France

Workshop on scenarios

1 – 3 July, 2024

Regulatory needs for scenario catalogue(s) / database(s)

Contribution by experts from France

• GRVA 18-50 (reminder) :

• Establish a catalogue of scenarios that can be used by the various NATM pillars

• A scenario catalogue would not be exhaustive

• Follow a common template

• Work further on classifications, namely difference between nominal and critical

• GRVA 19-44 (summary) :

• Focus on public authorities’ use of the catalogue

 Clarify the needs, purposes and use cases (incl. link with ISMR)

• Address needs issued from either type-approval or self-certification approaches

• Assess respective interest of centralized / decentralized approaches

• List roles and responsabilities 2

Back-ground + mandate + scope of the presentation

1. Regulatory needs for scenarios (reminder from regulatory frameworks)

2. Regulatory needs for international exchanges on scenarios

3. Needs for catalogues / databases / descriptors : thoughts for next steps

3

Needs for a UNECE scenario catalogue(s) or database(s) ?

Framing the question

• Performance and safety requirements

• Perform the DDT under nominal and reasonably foreseeable critical scenarios

• Detect and safely respond to failure scenarios

• Identify new scenarios

• Documentation

• Scenario selection method

• Tests for the most relevant scenarios

• Validation methods, tools, results

• Check-tasks of approval authorities

• Robust scenario selection methods and validation plans

• Reasonable coverage of scenarios + minimum list of behavioral scenarios

• Scenario approach showing no risk increase 4

Regulatory needs : reminders from EU ADS 2022

(related to scenarios)

• Use a scenarios-based approach to :

• Organize efficient, objective, repeatable, and scalable safety validation activities

• Be representative of what the ADS is reasonably likely to encounter in its ODD

• Cover relevant nominal, failure, critical, and complex scenarios

• Generate scenarios combining # sources / approaches

• Randomize parameters and scenario composition (e.g. generate low probability events)

• Show that the ADS will not increase the overall level of risk [..] compared to a manually

driven vehicles within the ODD for each of the safety relevant scenarios

• Document :

• Traffic scenarios relevant to each ODD

• Methodology to select scenarios and choose the validation methodology

• Management of unknown hazardous scenarios

• Arguments and evidence to demonstrate reasonable coverage of chosen scenarios

• Scenario-specific approach showing non overall risk increase. 5

Regulatory needs : miscellaneous from GRVA 18-50

(related to scenarios)

A. Help expand coverage through comparaison of respective scenario spaces

• Assess “reasonably foreseeable” coverage of a given catalogue compared to others

• Ease and avoid effort duplication in scenario generation (benefit from others’ practices)

• Enrich probability laws (identify distribution tails)

• Avoid lock-in of ODD-pushed generation approaches  cover all use cases & ODDs

• Identify new unknown-unsafe scenarios based on others’ scopes

• Optimize IMSR (new scenario reported  less new scenarios to report)

B. Optimize use of scenarios in safety assessment / NATM through best practices in :

• scenario selection for representativeness and edgeness

• allocating [# scenarios] ↔ [ real / track / virtual / audit ]

• feasibility of virtual (resp track, real) tests

• qualifying a) nominal / b) critical / c) failure / d) extreme scenarios

• identifying {trans-use-cases} / {trans-ODD} / {trans-region} vs {OD-specific} scenarios

 Enabling regulators to consider generic / trans-regional scenarios to avoid duplicated tests 6

Regulatory and international exchanges needs : typology

• Identified needs correspond to a catalogue approach rather than a database approach

• Diversity of scenario generation methods / catalogues is likely to better address needs

• Risk for a unique database or catalogue to “freeze” the necessary combinatory approach

• Functional or logical descriptions are likely to better match coverage needs in a first step

• Concrete scenarios are likely to be more and more useful since scenario databases grow,

allowing better distribution / exposure assessments and transferability of (parametrized)

tests among regions / regulators

• Be it in functional, logical or concrete approaches, harmonization of descriptors is key

• In order to maximize cross-usages of scenarios among regulators (and use-cases + ODDs),

and to avoid industrial property concerns, split descriptors into two main sub-categories :

• Endogenous to the ADS’ response+performance

• Exogenous to the ADS’ response (infrastructure + environment + target behaviors)

• NB : quid for scenarios when hazards (multiple targets) respond to the ADS’s response ? 7

Considerations for next steps

Based on ECE/TRANS/WP.29/GRVA/2024/19

4

For this application, the following information shall be supplied to the technical service in addition to the data, and drawings listed in paragraph 3.2. of this Regulation.

2.3.1. A description of the applied simulation method which has been used such as identification of model, the analysis software, its producer, its commercial name, the version and contact details of the developer.

2.3.2. A description of the input parameters.

2.3.3. A reference to the validated simulation method used in application of paragraph 1 of the current annex.

2.3.4. All parts of the simulation toolchain such as interlinked simulation modules and tools shall be described by the manufacturer.”

II. Justification

1. This proposal aims to allow the approval applicant to use a virtual testing methodology as an alternative to physical tests. This requires a preliminary assessment of the methodology to be used, as already defined at European Union level in the Whole Vehicle Type Approval (WVTA) regulation, in other regulations and as considered by the Informal Working Group on Validation Method for Automated Driving (VMAD) and its Subgroup 2.

2. This proposal defines a practical approach to anker the main safety relevant principles while letting the flexibility to the applicant in selecting the virtual tools to be used.

3. An example of the application is presented in informal document GRVA-15-20.

Note by the secretariat: this amendment proposal, if adopted as supplement to the 02 series of amendments, would require adjustments in the paragraph numbering (6.11.), as para. 6.7. already exist in the 02 series of amendments, reading:

“6.7. Warning and Activation Test with a Bicycle Target”

Based on ECE/TRANS/WP.29/GRVA/2024/19

4

II. Justification

1. This proposal aims to allow the approval applicant to use a virtual testing methodology as an alternative to physical tests. This requires a preliminary assessment of the methodology to be used, as already defined at European Union level in the Whole Vehicle Type Approval (WVTA) regulation, in other regulations and as considered by the Informal Working Group on Validation Method for Automated Driving (VMAD) and its Subgroup 2.

2. This proposal defines a practical approach to anker the main safety relevant principles while letting the flexibility to the applicant in selecting the virtual tools to be used.

3. An example of the application is presented in informal document GRVA-15-20.

Note by the secretariat: this amendment proposal, if adopted as supplement to the 02 series of amendments, would require adjustments in the paragraph numbering (6.11.), as para. 6.7. already exist in the 02 series of amendments, reading:

“6.7. Warning and Activation Test with a Bicycle Target”

Workshop on scenarios databases for ADS safety validation

under UNECE fora

May 6-7, Paris

Introductory input from experts from France

In cooperation with :

1

Website : https://www.ecologie.gouv.fr/en/automated-vehicles

2

Outline

1. Context

2. On-going activities in France

3. Possible ways forward for international cooperation

Context

• Scenarios are at the forefront of safety assessment / test methods

• by the industry / by certification third parties / by public authorities

• Scenarios have the potential to address the complexity of assessing ADS

performance across the diversity of possible ODDs

• The scenario approach is part of the EU ADS regulation

• “free from unreasonable risks [through] scenario specific approach showing that

the ADS will not increase the level of risk compared to a manually driven vehicle”

• The scenario approach is covered in the ADS integrated document

• “The guidelines recommend the development of a scenario catalogue for use

across five validation pillars”

• Industry and R&D initiatives : ADScene + MOSAR (FR), SafetyPool (UK),

SAKURA (JP), PEGASUS (DE), StreetWise (NL), Fortellix (private),…

3

Context (continued)

• Scenarios are the cement of the # validation pillars

• Scenarios capitalization (e.g. based on real world drivings, simulation) is necessary

• Scenarios capitalization is a learning process

• Scenarios are partly region-dependent (driving style, law, road features, weather..)

• Scenarios’ diversity favours the seek for completeness of foreseeable risks

• Public authorities use of scenario in type-approval still needs to be fine-tuned

• Assessing industry’s validation processes

• (e.g. completeness, edginess, representativeness ?)

• Setting mandatory scenarios for test or simulation (pre-defined ? randomized ?) 4

Scenario libraryAudit

Track testing Virtual

testing

Real world

testing

In-use

monitoring

On-going activities in France

• Three parallel and articulated workflows

1. Methodology and guidance for the production and use of scenarios

 from generation to selection

2. Scenario taxonomy

 coherence between ODD and scenario descriptors

3. Scenario data-bases and governance

 # public authorities / industry / research needs

5

On-going activities in FR : methodology and guidance

• Rationale for scenario approach and articulation with other validation pillars

• https://www.ecologie.gouv.fr/sites/default/files/DGITM_Approche-par-scenarios-fevrier-2022-EN.pdf

• https://www.ecologie.gouv.fr/sites/default/files/DGITM-Articulation-GAME-SOTIF-scenarios-2023.pdf

• Scenario generation process

• https://www.ecologie.gouv.fr/sites/default/files/DGITM-L1-septembre_2022-EN.pdf

• Scenario selection process

• https://www.ecologie.gouv.fr/sites/default/files/DGITM-Approche_selection_scenarios-2024.pdf

• Scenarios for interactions with first responders (inception)

• https://www.ecologie.gouv.fr/sites/default/files/DGITM-Scenarios_AFO-juillet_2022.pdf

• Forthcoming :

• Scenario approach addressing carefulness and etiquette responses

• Scenarios for interactions with first responders (detailed)

• ODD’s-taylor-made lists of relevant scenarios 6

• Descriptive layers

1. Static traffic environment

2. Nominal driving manoeuvre

3. Hazards

• Collision precursor events

• Technical system failure

4. System’s response

5. Hazards affecting system’s response

 Visibility

 Other road users’ behaviors

 Failures

• Hierachical layers

1. Functional

2. Logical (unfolded generic)

3. Contrete (parameterized)

7

On-going activities in FR : scenario definition and taxonomy

Through French funded projects, a

standard data format, and the

framework a library of scenarios

have been defined, as a basis for

the MOSAR / ADScene plateform

https://cahiers-transformation-numerique.irt-

systemx.fr/accueil/designing-the-digital-world/meeting-the-

challenge-of-validating-the-autonomous-vehicle-2/?lang=en

https://www.ecologie.gouv.fr/sites/default/files/

DGITM-ODD_dezscriptors-juin_2022-EN.pdf

On-going activities in FR : scenario database

• 2018 : Launch of research projects on behalf of French Automotive

industry platform (PFA) supported by French Ministry for Transport

• 2019 : Work with LAB & CEESAR on accidentology

• 2020 : Start of industrialisation ( Renault & Stellantis )

