Анализи
Новини
С подкрепата на...


Програма PHARE
Small Projects 2004
Europe Direct
 
Портал Европа
Препоръка No. R (97) 18 относно защитата на личните данни събирани и обработвани за статистически цели
 Съдържание
Приложение към Препоръка No. R (97) 18
Приложение към Препоръка No. R (97) 18

1. Definitions

For the purposes of this recommendation:
"Personal data" means any information relating to an identified or identifiable individual ("data subject"). An individual shall not be regarded as "identifiable" if the identification requires an unreasonable amount of time and manpower. Where an individual is not identifiable, data are said to be anonymous.
"Identification data" covers those personal data that allow direct identification of the data subject, and which are needed for the collection, checking and matching of the data, but are not subsequently used for drawing up statistical results.
"Sensitive data" means personal data revealing racial origin, political opinions, religious or other beliefs, as well as personal data concerning health, sexual life or criminal convictions, and other data defined as sensitive by domestic law.
"Processing" means any operation or set of operations carried out partly or completely with the help of automated processes and applied to personal data, such as storage, conservation, adaptation or alteration, extraction, consultation, utilisation, communication, matching or interconnection and erasure or destruction.
"Communication" refers to the act of making personal data accessible to third parties, regardless of the means or media used.
"For statistical purposes" refers to any operation of collection and processing of personal data necessary for statistical surveys or for the production of statistical results.
Such operations exclude any use of the information obtained for decisions or measures concerning a particular individual.
"Statistical results" means information which has been obtained by processing personal data in order to characterise a collective phenomenon in a considered population.
"Controller" means the natural or legal person or the public authority or any other body which, alone or in collaboration with others, determines the purposes and the means - and in particular the organisation - of the collection and processing of personal data.

2. Scope

2.1 This recommendation applies to the collection and automated processing of personal data for statistical purposes.
It also applies to statistical results, to the extent that they permit identification of data subjects.
2.2 Member states are encouraged to extend the application of the recommendation to the non-automated processing of personal data for statistical purposes.
2.3 No personal data shall be processed in a non-automatic manner in order to avoid the provisions of this recommendation.
2.4 Member states may also extend the application of the principles set out in this recommendation to the collection and processing of data relating to groups of persons, associations, foundations, companies, corporations and any other bodies consisting directly or indirectly of individuals, whether or not such bodies possess legal personality.

3. Respect for privacy

3.1 Respect for rights and fundamental freedoms, in particular the right to privacy, shall be guaranteed when personal data are collected and processed for statistical purposes, and
a. when these data are kept for future use;
b. when statistical results are disseminated; and
c. when, for reasons of better ensuring that statistical records are representative or for reasons of confidentiality, personal data need to be modified.
3.2 Persons who through involvement in a statistical activity have knowledge of personal data shall be subjected to a duty of professional secrecy by domestic law or practice.
3.3 Personal data collected and processed for statistical purposes shall be made anonymous as soon as they are no longer necessary in an identifiable form.

4. General conditions for lawful collection and processing for statistical purposes

Purpose
4.1 Personal data collected and processed for statistical purposes shall serve only those purposes. They shall not be used to take a decision or measure in respect of the data subject, nor to supplement or correct files containing personal data which are processed for non-statistical purposes.
4.2 Processing for statistical purposes of personal data collected for non-statistical purposes is not incompatible with the purpose(s) for which the data were initially collected if appropriate safeguards are provided for, in particular to prevent the use of data for supporting decisions or measures in respect of the data subject.
Lawfulness
4.3 Personal data may be collected and processed for statistical purposes:
a. if provided for by law; or
b. if permitted by law, and:
i. the data subject or his/her legal representative has given his/her consent according to Principle 6; or
ii. the data subject has been informed of the collection or processing of his/her data and has not opposed it and as long as the processing does not concern sensitive data; or
iii. if the circumstances of the collection and the objective of the survey are of such a nature that they permit someone to reply in the name of and on behalf of other people in conformity with Principle 6 and insofar as there is manifestly no risk of infringing the privacy of such others and in particular that the processing does not involve sensitive data.
4.4 In order to avoid collection of the same data again, personal data collected for non-statistical purposes may also be processed for statistical purposes where that is necessary:
a. for the performance of a task carried out in the public interest or in the exercise of official authority;
b. for the purposes of the legitimate interests pursued by the controller except where such interests are overridden by the rights and fundamental freedoms of the data subject.
Data collected for one statistical purpose may also be processed for other statistical purposes in the circumstances described above.
4.5 Personal data may be collected on a compulsory basis with a view to their being processed for statistical purposes only if required by domestic law.
4.6 Personal data or sets of personal data may be matched or interconnected for statistical purposes if domestic law offers appropriate safeguards to prevent their being processed and communicated for non-statistical purposes.
Proportionality
4.7 Only those personal data shall be collected and processed which are necessary for the statistical purposes to be achieved. In particular, identification data shall only be collected and processed if this is necessary.
Sensitive data
4.8 If sensitive data are to be processed for statistical purposes, these data should be collected in a form in which the data subjects are not identifiable.
If the processing of sensitive data for specified legitimate statistical purposes necessitates the identification of the data subjects domestic law shall provide appropriate safeguards including specific measures to separate identification data as from the stage of collection unless it is manifestly unreasonable or impracticable to do so.

