IPS155 Laura B.
            respect of the legal protection of personal data, ruled by national legislation
            before the European initiative (i.e. GDPR), the results of these surveys have
            been made available for the research community since the early Eighties, first
            in aggregated form and, more recently, with the provision of elementary data
            in various forms.
                Similarly  to  what  the  ECB,  Eurostat,  other  central  banks  and  national
            statistical institutes collecting micro data do, Banca d’Italia has always granted
            access to microdata for scientific purposes only (i.e. the user must be part of
            an organization that has to be recognized by the data provider as a research
            entity).
                This  note  describes  how  Banca  d’Italia  disseminates  granular  data  to
            external  researchers  in  the  case of  the  Survey  on  Households  Income  and
            Wealth and some (but not all) of the business surveys run by Banca d’Italia,
            namely the Survey of Industrial and Service Firms, the Business Outlook Survey
            of  Industrial  and  Service  Firms,  the  Survey  on  Inflation  and  Growth
            Expectations and the Italian Housing Market Survey.

            2.  Confidentiality vs utility
                The literature has made it clear that the core challenge in the dissemination
            of granular data is the balancing of the risk of re-identification with the utility
            associated with data analysis (see for example Schouten and Cigrang, 2003;
            Lane and Schur, 2010). The choice of the amount of risk that data providers
            accept in the name of utility depends on technical, organizational and legal
            issues. In general terms, the dissemination of Banca d’Italia’s granular data
            faces two different confidentiality safeguards, the legal protection of personal
            data  (GDPR  UE/2016/679)  and  the  professional  secrecy  of  information
            collected  by  Banca  d’Italia  acting  as  banking  supervisory  and  resolution
            authority (art.53 CRDIV and art.84 BRRD). The professional secrecy does not
            apply  to  households’  and  firms’  data,  where  data  are  collected  only  for
            research  purposes.  As  for  the  legal  protection,  GDPR  does  not  forbid  the
            processing of personal data “for scientific or historical research purposes or
            statistical purposes”, while providing “appropriate safeguards for the rights
            and freedoms of the data subject [...]. Those safeguards should ensure that
            technical  and  organisational  measures  are  in  place  in  order  to  ensure,  in
            particular,  the  principle  of  data  minimisation.”  GDPR  also  foresees  an
            additional protection of sensitive data, which does not concern households’
            and firms’ survey data as this type of information is not usually included in
            Banca d’Italia’s questionnaires.
                In theory a pre-defined amount of risk or re-identification can be admitted,
            but for Banca d’Italia has always aimed at avoiding as much risk as possible.
            Still, data dissemination of granular data has increased over time, depending
            on  the  improvement  of  technological  means  that  permit  data  usage  by

                                                               316 | I S I   W S C   2 0 1 9