• 2021 : PFA work with UTAC for Regulatory & NCAP scenarios storage

• 2022 : Audit of ADScene scenario database by TüV Sud

• 2023 : ADScene V1.0 used

8

Open framework to

develop & integrate

innovative features

Users : Academics,

research institutes

Usage : Innovation

ADSCENE

FOR RESEARCH

Scenarios, use case, test

protocol libraries and tools

for systems design,

validation & homologation

Users : OEMs, Tiers Ones

Usage : Design,

validation, homologation

ADSCENE

FOR INDUSTRY

Shared subset of scenarios,

and tools for regulation and

standartisation compliance

Users: Technical services,

Administrations

Usage : certification, type

approval, in-use monitoring,

safety demonstration

ADSCENE

FOR REGULATION

ADSCENE scenario database : 1 platform, 3 ambitions

Possible ways forward : need for a phased approach

03/05/202410

i. Better assess public authorities’ and industry’s needs (present and future)

towards scenario catalogues and databases

ii. Better assess the need for selection / qualification of scenarios, namely for

public authorities

iii. Review governance patterns of existing catalogue / databases (namely for the

interaction with public authorities)

iv. Review interoperability gaps among existing national (public / private) databases

v. Assess (SWOT) of different international coordination approaches, e .g.

a) Subset of scenarios published by # national authorities

b) Mutual access among national authorities to national autorities’ databases ?

c) Unique UN database

Possible ways forward : phased approach (continued)

03/05/202411

v. Assess feasibility and administrative costs of different international coordination

approaches, regarding e.g. :

• Access « depth »

• Access to functional or concrete scenarios ?

• Access to generation / combination / selection modules ?

• Access to scenario’s qualification ?

• Access management towards specific autorities (e.g type-approval, certification

third parties, accident enquiry bureau, prosecutors ?)

• Pricing principles

• Standardized interfaces / APIs ?

Opportunities for a “mutual access” approach

03/05/202412

 Diversity of ongoing national (public / private) initiatives

• different ODDs, different approaches for scenario generation / selection

 Learning process (e.g. scenario selection still needs to be addressed)

 Decentralised databases likely to better address :

‒ seek fo representativeness (e.g. exposure’s factors) and criticity (unknown-unsafe)

‒ cost sharing

‒ continuous need for innovation

 Possible # layers for “mutual accessibility” could be explored, e.g.

‒ Functionnal, logical or concrete scenarios ?

‒ Representativeness (~ exposure) and criticity (~severity ?) of a given scenario

‒ Generation / combination / selection modules ?

‒ Qualified scenarios (e.g. for testing purposes) ?

 Pre-requisite for mutual access / interoperability : common scenario descriptors

The ELIPA 2 survey -

The integration pathway for refugees in France

Clément Soulignac Data Scientist, Insee, French Ministerial Statistical Service on Immigration, Directorate

General for Foreign Nationals in France

Geneva, 6 May 2024

Objectives -

Comparison between refugees and others

Refugees and non-refugees

• 17 % of newcomers (excluding student residence permit) are refugees

• No existing source allow to analyse the integration pathway for refugees in France

• In contrast to non-refugees

• Significant disruption to their residential and professional situations

• More precarious situations

• Less likely to hold a management position or to become property owner

24 24 17

12 8 6

8 8

10 15

11 11

8 6 8

3

3 3

56 59

42 56 63 68

4 2

22 13 14 11

0%

25%

50%

75%

100%

Refugees Non-refugees Refugees Non-refugees Refugees Non-refugees

Before arriving in France 2019 2022

St udent Homemaker Ret ired Ot her inact ive Employed Unemployed

Activity of refugees and non-refugees

ELIPA -

Longitudinal Survey of the Integration of legal Newcomers

The genesis of ELIPA 2

• First edition in 2010

• Assess effects of the Reception and Integration Contract (CAI)

• Follow up the integration pathway of newcomers : language, career, housing and social life

• Needs of a new edition

• Historic rise in immigration following humanitarian crises since 2015

• In 2016, the CAI became the CIR : Republican Integration Contract

➢ End of 2016, design work started for ELIPA 2

Who is surveyed ?

• Students are excluded

• 50 % of immigrant students left France 2 years after obtaining their residence permit

➢ Others first residence permit of at least one year delivered in 2018

Part of immigrant students without residence permit

Source : AGDREF, DSED

Where in metropolitan France ?

• 50 % of newcomers are located in 10 departments

• All Île-de-France’s departments (except for Seine-et-Marne)

• Nord, Rhône, Bouches-du- Rhône

Distribution of first residence permit of at least one year in 2018 by department

Source : AGDREF, DSED

Selection of the sample

267 000 first residence permits

in 2018 120 000 without

students and short-term

residence permit 60 000 in the top 10 departments 20 000

Contact database

Stratified sample by age, reasons for admission, Francophone nature.

Contact phases

20 000 Contact database

12 300 telephone recruitment

No contacts

9 000 recruited

No contacts + refusals

Around 6 500 respondents

All refusals

Three survey waves

• Waves

• 2019 : 6 547 respondents (73 % response rate)

• 2020 : 5 021 respondents (77 % response rate)

• 2022 : 4 053 respondents (82 % response rate)

• In person interviews : face-to-face Computer Assisted Personal Interviews (CAPI)

Stay in contact with the respondent

1/ Pre-recruitment interview : get approval from the respondent and offer the best possible choice for the interview language

2/ Let them choose the place and date of the interview

3/ Regularly update contact information

4/ Send to them the results of the survey : give concrete meaning to their participation

Themes of the survey

• Migratory journey and project

• Residence permit’s procurement and renewal

• Level of French

• Housing

• Work situation

• Financial resources

• Family life

• Health

• Etc.

Publications

• Publications

• Insee Références – March 2023

• Review of publications – January 2024

• Reference point

• AGIR : Global and Individualised Support of Refugees

The ELIPA 2 survey -

The integration pathway for refugees in France

Thank you for your attention

Funding

• 3,5 million EUR (collection of data)

• AMIF (Asylum, Migration and Integration Fund) : 75 %

• Ministry of the Interior and Overseas Territories : 25 %

• Survey design and data analysis

• 3 full-time equivalent positions over 3 years

Scope of the survey

• Legal definition of a newcomer

• Residence permit for at least one year

• Exclude student residence permit

• Differ from first-time holders of a residence permit

• Students amid newcomers

Republican Integration Contract (CIR)

• Proposed to all newcomers but not mandatory

• Increase of the part of signatories amongst newcomers over the years (66 % of refugees in 2018, 80 % in 2023)

• Contract between the State and the refugee

• The State : provides French language and civic training

• The refugee : undertakes to take trainings, if required

Representativeness

• Departments

• Officially representative of the top 10 departments

• Statistics on the grounds of admission, nationalities and socio-demographic characteristics are similar at national level

• Reweighting

• Stratified sample after getting contact information → too expensive

• Targets numbers of respondents per stratum

• Calibration on administrative data and previous wave

• Work done to limit attrition rate between waves (priority respondent)

Multimode survey

• No multimode

• Field studies on refugees in France : reduction in response quality and selection bias (access to a telephone or the Internet)

• High partial non-response rate

Languages

1. French

2. Arabic

3. English

4. Bengali

5. Mandarin

6. Spanish

7. Russian

8. Soninke

9. Turkish

10. Tamil

Selection of themes

• Scientific committee

• Directorate General for Foreign Nationals in France

• State statistical services

• Researchers

• Associations

Equivalents across Europe

• Not comparable : different scopes and methodologies

• Sweden

• Germany

• United Kingdom

ELIPA 1 versus ELIPA 2

• Change in the refugee population with humanitarian crises

• Both populations are different

• ELIPA 1 : only signatories of the CAI

DGITM/DMR/TUD GRVA-Scenarios-02 6-7 May 2024

Proposal for a workshop on scenarios under UNECE fora

Preparation of the 1st meeting, Paris La Défense, May 6-7 2024

This document intends to shape questions underlying the initiative of a dedicated UNECE workshop on scenarios and their database’s management. In preparation of 18th GRVA, ITU shared interest to further discuss “scenario catalogues for ADS”.

During last GRVA, several presentations were made to elaborate on the needs to work on scenarios according to different perspectives. ITU presented interest in working on a scenario catalogue and shared strong support from contracting parties and industry in creating a scenario catalogue.

France and the United Kingdom shared the need to foster collaboration on scenarios; especially on the value harmonization could bring to the entire ecosystem, for both public and private stakeholders. ADScene and SafetyPool, either two existing database holders presented two different ways to implement a national scenario database, from an industrial or a research perspective.

Based on these presentations, the opportunity of a new sub-group under UNECE fora came as a possible way forward.

This raises questions such as the objectives of this group and its possible production, common addressable topics on scenarios that need further discussions. In this context, ahead of the meeting scheduled in Paris on 6 and 7 May 2024, this document intends to collect participants’ views on these questions.

The document is organized as follows: it tries to shape the objectives of the work to achieve around scenario issues; it reviews briefly the current state of international work on scenarios, and finally opens up questions on opportunities and challenges to be discussed during the workshop (how to handle each). In that manner, this document identifies potential gaps towards a better use of scenarios in proposing a draft agenda.

1- Objectives

Scenarios are at the forefront of safety demonstration within the international ADS framework, in which are integrated safety assessment and test methods: as one of the five NATM pillars and further by making the link between these pillars, having the advantage of being independent of test procedures themselves.