5. Information

Primary collection
5.1 When, for statistical purposes, personal data are collected, the persons questioned shall be informed of the following elements:
a. the compulsory or optional nature of the response and the legal basis, if any, of the collection;
b. the purpose or purposes of the collection and processing;
c. the name and position of the person or body in charge of the collection and/or processing;
d. the fact that the data will be kept confidential and used exclusively for statistical purposes;
e. the possibility of obtaining further information on request.
At their request and/or according to the ways and means defined by domestic law, data subjects shall also be informed of the following:
f. the way in which, in the case of optional surveys, consent can be refused or withdrawn and, in the case of compulsory surveys, the possible sanctions this would entail;
g. where applicable, the conditions for the exercise of the rights of access and rectification;
h. the categories of persons or bodies to whom the personal data may be communicated;
i. the guarantees to ensure the confidentiality and the protection of personal data;
j. the categories of data collected and processed.
5.2 When data subjects are not directly questioned, they shall be informed of the existence of the collection unless this is manifestly unreasonable or impracticable. They shall be able to inform themselves appropriately of the elements listed in Principle 5.1.
5.3 The persons questioned, whether they are the data subject or not, shall be informed at the latest at the time of collection. The nature and extent of the information shall be appropriate and adapted to the circumstances.
If it is necessary for attaining the legitimate objective of the survey in view of its subject or its nature, provision of the information or part of it may be deferred. In such cases the information must be supplied as soon as the reasons for deferring no longer exist, unless this is manifestly unreasonable or impracticable. In such circumstances, where data have been collected from the data subject, the information should be provided at a later stage.
Secondary collection
5.4 Processing or communication for statistical purposes of personal data collected for non-statistical purposes shall receive suitable publicity. The data subjects shall be able to obtain in a suitable way the information mentioned in Principle 5.1 unless:
a. provision of the information is impossible or involves a disproportionate effort; or unless
b. the processing or communication of the data for statistical purposes is expressly provided for under domestic law.
In the cases referred to in a. and b. appropriate safeguards must be provided for.
Legally incapacitated persons
5.5 If the data subject is a legally incapacitated person, incapable of free decision, and domestic law does not permit the data subject to act on his/her own behalf, the information shall be given to the person recognised as legally entitled to act in the interest of the data subject.
If a legally incapacitated person is capable of understanding, he/she should be informed before his/her data are collected or processed.

6. Consent

6.1 Where consent of the data subject is required, it shall be free, informed and unambiguous.
The data subject shall be able either to withdraw his/her consent for a single survey, as long as, in accordance with Principle 8, identification data have not been separated from the other data collected, or to suspend at any time and without retroactive effect his/her co-operation in a survey which extends over a period of time.
6.2 Where the consent of the data subject is required for the collection or processing of sensitive data, it shall be explicit, free and informed. The legitimate objective of the survey may not be considered to outweigh the requirement of obtaining such consent unless an important public interest justifies the exception.
6.3 Where it is intended to process for statistical purposes the personal data of a legally incapacitated person incapable of free decision, and when domestic law does not permit the data subject to act on his/her own behalf, the consent of the person recognised as legally entitled to act in the interest of the data subject or an authority or any person or body provided for by law is required.
If, in accordance with Principle 5.5 above, a legally incapacitated person has been informed of the intention to collect and process his/her personal data, his/her wishes should be taken into account, unless domestic law provides otherwise.
6.4 Refusal to reply shall not be penalised unless domestic law provides for sanctions.

7. Rights of access and rectification

7.1 Any person may obtain the personal data concerning him/her held by the data controller and, as the case may be, have them rectified.
7.2 However, where there is clearly no risk of breaching the privacy of the data subject, this right may be restricted in accordance with domestic law when the personal data are processed solely for statistical purposes and specific appropriate measures exist to prevent any identification by a third party on the basis of individual data or of statistical results.

8. Rendering data anonymous

8.1 Personal data collected for statistical purposes shall be made anonymous immediately after the end of data collection, checking or matching operations, except if:
a. identification data remain necessary for statistical purposes and the measures prescribed by Principle 10.1 have been taken; or
b. the very nature of statistical processing necessitates the starting of other processing operations before the data have been made anonymous and as long as the safeguards envisaged in Principles 15.1 - 15.3 are in force.

