Submitting a request
In order to access confidential data under the Committee on Statistical Confidentiality (statistical data, tax data, certain administrative data), you must submit a request through the online request management portal CDAP.
You should be careful not to submit a request unless you are sufficiently certain of the objectives of your project and the composition of your team.
Additional requests for changes to the list of sources or persons accessing the data, which would take place within less than two months of the previous request, will only be accepted for demonstrated urgency.
After filling in your file, you will have to send the pdf summary to the producer services concerned for the examination of your request.
You must take into account the availability of the people you are going to request. In order to take this constraint into account, you are invited to send your application at least two weeks before the application deadline. In all cases, this request must be made by the deadline for requesting prior approval indicated in the consultation schedule (see the committee’s calendar).
The producer services will examine and assess your application in the light of the conditions laid down in the opinion of the Committee on Statistical Confidentiality. Under the terms of Article 17 of Decree No. 2009-318 of 20 March 2009 on the National Council for Statistical Information, the Statistical Confidentiality Committee and the Committee for the Official Statistics Label, “the Statistical Confidentiality Committee shall deliver its opinion taking into account the nature and relevance of the work for which the application is made, the status of the person or body submitting the application and the guarantees it offers. It checks that the volume of information requested is not excessive in relation to the work justifying its communication and that this does not lead to excessive prejudice to the interests that the Act [No. 51-711 of 7 June 1951 as amended on the obligation, coordination and secrecy of statistics] was intended to protect.”
In accordance with these provisions, you are invited to assess the quality and completeness of the file you submit. The use of each source must therefore be justified in relation to the objectives of your project. If you do not meet these requirements, the producer services may refuse their agreement to the examination of your file by the Committee. On the other hand, this agreement does not presage the final opinion that the Committee will express.
If your application has received the agreement of all the producer departments concerned, the secretariat will register it for submission to the Committee on Statistical Confidentiality for its opinion. Two cases may arise:
- Your file does not a priori give rise to any particular questions, your file will be submitted to the Committee for its opinion by electronic consultation with its members;
- Your file is likely to provoke questions from the Committee, on its purposes, the use of sources, the respect of the obligations due to statistical secrecy with regard to the missions of your organization, the valorization of the results produced, etc., it will then be examined in the face of the Committee and you will be asked to present your project.
If the Committee’s opinion is favourable, you will then be able to access the requested data after the formalities for signature by the competent authorities and, for sources disseminated via the CASD (Centre for Secure Access to Data), after contractualisation between the CASD and your institution and a registration session (registration). Although the Committee makes its best efforts to ensure that these formalities, which are essential to guarantee the legal security of the communication of data, are completed as quickly as possible, they may nevertheless take several weeks. You are invited to take this into account in the organization of the timetable for your project.
For more information: see the page On-line submission of applications
NOTE: For public information purposes, the Committee on Statistical Confidentiality publishes a list of all ongoing authorised projects.
Obligations relating to the processing of personal data
A personal data is a data relating to an identified or identifiable natural person, which in practice applies to all data accessible through the Committee on Statistical Confidentiality, with the rare exceptions of sources that would only relate to legal persons. The processing of personal data is subject to conditions laid down in the General Regulation on Data Protection (GDPR) and the Data Protection Act.
Applicants are warned that the favourable opinion granted by the Committee applies only to access to the data, and in no way prejudges the formalities they must complete to comply. Applicants attached to an organisation located outside the borders of the European Union are advised to check whether their processing fall within the territoriality criteria defined in Article 3 of the GDPR.
Applicants’ attention is particularly drawn to the fact that the processing of “sensitive” data, as defined in Article 9 of the GDPR (e.g. health, ethnic origins, religious practices, sexual practices) is in principle prohibited. Exceptions provided for in article 9 of the GDPR and articles 6 and 44 of the Data Protection Act nevertheless allow, under certain conditions, the processing of such data, particularly in the context of processing for scientific research purposes. It is the responsibility of the applicants to ensure, if necessary, that they are able to invoke one of these exceptions and to carry out the necessary prior formalities with the Cnil. A data protection impact assessment (DPIA) may also be necessary if the processing is likely to cause a high risk to the rights and freedoms of natural persons. This is the case in particular if a processing operation combines at least two criteria, including the scale of the processing operation (which applies when exhaustive sources on a population, as in the case of administrative sources, are used), the use of « sensitive » data and the link between several data sources. Information on the criteria to be taken into account and on how to carry out a DPIA is available on the Cnil website.
For further information, applicants are invited to contact the Data Protection Officer of the organisation to which they are attached if one has been appointed, or otherwise its legal department. Information is also available on the Cnil website:
- Rules applicable to scientific research (excluding health)
- Rules applicable to the processing of personal health data