Scenarios have the potential to address the complexity of assessing ADS performances (while remaining technology neutral) across the diversity of possible ODDs (and more locally ODs).

During last GRVA meeting, discussions pointed out the need to better assess international coordination needs before examining the suitability of a centralized scenario catalogue or database.

Therefore, it is proposed that the terms “UN scenario catalogue” would be understood more broadly than a physical platform. In this perspective, the scope of the group would rather be: “International exchanges, cooperation or coordination in using scenario approaches, catalogues or databases for safety demonstration of automated road transport systems”.

Working on a cooperative or coordinated approach would address several challenges of the scenario-based approach for systems’ validation:

- How to tend towards a better scenario coverage, as inherent to the notion of “reasonably foreseeable hazards within the ODD”? : it is likely that diverse scenario approaches, catalogues and database could bring a significant value-added one to another, in helping filling the gaps or “blind angles” or “black swans” if efficient exchanges are organized ; this, inter alia, covers the fact that different national approaches may address different types of ODDs (e.g. infrastructure design, weather, driving cultural behaviors, driving direction).

DGITM/DMR/TUD GRVA-Scenarios-02 6-7 May 2024

- How to continuously improve the cost-benefit of using a scenario approach? e.g. by selecting scenarios that combine a high representativeness of critical driving situations and an operational manageability for implementing tests or, more generally, applying pass-fail criteria to systems’ responses ;

- How to avoid potential discrepancies in national practices in using scenario approaches to validate automated systems? The challenge is to balance justified national specificities (e.g. based on national features of local ODDs and driving behaviors, or expected behaviors regarding traffic rules) and the need for the industry to optimize the costs of validation in multiple regional or national markets.

At first, these possible value-added of a more cooperative, collaborative or coordinated approach on scenarios would raise interoperability issues to overcome to ease this cooperation (up to scenario-sharing options?), between type-approval authorities, regulators, and the industry. Interoperability means to open room for possible harmonized tools, practices or procedures stakeholders are eager to share, while some others aspects remain out of the scope as competitive.

Second, the question of sharing lists of scenarios could be raised, for the seek of a better coverage and benefiting from deployment in which new scenarios emerge from in-service monitoring and reporting.

Finally, as several scenario catalogues will exist and be used by various stakeholders, the question of assessing “performance” of scenario catalogues will likely arise; assessing a scenario catalogue might refer to define indicators and thresholds for different safety-validation objectives.

2- State of play for a possible approach

A lot has been done considering scenario taxonomy and guiding principles for scenario description, generation and their increasing role within test procedures.

The scenario approach is thus well introduced in the ADS integrated document as “the guidelines recommend the development of a scenario catalogue for use across five validation pillars”.

Moreover considering the EU-approach to regulating fully automated vehicles, scenarios are at the core of the ADS regulation (EU) 2022/1426: scenario definition, guiding principles and concepts, scenario testing (simulation and real testing). The interpretation document published by the EC-JRC (February 2024) gives additional guidance for scenario generation (Appendix 2).

Finally when considering industrial and research initiatives among scenarios, it can be seen that various stakeholders have launched their own platform to collect scenarios: ADScenes (FR industrial), MOSAR (FR research), SafetyPool (UK), SAKURA (JP), PEGASUS (DE), StreetWise (NL), Fortellix (IL).

Joint efforts have been gathered on scenarios, especially concerning scenario taxonomy, and generation both at the international level and at the European level, than at ISO level (3450X corpus).

These guidance illustrate the importance to combine two pillars in building a scenario catalogue: scenario from data-based (accident and real world) sources and from knowledge-based (risk analysis) sources. Nonetheless, the importance of the combinatory-based pillars remains to be fully addressed, though introduced in the EC-JRC interpretation document from February 2024. The living principle of the scenario- based approached relies in its ability to continually grow thanks to new descriptors (attributes) or axis, building new scenarios.

In that perspective, the ability to share these augmented variables within both scenario catalogues and scenario databases might be crucial in the line of deployments first, monitoring then.

As a complement, guiding principles of transparency, traceability and explicability of safety assessment methods depends on the scenario-based approach itself.

These principles raise some other questions supporting proportionality of scenario use as for example moving from generic ODDs to concrete deployment environments, moving from low to high severity and low to high exposure, taking into account the “duty of care” to immediate crash avoidance in expected responses.

DGITM/DMR/TUD GRVA-Scenarios-02 6-7 May 2024

3- Draft agenda

It is proposed that discussions around cooperation, collaboration or coordination of scenarios-based approaches and the management of scenario catalogues or databases would be structured along the following scope and questions:

a) Is there a need for a UNECE catalogue?

• What requirements does a UNECE catalogue need to fulfil? / How would a UNECE catalogue be used? • How would a UNECE catalogue interact with other national catalogues? • How would a UNECE catalogue be produced and maintained? • How do we fulfil these requirements? • What will be the governance, including stakeholders, rights, responsibilities, etc.

b) How to ensure scenario database interoperability?

Once this is clearly defined, the workshop on scenarios intends to gather interesting stakeholders working on scenarios and refers to a global “cooperation or coordination” around scenario activities, such as different management / sharing / access options to scenario databases. It then raises the second question: what does “cooperation or coordination” refer to?

Under this more flexible concept of cooperation – coordination, could be considered, inter alia:

• Common / inter-operable list of descriptors • Minimum list of metadata • Mutual access to collected scenarios (scene, hazards, responses) • Mutual access to generation / combination / selection modules • Mutual access to qualified scenarios for testing purposes • Common access rules (e.g. special rights for regulators? Accident department) • Common pricing principles (e.g. cost-orientation) • Standardized interfaces / APIs • References for quality levels (e.g. completeness, traceability, data sources’ consistency / quality) • Classification of existing databases through common criteria

c) Is there consideration needed of the following scenario topics?

The proposed scope (enlarged from the initial concept of “UN scenario database”) would be

• Scenario definitions / scenario generation o List of descriptors in close collaboration with ODD descriptors (scene, hazards, (response?),

other scenario attributes as for example exposure and severity) and the implementation of the combinatory-based approach on OEDR elements

o Scenarios themselves (projected on descriptors, metadata as for example scenario sources, use case)

• Scenario selection • Test procedures implementing scenarios (including pass/fail criteria) • More theoretically generation / combination / selection modules • Governance features (requirements for database feeding, access rules and reuse conditions, prices)

UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE

CONFERENCE OF EUROPEAN STATISTICIANS

Workshop on Ethics in Modern Statistical Organisations

26-28 March 2024, Geneva, Switzerland

26 February 2024

French official statistician and ethics: from law to practice Mylène CHALEIX (INSEE, France) - e-mail : [email protected]

Olivier LEFEBVRE (INSEE, France) - e-mail :[email protected]

Abstract

Created in 1946, INSEE's missions are to develop and disseminate official statistics to inform economic and social debate in the service of democracy. The 1951 Statistical Act on statistical confidentiality, coordination and obligation is the cornerstone of its mandate and embodies the values of French statistical service. In particular, from the outset it has struck a balance between the conditions under which data is collected and the ways in which it is protected.

However, in addition to being enshrined in law or in initial training programmes, ethics must also be part of everyone's day-to-day practices. In this respect, the organisation adopted for French official statistics is to give statisticians end-to-end responsibility for their process, which includes the production of the final result, but also respect for the values of official statistics. From the design stage to the dissemination of data and studies, the statistician will meet people on numerous occasions who will (re)question the measures taken to contribute to this:

 the advisability of launching a statistical operation, access to data (existing data or setting up a survey),

 compliance with European statistical best practices,

 GDPR declarations for individual data,

 conditions of access for researchers to the data produced,

 treatment of statistical confidentiality in dissemination,

 as well as the IT axis (project management, certification, securing access and workstations).

These different stages provide collective insurance that the ethics of public statisticians are taken into account as closely as possible to the work, while at the same time giving meaning to these issues. Combined with a policy of staff mobility between the various statistical services, they strengthen the ownership by everyone and the cross-fertilisation of approaches, bringing greater security to the whole.

1

Ethics and practice, the practice of ethics, the example of INSEE

The practice of ethics at INSEE and in the French official statistical service is the result of a balance between ideals and realities, between procedures and their adaptation to circumstances, between theory and practice. Like a bicycle, this balance is only viable if it is accompanied by movement, in other words if it is practised on a daily basis and if its components are continuously adapted.

All official statisticians can therefore rely on a legal framework that gives them a sense of responsibility and protection, as well as on a body of professional values and best practices that are regularly questioned and confirmed in real-life situations. Procedures govern their implementation, while remaining adaptable enough to take into account exceptional circumstances. The way INSEE is organised allows for regular exchanges between colleagues, enabling them to find answers to their questions, and to to find the right balance for each of these values.

* Simple question of balance

The legal and organisational framework at INSEE, a vehicle for the values of official statistics

The French National Institute for Statistics and Economic Studies - INSEE - was created by the Finance Act of 27 April 1946, taking over a public statistics activity that had been carried out continuously since 1833. Under the French Statistics Act of 1951, its mission is to collect, analyse and disseminate information about the French economy and society throughout the country. It coordinates the French official statistical service.

In comparison with most other national statistical institutes, INSEE has two important specific features: it carries out economic and social studies based on the data it produces, as well as short-term economic forecasts; it manages inter-administrative registers of people and economic entities on behalf of all stakeholders. A third distinctive feature of INSEE is the way in which its staff are trained: most of the staff recruited undergo initial training in economics and statistics at specialised schools. These schools train both INSEE civil servants and future statisticians for the private sector.

A national and European legal environment that is evolving to adapt to the context and challenges, without losing sight of the fundamentals (providing a framework for data collection, guaranteeing its relevance and data protection). The challenge: guaranteeing a balance between data collection, use and protection

INSEE operates within a national legal framework that is both relatively old, and therefore firmly rooted in custom and practice, and evolving to take into account changes in context or needs. The founding legislation for this statistical activity dates back to 1951. Initially focused on surveys, it defines the rules of the game in terms of: first data collection (including the obligation to answer), second opportunity (in relation to the need to shed light on a given phenomenon but also the absence of other sources) and third the protection of the data collected (statistical confidentiality). It has gradually been enriched to enshrine professional independence in law and to take into account new data collection methods (use of administrative data and, more recently, data held by private bodies), while at the same time implementing the rules to assess the appropriateness of such data collection and the protection of the data collected.