9. Primary collection of personal data for statistical purposes

9.1 The collection of personal data shall be fair, in particular with regard to information of individuals and their liberty to reply.
9.2 Personal data shall be collected from the data subject or, depending on the nature of the survey, may be collected from a member of his/her household. Personal data shall only be collected from a person other than the data subject him/herself or from a member of his/her household, or from legal persons such as companies or public services, if domestic law provides for it and includes appropriate safeguards, or there is manifestly no risk of infringement of the rights and fundamental freedoms of the data subjects.
9.3 The collection for statistical purposes of personal data without questioning shall neither include identification data nor be linked to identification data, except where domestic law includes appropriate safeguards and
a. provides for the collection with identification data, or
b. permits the linking of the data collected to identification data for the construction of samples.
9.4 Data on non-respondents relevant to the planning or carrying out of the survey or information on the reasons for non-response, may be used only in order to ensure the representative quality of the survey.
9.5 When the collection of personal data requires the employment of interviewers or other persons who will have to know the replies directly, special care shall be taken regarding the choice of the persons and of the organisation and methods used for the survey in order to ensure respect for the purpose of the survey, the confidentiality of the data and protection of privacy.
9.6 The controller shall take appropriate measures to allow the persons questioned to assure themselves of the authority to act of the person collecting the data.

10. Identification data

10.1 When identification data are collected and processed for statistical purposes, they shall be separated and conserved separately from other personal data, unless it is manifestly unreasonable or impracticable to do so.
10.2 Identification data may, however, be used to create a file of addresses for statistical purposes if provided for by domestic law, if the data subject has been informed and has not opposed it, or if the data come from a file accessible to the public.

11. Conservation of data

11.1 Unless they have been made anonymous, or domestic law provides for these data to be kept for archiving purposes subject to appropriate safeguards, personal data collected and processed for statistical purposes shall be destroyed or erased when they are no longer necessary for those purposes.
In particular, identification data shall be destroyed or erased as soon as they are no longer necessary:
a. for the collection, checking and matching of the data,
b. to ensure the representativeness of the survey, or
c. to repeat the survey with the same persons.

12. Communication

12.1 Personal data collected for statistical purposes shall not be communicated for non-statistical purposes.
12.2 Personal data processed for a given statistical purpose may be communicated for other statistical purposes as long as these are specified and of limited duration.
12.3 Unless safeguards for communication are provided for by domestic law, communication in accordance with Principle 12.2 shall be the subject of a written document setting out the rights and obligations of the parties. When these data are communicated, the controller shall in particular:
a. stipulate that the third party may himself only communicate these data with the express agreement of the said controller;
b. stipulate that the third party take the appropriate security measures, in accordance with Principles 15.1 to 15.3 of this recommendation;
c. ensure that any publication of statistical results obtained by this third party will conform with Chapter 14 of this recommendation.
12.4 Moreover, sensitive data may be communicated only where provided for by law, or where the data subjects or their legal representatives have given their explicit consent and provided domestic law does not prohibit the giving of consent.

13. Transborder data flows

13.1 The principles of this recommendation shall be applicable to the transborder communication of personal data for statistical purposes.
13.2 The transborder communication of personal data for statistical purposes to a State which has ratified Convention ETS 108 and whose legislation provides at least equivalent protection, should not be subjected to special conditions concerning the protection of privacy and the rights and fundamental freedoms of individuals.
13.3 There should be no restriction on the transborder communication of personal data for statistical purposes to a State which has not ratified Convention ETS 108 but ensures a level of protection in accordance with the principles of that convention and this recommendation.
13.4 Unless domestic law provides otherwise, the transborder communication of personal data for statistical purposes to a State which has no legal provisions which are in accordance with the principles of Convention ETS 108 and this recommendation should not, as a general rule, occur, unless:
a. measures, including measures of a contractual nature, necessary to ensure compliance with the principles of the convention and this recommendation have been taken; or
b. the data subject has given express consent.

14. Statistical results

14.1 Statistical results shall be published or made accessible to third parties only if measures are taken to ensure that the data subjects are no longer identifiable on the basis of these results, unless dissemination or publication manifestly presents no risk of infringing the privacy of the data subjects.

15. Security of personal data

15.1 Controllers shall take the appropriate technical and organisational measures to ensure the confidentiality of personal data. They shall in particular take measures against unauthorised access, alteration, communication or any other form of unauthorised processing.
15.2 If data must be retained in an identifiable form, organisational and technical resources, in particular automated resources, shall be used to prevent unauthorised identification of the data subject.
15.3 Measures shall be taken to prevent re-identification of data subjects and use for non-statistical purposes of personal data collected for statistical purposes.
15.4 Professionals, firms or bodies in charge of producing statistics shall develop techniques and procedures ensuring the anonymity of data subjects.

16. Codes of ethics

16.1 Professionals, firms or bodies in charge of producing statistics should adopt and publish codes of professional ethics which meet the principles set out in this recommendation, including information on, in particular:
a. the other categories of persons and bodies which have access to the personal data;
b. the measures to be taken for the protection, confidentiality and security of these data as well as measures to respect statistical ethics;
c. the controllers of statistical processing.

17. Technical development, co-operation and assistance

In order to ensure broad access to information tools and to technical knowledge appropriate to effective protection of personal data collected for statistical purposes, competent governmental bodies should collaborate closely in the development of these tools and technical knowledge, and should set up international programmes of co-operation, exchanges of experience, transfer of knowledge and technical assistance.

18. Supervisory authorities

Member states shall give one or more independent authorities responsibility for ensuring the application of the provisions of domestic law giving effect to the principles laid down in this recommendation.
За печат Запази като PDF Горе

 Свързани документи