Page 327 - Invited Paper Session (IPS) - Volume 1
P. 327
IPS155 Laura B.
respect of the legal protection of personal data, ruled by national legislation
before the European initiative (i.e. GDPR), the results of these surveys have
been made available for the research community since the early Eighties, first
in aggregated form and, more recently, with the provision of elementary data
in various forms.
Similarly to what the ECB, Eurostat, other central banks and national
statistical institutes collecting micro data do, Banca d’Italia has always granted
access to microdata for scientific purposes only (i.e. the user must be part of
an organization that has to be recognized by the data provider as a research
entity).
This note describes how Banca d’Italia disseminates granular data to
external researchers in the case of the Survey on Households Income and
Wealth and some (but not all) of the business surveys run by Banca d’Italia,
namely the Survey of Industrial and Service Firms, the Business Outlook Survey
of Industrial and Service Firms, the Survey on Inflation and Growth
Expectations and the Italian Housing Market Survey.
2. Confidentiality vs utility
The literature has made it clear that the core challenge in the dissemination
of granular data is the balancing of the risk of re-identification with the utility
associated with data analysis (see for example Schouten and Cigrang, 2003;
Lane and Schur, 2010). The choice of the amount of risk that data providers
accept in the name of utility depends on technical, organizational and legal
issues. In general terms, the dissemination of Banca d’Italia’s granular data
faces two different confidentiality safeguards, the legal protection of personal
data (GDPR UE/2016/679) and the professional secrecy of information
collected by Banca d’Italia acting as banking supervisory and resolution
authority (art.53 CRDIV and art.84 BRRD). The professional secrecy does not
apply to households’ and firms’ data, where data are collected only for
research purposes. As for the legal protection, GDPR does not forbid the
processing of personal data “for scientific or historical research purposes or
statistical purposes”, while providing “appropriate safeguards for the rights
and freedoms of the data subject [...]. Those safeguards should ensure that
technical and organisational measures are in place in order to ensure, in
particular, the principle of data minimisation.” GDPR also foresees an
additional protection of sensitive data, which does not concern households’
and firms’ survey data as this type of information is not usually included in
Banca d’Italia’s questionnaires.
In theory a pre-defined amount of risk or re-identification can be admitted,
but for Banca d’Italia has always aimed at avoiding as much risk as possible.
Still, data dissemination of granular data has increased over time, depending
on the improvement of technological means that permit data usage by
316 | I S I W S C 2 0 1 9