The processing of personal data is carried out in compliance with the 1978 Data Protection Act, which has also evolved to adapt to the General Data Protection Regulation (RGPD) and to new opportunities for the secure

2

*

linking of personal data. The National Commission for Information Technology and Civil Liberties (CNIL) is responsible for informing and monitoring its application.

The organisation of official statistics in France is based on 3 pillars. The 1951 Statistical Act on the obligation, coordination and confidentiality of statistics, revised in particular by the law on the modernisation of the economy of 4 August 2008, created various bodies which play an essential role in the operation and regulation of official statistical activities:

 the official statistical service (SSP), comprising INSEE and 16 ministerial statistical offices (SSM), which carry out statistical operations in their areas of competence;

 the National Council for Statistical Information (CNIS), a consultative body for producers and users of official statistics, responsible for monitoring statistical work; its remit is similar to that of ESAC for European statistics, although it is organised differently,

 the Official Statistics Authority (ASP), which is specifically responsible for ensuring the professional independence of official statisticians. It is the French equivalent of the ESGAB.

INSEE is responsible for coordinating the methods, resources and statistical work of the SSP and for unifying statistical classifications. The way in which the SSP carries out its activities is supervised by the Official Statistics Authority. The reference framework is defined in particular by the European Statistics Code of Practice (CoP). Also created by the 1951 Statistical Act, the Official Statistics Label Committee and the Litigation Committee for Compulsory Statistical Surveys deal respectively with surveys on quality and compliance with the obligation to answer. The Label Committee also intervenes, at the request of the ASP, on the conformity of statistics produced by bodies other than those of the SSP (with levels of conformity depending on the levels of labelling requested).

A strong commitment to sharing data while respecting statistical confidentiality

Unlike a number of NSIs, INSEE has not been entrusted with the task of 'data stewardship' at national level, nor does it claim to do. It does, however, carry out cross-cutting missions in terms of data administration and sharing, for very specific audiences, types of data and domains. The first mission is to share statistical data within the official statistical service (with, in particular, the introduction of a non-meaningful individual identifier internal to official statistics), or with researchers, under conditions defined by a specific body called the Statistical Confidentiality Committee. The second is to manage a set of classifications, including geographical ones, and common concepts designed to make it easier to share these data. A third mission, which could be described as 'statistical stewardship', consists in making the data it produces widely available in open data format. Finally, through its management of inter-administrative registers, INSEE carries out an "ID

3

INSEE

STAKEHOLDERS

● Users (directs, indirects)

● Government/public or private decision-makers ●

● Intermediaries (information relays, reusers ...) ●

● Suppliers (respondents, administrative or private data)

Official Statistical authority ● Ensures the professional indepedance,

ethics for the SSP ● Controls (auditions NSI, ONAs)

National council for statistical information

● Consultation ● Opportunity

SSM Labor

SSM Health and Solidarity

SSM Education SSM Higher Education, Research

SSM Culture

SSM Internal Security SSM Defence

SSM Immigration

SSM Local government

SSM Civil service

SSM External trade

SSM Agriculture

SSM Sustainable development

SSM Justice

SSM Youth affairs and Sports

SSM Public finance

SSM = ministerial statistical services

Official Statistical system

Official Statistics Label Committee ● Compliance

stewardship" mission designed to facilitate the semantic interoperability of administrative files by means of unique and shared identifiers.

The practice of ethics on a day-to-day basis at INSEE is the result of several factors

A body of good practice and essential values The challenge: guaranteeing quality, responsiveness and practicality

This legal and institutional framework completes an other one, based on professional values and good practice. In some respects, the former has translated the latter into law, by "making these values enforceable", when necessary (in case of new questions, new opportunities, new challenges). In some others respects, it can be said that these are coherent formalizations, and that the principles and values allow each statistician to "preserve meaning". One example is the European Statistics Code of Practice, whose 16 principles guide a number of our projects, like the core values adopted by UNECE. This corpus is projected into the daily lives of statisticians through illustrations, behaviours and shared points of attention. The aim is to maintain a high level of quality, in line with our core values, while remaining responsive to real-life situations and all their unexpected aspects.

Guides, procedures, audits and action plans to help with implementation The challenge: to remain solid and not lose our sense of purpose

Beyond these principles and values, official statisticians rely on three pillars. The first concerns shared methods for their actions, to ensure that they are correctly implemented. The second involves procedures for day-to-day operations and also action plans to improve or implement investments. The third involves audits designed to provide an external view of our practices. These audits allow to assess the effectiveness (are they achieving the desired goal?) and the efficiency (with the adequate allocation of resources?). The challenge is for all statisticians to have concrete, shared benchmarks for the implementation of their work, without being locked into total formatted processes, and to be able to evaluate and develop them.

An organisation that gives responsibility to the project designers and to each of the players involved, and enables them to look at each phase of the process from different angles. The challenge: integrating diverse contributions without diluting responsibilities

INSEE has adopted a work organisation that gives full responsibility to the designer of a statistical operation (from data collection to analysis and the provision of initial results). This organisation provides the technical skills and the outside expertise needed to successfully complete the operation, and to continuously improve it especially in case of a recurrent operation. The manager in charge of the process surrounds him/herself first with experts in the field to target the collection of information according to the stakeholders’ expectations.

4

After, he/she works with experts in methodology or survey design1, as well as with architects and IT developers for high-performance and secure implementation of the collection and processing. He/she relies on interviewers, then controllers, for these collection and processing operations... Checkpoints (opportunity opinions, statistical compliance opinions, IT security approvals) allow outside parties to express their views, so as to improve the system or, if not, to express their opposition to its implementation.

A practice that enables us to adapt to external shocks or particular contexts (passionate subjects, sensitive issues, public scrutiny) without sacrificing our values. The challenge: knowing how to relax the rule when necessary without losing its spirit, or knowing how to go further than the proposed framework.

The procedures are clear, just restrictive enough to guarantee their efficiency (by preventing everyone from re- inventing them) and to ensure the necessary transparency, while retaining the possibility of adapting them to the circumstances. For example, during the Covid crisis, official statistics were able to carry out a survey on companies and published the results less than 30 days after the request was made. Accelerated procedures to examine the appropriateness and conformity of statistics, combined with a flexible and secure IT system, enabled a crucial question to be answered quickly (how did businesses adapt to the initial containment?) without sacrificing the quality or security of data collection and processing.

A shared mindset based on the values of quality, confidentiality and independence The challenge: a common compass for day-to-day use

For all of this to work optimally, it is essential that everyone shares a vision of the aims of the statistical operations to which they contribute, but also of the values that underpin its implementation, and of their own role in carrying them out. The values are part of the teaching received in the schools, and then they are continuously infused through exchanges between colleagues, additional training, internal communication and managerial practices. One of the challenges is to link everyday actions and routine or exceptional work to these values, so as to embody them. The level of formalisation of the values has so far remained minimalist, but it may be necessary in the future to expand them to meet the growing expectations of users and facilitate communication on these values.

In practice, this is illustrated by the classic procedure for an official statistics survey

Any official statistics survey project must be the subject of an opinion from the CNIS, which checks the general interest and usefulness of the statistical operations presented in the work programmes. This opinion, issued by the president of the thematic commission responsible for the survey, ensures that it meets a public interest need

1questioning, questioning protocol, whether or not to use multi-mode, sampling

5

(principle of relevance) and that it does not duplicate other sources already available - statistical or administrative survey, management file, etc. (principle of minimising the burden on respondents).

In order to be carried out within the framework of the 1951 Statistical Act, any statistical survey project presented by a public statistics producing service must obtain a label of general interest and statistical quality.

After receiving an opinion, the person in charge of the survey (within the producing service) prepares a file (which, since 2024, includes the main headings of the SIMS (Single Integrated Metadata Structure) standard for user-oriented quality reports, supplemented by methodological appendices). Next, the Official Statistics Label Committee gives its opinion which then ensures that survey meets statistical quality criteria. These criteria concern the consultation with users, the collecting and sampling methods2, the relevance of the questioning and the adaptation of the dissemination to the stated objectives. The file also includes the results of questionnaire testing. It also ensures that the survey does not place an excessive burden on respondents, that consultation has taken place with the stakeholders and that the wishes expressed by the CNIS during the debate on the appropriateness have been taken into account.

At the design stage, the survey manager can call on experts from various cross-functional units:  for the design of their questionnaire (Statistical Methods Unit) and specialists in the field (internal or

external to the SSP) ;  for sampling (Statistical Methods Unit);  on the organisation of its survey (Survey Project Management Units);  on the definition of dissemination products (Dissemination and Regional Action Directorate) and the

treatment of confidentiality (Statistical Methods Unit)…

Illustration with TEO: Trajectories and Origins survey (2008 - 2019 editions)

The Trajectories and Origins survey (Trajectoires et Origines - TeO) attempts to measure the impact of origins on access to the main resources that define one’s place in society: housing, education, language skills, employment, public services and social benefits, health, social and family relations, nationality, citizenship, etc. ). It looks at the relationship between origins and other categories of distinction in French society (gender, class, age, neighbourhood, etc.) in order to analyse the processes of integration, discrimination and identity- building within French society as a whole. The second edition of the survey (TeO2), was carried out in 2019- 2020, updated the results of the first survey (TeO1) on these different themes ten years later.

Following strong public demand for information on immigrants and their descendants, and their integration (lack of information in administrative data or in the census), INSEE and INED - the French Institute for Demographic Studies, a public research body) have joined forces to offer an original survey on trajectories and origins. The special feature of the survey is that it deals with issues classified as sensitive under the Data Protection Act. These include in particular issues relating to racial or ethnic origins, religion, health or civic life (trade union or political opinions).

