	the intended results of the research to be published or otherwise disseminated.

2.   The research proposal shall be accompanied by individual confidentiality declarations signed by researchers who will have access to the data.

3.   The Commission (Eurostat) shall, in cooperation with the ESS Committee, establish guidelines for the assessment of research proposals. When duly justified, the Commission (Eurostat) shall update the guidelines, in accordance with procedural arrangements approved by the ESS Committee.

4.   Reports on the assessments of research proposals shall be made available to the national statistical authorities which transmitted the confidential data concerned to the Commission (Eurostat).

Article 6

Position of national statistical authorities

1.   The approval of the national statistical authority which transmitted the confidential data concerned shall be sought for each research proposal before the access is granted. The national statistical authority shall submit its position to Eurostat within four weeks from the date on which the national statistical authority received the relevant report on the assessment of the research proposal.

2.   The national statistical authorities which transmitted the confidential data concerned and the Commission (Eurostat) shall, whenever possible, agree on simplifying the consultation procedure and improving its timeliness.

Article 7

Confidential data for scientific purposes

1.   Access to secure-use files may be granted provided that the results of the research are not released without prior checking to ensure that they do not reveal confidential data. Access to secure-use files may be provided only within Commission (Eurostat) access facilities or other access facilities accredited by the Commission (Eurostat) to provide access to secure-use files.

2.   Access to scientific-use files may be granted provided that appropriate safeguards are in place in the research entity requesting access. The Commission (Eurostat) shall publish information on the safeguards required.

3.   In cooperation with the national statistical authorities, the Commission (Eurostat) shall prepare data sets for research use which target the different types of confidential data for scientific purposes. When preparing a data set for research use, the Commission (Eurostat) and the national statistical authorities shall take into account the risk and the impact of unlawful disclosure of confidential data.

Article 8

Access facilities

1.   Access to confidential data for scientific purposes may be granted via access facilities accredited by the Commission (Eurostat).

2.   The access facility shall be located within national statistical authorities. By way of exception, access facilities may be located outside national statistical authorities, subject to the prior explicit approval of the national statistical authorities which provided the data concerned.

3.   Accreditation of access facilities shall be based on criteria referring to the purpose of the access facility, its organisational structure and standards for data security and data management.

4.   The Commission (Eurostat) shall, in cooperation with the ESS Committee, establish guidelines for the assessment of access facilities. When duly justified, the Commission (Eurostat) shall update the guidelines, in accordance with procedural arrangements approved by the ESS Committee.

5.   Reports on the assessments of access facilities shall be made available to the national statistical authorities. The reports shall include a recommendation on the type of confidential data to which access can be provided by the access facility. The Commission (Eurostat) shall consult the ESS Committee before deciding on the accreditation of an access facility.

6.   A contract shall be signed between the duly designated representative of the access facility or of the organisation hosting the access facility and the Commission (Eurostat) determining the obligations of the access facility with respect to the protection of confidential data and the organisational measures. The Commission (Eurostat) shall be regularly informed about the activities carried out by the access facilities.

7.   The Commission (Eurostat) shall maintain and publish on its website the list of accredited access facilities.

Article 9

Organisational matters

1.   The Commission (Eurostat) shall regularly inform the ESS Committee of the administrative, technical and organisational measures taken to ensure the physical and logical protection of confidential data and to monitor and prevent the risk of unlawful disclosure or any use beyond the purposes for which access has been granted.

2.   The Commission (Eurostat) shall publish on its website:

(a)	guidelines for the assessment of research entities, research proposals and access facilities;

(b)	the list of recognised research entities;

(c)	the list of accredited access facilities;

(d)	the list of data sets for research use with relevant documentation and the available modes of access.

Article 10

Repeal

Regulation (EC) No 831/2002 is repealed.

References to the repealed Regulation shall be construed as references to this Regulation.

Article 11

Entry into force

This Regulation shall enter into force on the 20th day following that of its publication in the Official Journal of the European Union.

---

(1)  OJ L 87, 31.3.2009, p. 164.

(2)  OJ L 281, 23.11.1995, p. 31.

(3)  OJ L 8, 12.1.2001, p. 1.

(4)  OJ L 41, 14.2.2003, p. 26.

(5)  OJ L 264, 25.9.2006, p. 13.

(6)  OJ L 133, 18.5.2002, p. 7.

---