policymakers demonstrate

570 Barcellan, Bøegh Nielsen, Calsamiglia, Camerer, Cantillon et al.
already exist) and recent advances in computing power and data management
techniques have made them easier to extract, manipulate and analyse. Last but
not least, the possibility of linking different administrative datasets (for example,
crime history and education history at the individual level) opens up endless
possibilities for new research questions.
But microdata are sensitive. Individuals have the right to have their privacy
protected. Firm-level data can contain competition-sensitive information that
firms may not want to become public. Providing secure access to microdata
and linked microdata is also resource-intensive. These factors make the option
of not providing any access attractive for risk-averse or resource-constrained
statistical systems. This section describes the legal environment and practical
solutions that the European Union and the different Member States have put or
are putting in place to reconcile the need for data protection and the promotion
of data access for research purposes.
13.2.1 Legal and Technical Background
The European framework for data protection relies on two principles: the protection
of personal data as a basic right, and the promotion of the free flow
of personal data as a common good. 2 These principles necessarily go hand in
hand: data subjects will not accept to have data collected on them if they cannot
trust data owners to ensure their confidentiality. In turn, opt out clauses, which
are unavoidable if trust is low, reduce the value of the data produced.
Existing European regulations allow (but do not require) Member States to
grant access to microdata without the consent of the data subjects (which is
typically the case for administrative data) when such data are essential for
the pursuit of research and on the condition that they are de-identified. 3 Deidentification
involves the removal of personal identifiers such as national IDs
or names, but can also involve the removal or blurring of other quasi-identifiers
such as the address or date of birth.
De-identification does not necessarily remove all privacy concerns, however.
Users of the data may be able to use combinations of variables (such as workplace
and employment history to re-identify the individuals in the data). This
risk of re-identification is heightened with linked microdata. Protocols need to
be in place to ensure that confidentiality is preserved. These protocols regulate
who can access the data and how this access is organized.
Under European regulations, access is granted in two steps. First, the institution
to which the researcher is affiliated needs to be recognized as a research
institution. This is important because it is the institution that eventually guarantees
that proper safeguards are in place and the data will remain confidential.
Second, access is only granted on a project-by-project basis. Each project (data