For the first edition, a multidisciplinary working group (statisticians, demographers and researchers) was set up to design the questionnaire between 2006-2007 (with a focus group and field test), the associations concerned were consulted, and the CNIS held discussions on the sensitivity of the data (in May and October 2007) in addition to the usual opportunity and compliance stages. The opinion of the CNIL was also sought out.

Driven once again by public demand, a new edition was included in the survey programme. During the preparation of TeO2 (2016-2019), the same stages were repeated (design group, opinion of opportunity; compliance, opinion requested from the CNIL and registration with the GDPR and their recommendations were included in the protocol. The recommendations were on the experimental nature of the survey on the 3rd

2 sampling plan, data adjustment method, treatment of non-responses to guarantee the reliability of the results, etc.

6

generation or the possibility of not responding on sensitive topics.

In addition to surveys, the data-producing services also ask the CNIS to access administrative data (1951 Statistical Act - Article 7bis) or private data (1951 Statistical Act - Article 3bis) and to obtain an opinion. The question of proportionality, which is not addressed through the prism of the response burden, requires particular attention. In France, this attention is ensured by the Data Protection Act, which states that "data collected for a given purpose must remain adequate, relevant and not excessive, and that the list of data must be limited to what is strictly necessary to meet the stated purpose". With the development of statistical identifiers and the forthcoming introduction of dedicated applications, consideration is being given to the introduction of a linking procedure in order to control the objectives and, once again, limit the information linked to that which is necessary.

Other safeguards for data confidentiality and security

DPIA: a procedure to protect personal data

The General Data Protection Regulation (GDPR), transposed in 2018 into French law by the changes made to the Data Protection Act, imposes obligations on all data providers. These obligations essentially revolve around two main principles: a principle of transparency and a principle of controlling and limiting the risks of process’impact on the privacy of data subjects. The principle of transparency requires data subjects to be informed, in particular of the purpose of the processing operation, the data used, how to exercise their rights, and how to respond to their requests, as well as having acess to the documentation on the processing operations (see letter of notification for respondents and information on insee.fr). The data provider must also ensure that the processing carried out complies with the principles of necessity, minimisation and proportionality with regard to the data processed.

The French version of the GDPR requires all processing of personal data to be recorded in a register kept by the service responsible for the processing, as well as realising an impact assessment on the consequences for individuals in the event of a proven risk. The register of processing operations describes the purposes and objectives of each personal data processing operation, the categories of data used, the categories of data subjects, the parties involved (producers, recipients, processors) and the storage periods. The register is used to compile data processing description sheets, which are published online at insee.fr or communicated directly to respondents.

The Data Protection Impact Assessment (DPIA) is a tool that can be used to design a processing operation that complies with the GDPR and respects privacy. It concerns the processing of personal data that is likely to give rise to a high risk for the rights and freedoms of data subjects.

To carry out a DPIA, it is necessary to:

1. define and describe the context of the processing operation(s) in question;

2. analyse the measures guaranteeing compliance with the fundamental principles of proportionality and necessity of the processing operation, and protection of the rights of the data subjects;

3. assess the privacy risks associated with data security and ensure that they are adequately addressed; formally validate the DPIA in the light of the above elements, or decide to revise the previous stages.

The data protection impact assessment includes a more detailed description of the processing operation than that contained in the register of processing operations. It also deals with the factors that will enable the sensitivity of the processing to be assessed, in particular with regard to its scale (the entire population or a

7

Source : CNIL

sample?), the variables processed (in particular with regard to their sensitivity within the meaning of the GDPR) and the nature of the processing itself (does it involve cross-referencing several files?). In particular, it includes an analysis of the risks in terms of data security or breach of privacy, together with remedial measures. This document is drawn up by a specialised unit at INSEE, in conjunction with the designer of the processing operation, who thus benefits from essential expertise in analysing these issues.

... and another procedure for data integrity and security

Securing data at every stage of the process is also a concern for public statisticians, and one that is growing with the rise in cyberattack. At INSEE, information systems are subject to security certification, involving experts from the Information Systems Directorate and external experts. Once again, the process will be scrutinised, but this time from the point of view of IT security: availability, integrity, confidentiality and traceability. As far as surveys are concerned, since the data collection tools are pooled within a survey network, the certification of a survey is based on what has been done for the network.

But being able to think outside the box when necessary

How can we ensure that a sensitive project is acceptable? The challenge: legitimacy beyond the ability to do things

In 2021, INSEE has launched an ambitious project called RÉSIL, which aims to build a statistical register of individuals and housing based on the linkage of various administrative data. In this project, INSEE is convinced that the legal and ethical issues are just as important as the technical challenges and require special attention, with the support of outside experts. In addition to the technical and legal capacity to make RÉSIL work, we also needed to acquire legitimacy, through a "social mandate". An ambitious process of consultation with civil society was therefore carried out on this project, in parallel with the statistical engineering work. In particular, it relied on a working group from outside official statistics, which operated very intensively for 6 months, from May to October 2022. This was an extra-ordinary approach, going beyond the usual consultation processes, but adapted to the very specific challenges of this project.

The group was not opposed to the principle of RÉSIL, as an exclusively statistical register fed by various sources and allowing record linkages, but had confidence in the institution from a technical and ethical point of view to build and operate it in accordance with the principles of good practices.

However, the group considered that given the nature of RÉSIL and the current context regarding the use of personal data, marked both by greater circulation of this data and increased vigilance over its use, it is necessary to set and make visible the rules of the game, to rely on outside views so that various national authorities or agencies can guarantee them and set the limits. They also felt that it was essential to continue the transparency and consultation efforts undertaken by INSEE over the long term.

This experience of consultation was very challenging, but very useful for INSEE, as it enabled us to identify certain concerns that might emerge about such a system, certain challenges in terms of communication and consultation on RÉSIL and the use of external data which in turn helped us to improve the design of our project.

Sensitive data The challenge: proportionate data collection

Knowing not to go too far for reasons linked to social acceptability: in the example of TeO, the exceptions provided for in the regulations on sensitive data (on racial or ethnic origins in particular) allowed INSEE to collect information on skin colour with a consensus reached on self-perception which included a free response without predefined categories. However, the principle of collecting this information was debated and, noting that social acceptance of this type of questioning was not guaranteed, INSEE and INED decided to abandon it.

8

Another example with RÉSIL is that some of the administrative sources envisaged were not retained following discussions in the consultation group, which warned of the risks (proportionality and acceptability). In this respect, benefiting from an outside perspective is essential in assessing the principle of proportionality.

And communicating our values

As part of RÉSIL, in addition to the transparency and collaboration with stakeholders practised during the consultation group, it was decided to communicate more widely on the values underlying the construction of the directories, also by highlighting professional independence, confidentiality, relevance and impartiality.

Downstream: more opportunities to ask questions

Once the data has been collected and processed, there are other opportunities for the statistician to question the relevance of the results and the associated documentation. For some surveys in particular, an analysis working group has been set up, bringing together researchers specialising in the field as well as official statisticians. This working group provides both an outside view of the data and exchanges on the initial results, or on the content and documentation associated with the files disseminated (FPR - Production and Research Files, see below). This working group is generally made up of people who are already members of the consultation working group set up when the survey was designed or redesigned.

New challenges arise when disseminating results: taking into account statistical confidentiality when disseminating data The challenge: striking a balance between open data and data protection

To do this, the survey manager can call on the experts in the Geographical Methods and Reference Frameworks Unit to ensure the statistical confidentiality of the tables produced, which is particularly important for business surveys. For the dissemination of localised data in particular, they can also call on the skills of the experts in the Dissemination Unit.

The 1951 Statistical Act on the obligation, coordination and confidentiality of statistics set up a Statistical Confidentiality Committee to ensure compliance with statistical confidentiality rules. This committee issue an opinion on requests to disclose data covered by statistical confidentiality for the purposes of official statistics or scientific or historical researches. The data concerned may have been collected as a statistical survey or transmitted by administrations or private operators to the official statistical service in order to compile statistics The applicant submits a file explaining the purpose of the study and justifying the list of data required. And after a favourable opinion, access is generally granted at the CASD (secure access centre), which allows the applicant to work on the data and extract results that respect statistical confidentiality.

A simplified procedure has been put in place for researchers with production and research files (files less rich than those available at the CASD to limit the risks of re-identification).

The importance of a shared culture among INSEE staff

INSEE staff undergo a high-level initial training course specialising in statistics and economics at one of the two schools of the Groupe des écoles nationales d'économie et statistique (GENES) or at the INSEE Training Center in Libourne (CEFIL). A continuous training programme ensures that staff develop their skills throughout their career. Training is not the only means of ensuring that the ethical values of official statistics are embraced. The mobility policy enables INSEE staff to regularly broaden their field of expertise, either by moving into different professions within the same field, or by moving between different fields of activity. In this way, they can start their career in a position of methodological expertise before taking responsibility for a survey, or vice versa. They are also encouraged to work in the ministerial statistical offices and to help disseminate good ethical practice throughout the official statistical service.

9

Conclusion

The environment in which we carry out our work is constantly changing. It offers new opportunities in the way we access and process data; it places us in a competitive situation with data producers who are now able to produce their own analyses or assessments; it confronts us with new needs for data or analyses to understand demographic, economic or social phenomena, it requires also quicker answers.

In the face of competition, the demands for relevance and quality are essential, as are strict compliance with data protection and transparency in data processing; they must be accompanied by a 'know-how' that enhances the value of the data itself. We need to learn to communicate our values better.

New opportunities give us new responsibilities: we must make the best use of them, while respecting the framework of necessity and proportionality and ensuring transparency about their use. This is a guarantee of the trust that citizens and users of our data place in us.

Being responsive and adaptable without abandoning our values or the quality of our output, implies a number of requirements: technicality, expertise, quality of tools for collecting, processing and making data available, the existence of tried and tested processes, but also a shared vision of the purposes of our work, enabling us to optimise its implementation, in a secure manner, depending on the circumstances and in line with ours values. It's a question of knowing how to make "tailor-made" products, making optimum use of the "machine tools", without the process becoming an assembly line.

Tailor-made vs Taylor-made...

10

Legislative framework

Loi n°51-711 du 7 juin 1951 sur l’obligation, la coordination et le secret statistique (Statistical Act)

Décrets n°2009-250 du 3 mars 2009 modifié et n°2009-318 du 20 mars 2009 pour les missions de l’ASP, le Cnis et les comités du label de la statistique publique, du secret statistique et du contentieux des enquêtes statistiques obligatoires (ASP and CNIS Decrees)

Loi n°78-17 du 16 janvier 1978 relative à l’informatique, les fichiers et aux libertés (Data protection Act)

Règlement (UE) n° 223/2009 révisé du Parlement européen et du Conseil du 11 mars 2009 relatif à la statistique européenne (European Statistical Act)

T he French official statistical system on the website insee.fr (english version)

Bibliographies

 Anxionnaz I. et Maurel F., The National Council for Statistical Information: The quality of Official Statistics also depends on consultation, in Courrier des statistiques n° 6 (july 2021)

 Roth N. et Christine M., The Label Committee: A Governing Body Ensuring the Quality of Official Statistics, in Courrier des statistiques n° 5 (december 2020)

 Bureau D., Ensuring Independent Quality Statistics:The French Official Statistics Authority Ten Years After, in Courrier des statistiques n° 5 (december 2020)

 Redor P., Confidentialité des données statistiques : un enjeu majeur pour le service statistique public, in Courrier des statistiques n° 9 (juin 2023) – in French only

 Tavernier J.-L., Un système statistique intégré à l’administration centrale, in Courrier des statistiques n° 1 (décembre 2018) – in French only

 Isnard M., Qu’entend-on par statistique(s) publique(s) ? , in Courrier des statistiques n° 1 (décembre 2018) – in French only

 Lefebvre O. Towards a "social mandate" for the French project of a statistical directory of individuals and dwellings by France - Unece juin (2023)

11

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 27/03/24

French official statistician and ethics

Ethics and practice, the practice of ethics

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 2

1 - ETHICS AND PRACTICE A- LEGAL AND ORGANISATIONAL FRAMEWORKS B- PROCEDURES C- CULTURE

2 - THE PRACTICE OF ETHICS 3 - THE FUTURE

3

INTRODUCTION

Procedures and tools

Shared culture

Legal/organisation frameworks

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 4

LEGAL AND ORGANISATION FRAMEWORKS1-A

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 5

MISSIONS OF INSEE

LIKE EVERY NSI

 Production of statistics (surveys, use of administrative data, use of private data)

 Dissemination of statistics

 Coordination of national statistics system (NSI + ONA)

MORE SPECIFIC MISSIONS

 Short term analysis and economic forecast (national level)

 Economic and social studies (national and local level)

 Managing registers for administrative purposes (shared identification)

 Register for identification of persons (no address, share of Id strictily limited)

 Business register

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 6

3 PILLARS – FRENCH STATISTICAL SYSTEM

INSEE +

16 ministerial statistical offices

STAKEHOLDERS

● Users (directs, indirects)

● Government/public or private decision-makers ●

● Intermediaries (information relays, reusers ...) ●

● Suppliers (respondents, administrative or private data)

Official Statistical authority ● Ensures the professional indepedance,

ethics for the SSP ● Controls (auditions NSI, ONAs)

National council for statistical information

● Consultation ● Opportunity

Official Statistics Label Committee ● Compliance

Statistical confidentiality Committee ● Confidentiality ● Researchers accesses

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 7

OFFICIAL STATISTICS GOVERNANCE

3 FRENCH LAWS



 1951 Act on the obligation, coordination and secrecy of statistics (modified many times, especially 84, 2002, 2016)  « French Statiscal Law »



 Insure Data collection of survey and administrative data and private data since 2016  Creation of CNIS  Statistical coordination  Regulate mandatory data collection

 1978 Act relating to data processing, files and freedoms compliant with GDPR (modified in 2019)

 2016 Act for a Digital Republic : open data for database, documents, source code, access on private data (51 law's update), non significant identifier for record linkage

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 8

COMMON REFERENCE

European Statistics Code of Practice Necessity, proportionnality principles

« data collected for a given purpose must remain adequate, relevant and not excessive, and that

the list of data must be limited to what is strictly necessary to meet the stated purpose »

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 9

PROCEDURES AND TOOLS1-B

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 10

PROCEDURES (1/2)

DESIGN/BUILD PHASES – Opportunity, relevance, response burden

 with the Cnis’ opinions

– Compliance with the CoP, sound methodology of the project

 with the help of the Statistical Methods unit (sampling frames, good practices to design survey...)

 Label Committee

– Data confidentiality and security

data protection impact assessment (compliance with GDPR) with the Legal Affairs and Litigation unit

 IT security certification (often with external review)

 Strict rules for internal access to data

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 11

PROCEDURES (2/2)

DISSEMINATION PHASE – Validation of data (directly from internal users)

– Procedure of correction of errors

– Taking into account statistical confidentiality

 help from Statistical Methods unit

– Researchers’ accesses

Statistical confidentiality committee (opportunity/ proportionality) and dedicated centers

 Design of the datasets adapted to the conditions of access and control

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 12

SERVICES, METHODS AND TOOLS

SOME SHARED METHODS AND TOOLS – Metadata repository (RMéS)

– CSNS, linkage record service (WIP)

– Secured infrastructure for a self-service of data processing

– Sampling for households and business surveys

– Project management method

– Unified tool for the acquisition and first steps of transformation of administrative data

– ...

13

COMPLIANCE WITH THE COP

Within the process itself

Quality framework (with the Quality monitoring committee – CoSaQ every unit of Insee + ONAs)

Help possible from the Quality Unit to design a specific quality framework

• External views

Official Statistical Authority annual report (ASP)

European peer reviews – for France : 2007, 2014, 2021

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 14

COMMON CULTURE1-C

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 15

OFFICIAL STATISTICIANS : A COMMON CULTURE (1/2)

A HIGH LEVEL INITIAL TRAINING IN STATISTICS AND ECONOMICS – 2 schools (Ensae/Ensai) and Insee training center (Cefil)

 the same skills and strong links between people right from the training stage

– Introduction to quality and ethics

A CONTINUOUS TRAINING PLAN – Methods,

– Ethics&quality,

– Statiscal softwares and data processing (reproducibility, traceability , data confidentiality)...

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 16

OFFICIAL STATISTICIANS : A COMMON CULTURE (2/2)

ACCUMULATED EXPERIENCE THROUGHOUT THE CAREER – A mobility policy that allows us to work in different jobs, at different

steps of data life cycle (collection, design, processing, dissemination), in different environments (Insee, ONAs, other agencies, schools)

 open-mindedness and ability to engage in dialogue

 between Insee and ministerial statistical offices

– Possibility of being responsible for a statistical process from start to finish, with dialogue at every stage involving an expert/specialist in charge of a component of the process, an auditor, an internal user of the data

 constant questioning fuelled by a shared culture

– Specific rôle of the managers, especially for young colleagues

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 17

IN PRACTICE02

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 18

SURVEY : TEO

TRAJECTORIES AND ORIGINS SURVEY – Strong public demand on a sensible topic

– Social acceptability and impartiality ● Not all the questions allowed by law (no consensus) ● Strong neutrality for the results and studies

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 19

RÉSIL : STATISTICAL REGISTER OF INDIVIDUALS & HOUSING

STATISTICAL REGISTER – 2 points of attention : exhaustibility, linkage of administrative data

– Not only technical and legal challenges : they give capacity to do, but don’t ensure legitimity

SOCIAL ACCEPTABILITY – Special consultation supported by CNIS, but in a dedicated group of non

statisticians : challenge the proportionality, identify risks and mitigation : real impact on the design of the project and the implemented processes, recognized and “enforced” by CNIL

– Public communication : about the project, but as well about some of the core values (impartiality, independency…) and in a « non technical » approach (condition of transparency towards a large public)

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 20

THE FUTURE03

WORKSHOP ON ETHICS, GENEVA 26-28/03/24 21

THE FUTURE

OFFICIAL STATISTICIANS AND ETHICS – Daily practice, exchanges

– New opportunities (IT, AI), new questions

MORE TRANSPARENCY, MORE COMMUNICATION – Keep the confidence

27/03/24WORKSHOP ON ETHICS, GENEVA 26-28/03/24

insee.fr

Retrouvez-nous sur

Mylène CHALEIX Olivier LEFEBVRE Head of Quality Unit Director of Résil program Mél: [email protected] [email protected]

UNITED NATIONS ECONOMIC COMMISSION FOR EUROPE

CONFERENCE OF EUROPEAN STATISTICIANS

Workshop on Ethics in Modern Statistical Organisations

26-28 March 2024, Geneva, Switzerland

26 février 2024

Éthique et pratique, pratique de l’éthique, l’exemple de l’Insee Mylène CHALEIX (INSEE, France) - e-mail : [email protected]

Olivier LEFEBVRE (INSEE, France) - e-mail :[email protected]

Résumé

Créé en 1946, l’Insee a reçu pour mission de développer et de diffuser une information statistique pour éclairer le débat économique et social au service de la démocratie. Pilier de son mandat, la loi statistique de 1951 sur le secret, la coordination et l’obligation statistiques porte les valeurs du service statistique public français. En particulier, dès son origine, elle établit un équilibre entre les conditions de collecte des données et les modalités de leur protection.

Mais au-delà de son inscription dans le droit, ou dans les programmes de formation initiale, l’éthique se doit d’être inscrite dans les pratiques quotidiennes de chacun. À cet égard, l’organisation retenue pour la statistique publique française est de donner au statisticien une responsabilité de bout en bout sur son processus, qui inclut la production du résultat final, mais aussi le respect des valeurs de la statistique publique. De la conception à la diffusion des données et des études, le statisticien va rencontrer des interlocuteurs à de nombreuses occasions qui vont le (re)questionner sur les mesures prises pour y concourir :

 opportunité de lancer une opération statistique, accès aux données (existantes ou mise en place d’une enquête),

 conformité aux bonnes pratiques de la statistique européenne,

 déclarations RGPD pour les données individuelles,

 conditions d’accès des chercheurs aux données produites,

 traitement du secret statistique en diffusion,

 mais également sur les enjeux informatiques (conduite de projet, homologation, sécurisation des accès et des postes de travail).

Ces différentes étapes permettent une assurance collective de la prise en compte de la déontologie du statisticien public au plus près des travaux, tout en donnant du sens à ces questionnements. Conjuguées à une politique de mobilité des agents entre les différents services statistiques, elles renforcent à la fois l’appropriation par chacun et le croisement des approches, apportant une sécurité renforcée à l’ensemble.

1

Éthique et pratique, pratique de l’éthique, l’exemple de l’Insee

La pratique de l’éthique à l’Insee et dans le service statistique public français résulte d’un équilibre entre les idéaux et les réalités, entre les procédures et leur adaptation aux circonstances, entre la théorie et la pratique. Comme à bicyclette, cet équilibre n’est viable que s’il s’accompagne de mouvement, en d’autres termes que s’il est pratiqué au quotidien et si ses composants s’adaptent en continu.

L’ensemble des agents de la statistique publique peut ainsi s’appuyer sur un cadre juridique responsabilisant et protecteur, mais aussi sur un corpus de valeurs professionnelles et de bonnes pratiques régulièrement questionnées et confortées aux situations réelles. Des procédures en balisent la mise en œuvre, tout en restant assez adaptables pour tenir compte de circonstances exceptionnelles. L’organisation de l’Insee permet des échanges réguliers entre collègues, leur permettant de trouver des réponses à leurs questions, et de trouver les bons équilibres permettant de s’inscrire dans chacune de ces valeurs.

Le cadre juridique et organisationnel à l’Insee, porteur des valeurs de la statistique publique

L’Institut national de la statistique et des études économiques - l’Insee - a été créé par la loi de finances du 27 avril 1946, reprenant alors une activité de statistique publique qui s’était exercée sans discontinuité depuis 1833. Dans le cadre de la loi statistique française de 1951, il a pour mission de collecter, analyser et diffuser des informations sur l'économie et la société française sur l'ensemble de son territoire. Il coordonne le service statistique public français.

Par rapport à la plupart des autres instituts nationaux de statistique, l’Insee présente deux spécificités importantes : il réalise des études économiques et sociales, fondées sur les données qu’il produit, ainsi que des prévisions économiques de court terme ; il gère des répertoires inter-administratifs de personnes et d’entités économiques pour le compte de l’ensemble des acteurs. Une troisième particularité de l’Insee réside dans le mode de formation de ses agents : la plupart des agents recrutés suivent une formation initiale en économie et statistique, dans des écoles spécialisées qui forment à la fois les fonctionnaires de l’Insee et des cadres du secteur privé.

Un environnement juridique national et européen, qui évolue pour s’adapter au contexte et aux enjeux, sans perdre de vue les fondamentaux (donner un cadre pour la collecte de données, garantir la pertinence des enquêtes et la protection des données) Enjeu : garantir les équilibres collecte-utilisation-protection

L’Insee évolue dans un contexte juridique national, à la fois relativement ancien, donc bien ancré dans les usages et pratiques, et évolutif, pour tenir compte des changements de contexte ou de besoins. La loi fondatrice de cette activité statistique date de 1951. Initialement centrée sur les enquêtes, elle définit les règles du jeu en matière de collecte (y compris les cas d’obligation de répondre), mais aussi d’opportunité (en lien avec le besoin d’éclairer tel ou tel phénomène, et en l’absence de sources alternatives) et la protection des données collectées (secret statistique). Elle s’est progressivement enrichie pour inscrire en droit l’indépendance

2

professionnelle et pour prendre en compte de nouvelles modalités de collecte (utilisation de données administratives et, plus récemment, de données détenues par des acteurs privés) tout en veillant à définir les règles d’appréciation de l’opportunité de telles collectes et de la protection des données ainsi recueillies. Concernant le traitement de données individuelles, celui-ci s’exerce dans le respect de la loi Informatique et libertés de 1978, qui a également su évoluer pour s’adapter d’une part au Règlement général pour la protection des données (RGPD), d’autre part aux nouvelles opportunités en matière d’appariement sécurisé de données individuelles. La Commission nationale Informatiques et libertés (Cnil) est chargée d’informer et de contrôler son application.

L’organisation de la statistique publique en France repose sur 3 piliers.

La loi de 1951 sur l’obligation, la coordination et le secret statistique, révisée notamment par la loi de modernisation de l’économie du 4 août 2008, a créé différentes instances qui jouent un rôle essentiel dans le fonctionnement et la régulation des activités de la statistique publique :

 le service statistique public (SSP), composé de l’Insee et de 16 services statistiques ministériels (SSM) qui réalisent les opérations statistiques dans leur domaine de compétence ;

 le Conseil national de l'information statistique (Cnis), organe de concertation entre producteurs et utilisateurs de la statistique publique, chargé de suivre les travaux statistiques ; ses attributions sont proches de celles que l’ESAC1 exerce pour la statistique européenne, même si son organisation est différente,

 l’Autorité de la statistique publique (ASP), chargée particulièrement de veiller à l'indépendance professionnelle des statisticiens publics. C’est l’équivalent français de l’ESGAB2.

Insee

● Usagers (directs, indirects)

● Gouvernement/décideurs publics ou privés

● Intermédiaires (relais d’information, réutilisateurs …)

● Fournisseurs (répondants, données administratives ou privées)

Garant indépendance, rigueur méthodologique et déontologie Contrôles

Concertation Opportunité

SSM Travail

SSM Santé/solidarité

SSM Éducation SSM Recherche/Ens.sup.

SSM Culture

SSM Sécurité intérieure SSM Défense

SSM Immigration

SSM Collectives locales

SSM Fonction publique

SSM Commerce extérieur

SSM Agriculture

SSM Environnement Énergie/Logement Transport/Dev. durable

SSM Justice

SSM Jeunesse/sports

SSM Finances publiques

Conformité

L’Insee a pour attributions de coordonner les méthodes, les moyens et les travaux statistiques du SSP et de réaliser la cohérence des nomenclatures statistiques. La façon dont le SSP mène ses activités sont évaluées par l'Autorité de la statistique publique. Le cadre de référence est celui défini notamment par le code de bonnes pratiques de la statistique européenne (CoP).

Créés également par la loi de 1951, le Comité du label de la statistique publique et le Comité du contentieux des enquêtes statistiques obligatoires interviennent sur les enquêtes respectivement sur la qualité et sur le respect de l’obligation de réponse. Le Comité du label intervient également, à la demande de l’ASP, sur la conformité des statistiques produites par d’autres organismes que ceux du SSP (avec des niveaux de conformité dépendant des niveaux de labellisation demandés).

1ESAC : European Statistical Advisory Committee 2ESGAB : European Statistical Governance Advisory Board

3

Une forte implication dans le partage des données dans le respect du secret statistique

Contrairement à plusieurs INS, l’Insee ne s’est pas vu confier une mission de « data stewardship » à l’échelle nationale, mission que d’ailleurs il ne revendique pas. Mais il exerce des missions transversales en matière d’administration et de partage de données, sur des publics, des types de données et des domaines bien spécifiques. Une première mission de partage de données statistiques à l’échelle du service statistique public (avec notamment la mise en place d’un identifiant individuel non signifiant interne à la statistique publique), ou en direction de chercheurs, selon des conditions définies par une instance spécifique appelée Comité du secret statistique. Une deuxième mission est de gérer un ensemble de nomenclatures, y compris géographiques, et de concepts communs destinées à faciliter le partage de ces données. Une troisième mission, que l’on pourrait qualifier de « statistics stewardship » consiste à diffuser très largement les données qu’il produit, en open data. Enfin, l’Insee, de par sa gestion de répertoires inter-administratifs, exerce une mission « d’ID-stewardship » non formalisée en tant que telle, mais qui permet de faciliter l’inter-opérabilité sémantique de fichiers administratifs au moyen d’identifiants uniques et partagés.

La pratique de l’éthique au quotidien, à l’Insee, le résultat de plusieurs facteurs

Un corpus de bonnes pratiques, de valeurs essentielles Enjeu : garantir la qualité, la réactivité, le concret

Ce cadre juridique et institutionnel complète un autre cadre, fait de valeurs professionnelles et de bonnes pratiques. Par certains aspects, le premier a traduit le second en droit, en « rendant ces valeurs opposables », autant que de besoin (face à des questions nouvelles, des opportunités nouvelles, des enjeux nouveaux) ; par d’autres aspects, on peut dire qu’il s’agit de formalisations cohérentes, et que les principes et valeurs permettent à chacun de « garder du sens ».

On peut ainsi citer le code de bonnes pratiques de la statistique européenne, dont les 16 principes balisent nombre de nos travaux, mais aussi les valeurs essentielles (core values) adoptées par l’Unece. Ce corpus se projette dans la vie quotidienne des statisticiens à travers des illustrations, des comportements, des points d’attention partagés. Avec pour but de maintenir un haut niveau de qualité, dans le respect de nos valeurs essentielles, tout en restant réactifs face aux situations réelles et tout ce qu’elles comportent d’imprévus.

Des guides, procédures, audits, plans d’action, qui sont des aides pour la mise en œuvre Enjeu : rester solides et ne pas perdre le sens

Au-delà de ces principes et de ces valeurs, les statisticiens publics s’appuient sur trois piliers. Le premier concerne des méthodes partagées pour leurs actions, permettant d’en sécuriser la mise en œuvre. Le deuxième s’exerce par le biais de procédures (pour les opérations courantes), de plans d’action (pour des améliorations ou

4

la mise en œuvre d’investissements). Le troisième mobilise des audits destinés à apporter un regard externe au processus sur nos pratiques, sous l’angle de l’efficacité (atteignent-elles le but recherché ?) ou de l’efficience (avec les allocations optimales de moyens) ? L’enjeu est que l’ensemble des statisticiens disposent de repères concrets et partagés pour la mise en œuvre de leurs travaux sans se laisser enfermer par des processus totalement formatés, et puissent les évaluer et les faire évoluer.

Une organisation permettant à la fois une responsabilisation des concepteurs d’opération et de chacun des acteurs, et des regards croisés sur chaque phase du processus Enjeu : intégrer des apports divers sans diluer les responsabilités

L’Insee a adopté une organisation du travail qui responsabilise pleinement le concepteur d’une opération statistique (de la collecte à l’analyse et la mise à disposition des premiers résultats) tout en lui apportant la technicité, l’expertise et les regards extérieurs dont il a besoin pour mener à bien son opération, et pour l’améliorer en continu s’il s’agit d’une opération récurrente. Le concepteur s’entoure d’experts du domaine pour cibler la collecte d’information en fonction des attentes exprimées, puis d’experts en méthodologie ou en design d’enquêtes (questionnement, protocole d’interrogation, usage ou non du multimode, échantillonnage), d’architectes et de développeurs IT pour une mise en œuvre performante et sécurisée de la collecte et des traitements ; il s’appuie sur des enquêteurs, puis des gestionnaires, pour ces opérations de collecte et de traitement… Des points de passage (avis d’opportunité, avis de conformité statistique, homologation de sécurité IT) permettent à des regards extérieurs de s’exprimer, de manière à améliorer le dispositif, ou, dans le cas contraire, d’exprimer une opposition à sa mise en œuvre.

Une pratique permettant de s’adapter à des chocs extérieurs ou à des contextes particuliers (sujets passionnels, questions sensibles, vigilance de l’opinion) sans sacrifier à nos valeurs Enjeu : savoir assouplir la règle quand il le faut sans en perdre l’esprit, ou savoir aller plus loin que le cadre proposé.

Les procédures sont claires, juste assez contraignantes pour en garantir l’efficience (en évitant que chacun les ré-invente) et assurer la transparence nécessaire, mais en gardant la possibilité de les adapter aux circonstances. Ainsi, lors de la crise sanitaire, la statistique publique a été en capacité de réaliser une enquête auprès des entreprises et d’en publier les résultats moins de 30 jours après l’expression de la demande. Des procédures accélérées d’instruction en opportunité et en conformité statistique, alliées à un dispositif informatique souple et sécurisé, ont permis de répondre rapidement à une question cruciale (comment les entreprises se sont-elles adaptées au premier confinement ?) sans sacrifier la qualité ni la sécurité de la collecte et des traitements.

Un état d’esprit partagé autour des valeurs de qualité, confidentialité, indépendance Enjeu : une boussole commune utilisée au quotidien

Pour que tout cela fonctionne de manière optimale, il est essentiel que chacun partage la vision des finalités des opérations statistiques auquel il contribue, mais aussi des valeurs qui sous-tendent sa mise en œuvre, et de son propre rôle dans la réalisation du dispositif.

Les valeurs font partie des enseignements reçus dans les écoles, puis elles infusent en continu au gré des échanges entre collègues, des formations complémentaires, des actions de communication interne ou des pratiques managériales. Un des enjeux est de relier des actes du quotidien, des travaux courants ou exceptionnels à ces valeurs, de manière à les incarner. Le niveau de formalisation des valeurs est resté jusqu’à présent minimaliste, mais il sera peut-être nécessaire dans l’avenir de l’augmenter pour répondre aux attentes grandissantes des utilisateurs et faciliter la communication sur ces valeurs.

5

En pratique, illustration avec le parcours classique d’une enquête de la statistique publique

Tout projet d’enquête de la statistique publique doit faire l’objet d’un avis d’opportunité du Cnis qui s’assure de l’intérêt général et de l’utilité des opérations statistiques présentées dans les programmes de travail. Cet avis, émis par le président de la commission thématique dont relève l’enquête, permet de s’assurer qu’elle correspond à un besoin d’intérêt public (principe de pertinence) et qu’elle ne fait pas double emploi avec d’autres sources déjà disponibles - enquête statistique ou administrative, fichier de gestion, etc. (principe de minimisation de la charge des répondants).

Pour pouvoir être réalisé dans le cadre de la loi du 7 juin 1951, tout projet d’enquête statistique présenté par un service producteur de la statistique publique doit obtenir un label d’intérêt général et de qualité statistique.

Après avoir reçu un avis d’opportunité, le responsable de l’enquête (au sein du service producteur) prépare un dossier (qui reprend, depuis 2024, les principales rubriques du standard des rapports qualité orientés utilisateurs, SIMS – Single Integrated Metadata Structure, complété par des annexes méthodologiques) et le présente au comité du label de la statistique publique. Pour rendre son avis, celui-ci s’assure que l’enquête répond aux critères de qualité statistique en ce qui concerne la concertation avec les utilisateurs, la méthode de collecte et d’échantillonnage (plan de sondage, méthode de redressement des données, traitement des non- réponses garantissant la fiabilité des résultats…), de pertinence du questionnement et d’adaptation de la diffusion aux objectifs annoncés. Le dossier comporte également les résultats des tests du questionnaire. Il s’assure également que l’enquête n’entraîne pas de charge excessive sur les enquêtés, qu’une concertation a été menée avec les partenaires concernés et que les souhaits exprimés par le Cnis lors du débat d’opportunité ont bien été pris en compte.

Lors de la conception, le responsable d’enquête peut s’appuyer sur les experts des différentes unités transverses :

 pour la conception de son questionnaire (département des méthodes statistiques) et les spécialistes du domaine (internes ou externes au SSP) ;

 pour l’échantillonnage (département des méthodes statistiques) ;

 sur l’organisation de son enquête (divisions de maîtrise d’œuvre des enquêtes) ;

 sur la définition des produits de diffusion (direction de la diffusion et de l’action régionale) et le traitement de la confidentialité (département des méthodes statistiques) ...

6



Illustration avec TEO : enquête Trajectoires et Origines (éditions 2008 – 2019)

L'enquête Trajectoires et Origines (TeO) a pour objectif d'appréhender l’impact de l'origine géographique sur l'accès aux différentes ressources de la vie sociale (logement, langue et éducation, emploi, loisirs, services publics et prestations sociales, contraception, santé, nationalité, réseau de relations, marché matrimonial, etc.). Elle s'intéresse à l'articulation entre l'origine et les autres catégories de distinction dans la société française (genre, classe, âge, quartier, etc.) afin d'analyser les processus d'intégration, de discrimination et de construction de l’identité au sein de la société française dans son ensemble. La seconde édition de l’enquête (TeO2), réalisée en 2019-2020, permet d’actualiser les résultats issus de la première enquête (TeO1) sur ces différents thèmes dix ans après.

Suite à une forte demande publique de disposer d’informations sur les immigrés et leurs descendants et leur intégration (absence d’informations dans les données administratives ou dans le recensement), l’Insee et l’Ined (Institut national d’études démographiques, organisme public de recherche) se sont associés pour proposer une enquête originale sur les trajectoires et les origines. La particularité de l’enquête est de s’intéresser à des thématiques classées comme sensibles pour la loi Informatiques et libertés. Il s’agit en particulier des thématiques en relation avec les origines raciales ou ethnique, la religion, la santé ou encore la vie citoyenne (opinions politiques, engagement syndical).

La première édition a donné lieu à la constitution d’un groupe de travail pluridisciplinaire (statisticiens, démographes et chercheurs) pour la conception du questionnaire entre 2006-2007 (avec focus group et test terrain), à une consultation des associations concernées, des échanges au sein du Cnis sur la sensibilité des données (mai et octobre 2007) en complément des étapes habituelles d’opportunité et de conformité. L’avis de la Cnil a également été recueilli.

Portée à nouveau par la demande publique, une réédition a été inscrite au programme des enquêtes. Lors de la préparation de TeO2 (2016-2019), les mêmes étapes ont été reproduites (groupe de conception, avis d’opportunité ; de conformité, avis demandé auprès de la Cnil et inscription au RGPD) et leurs recommandations ont été incluses dans le protocole : caractère expérimental pour l’enquête sur la 3è génération ou possibilité de ne pas répondre sur les thèmes sensibles.

Au-delà des enquêtes, les services producteurs s’adressent également au Cnis pour accéder aux données administratives (loi de 1951 - article 7bis) ou aux données privées (loi de 1951 - article 3bis) et obtenir un avis d’opportunité. La question de la proportionnalité, qui n’est pas abordée par le prisme de la charge de réponse, demande une attention particulière. En France, cette attention est portée par la loi Informatique et Libertés qui précise que « les données collectées au regard d’un objectif déterminé doivent rester adéquates, pertinentes et non excessives, la liste des données doit se limiter à ce qui est strictement nécessaire pour répondre à l’objectif annoncé ». Avec le développement d’identifiants statistiques et la mise en place prochaine d’applicatifs dédiés, les réflexions sont en cours sur la mise en place d’une procédure concernant les appariements afin de maîtriser les objectifs et là encore de limiter les informations appariées aux seules données nécessaires.

Autres garde-fous sur la confidentialité et sécurité des données

L’AIPD une procédure au service de la protection des données individuelles Le Règlement général pour la protection des données (RGPD), transcrit en droit français dans l’évolution de la loi Informatique et libertés en 2018, impose à tout responsable de traitements des obligations Ces obligations s’articulent pour l’essentiel autour de deux grands principes : un principe de transparence et un principe de maîtrise et limitation des risques d’impact des traitements sur la vie privée des personnes concernées. Le principe de transparence impose l’information des personnes, notamment quant à la finalité du traitement, aux données mobilisées, à l’exercice de leurs droits et en réponse à leurs demandes, à la documentation des

7

traitements (cf lettre-avis pour les enquêtés et informations sur insee.fr). Le responsable de traitement doit également veiller à ce que le traitement mis en œuvre respecte bien les principes de nécessité, de minimisation et de proportionnalité au regard des données traitées.

Cette déclinaison française du RGPD se concrétise par l’inscription de tout traitement de données à caractère personnel dans un registre tenu par le service responsable du traitement et également une étude d’impact sur les conséquences pour les personnes, en cas de risque avéré. Le registre des traitements décrit, pour chaque traitement de données à caractère personnel, ses finalités et objectifs, les catégories de données mobilisées, les catégories de personnes concernées, les acteurs impliqués (producteurs, destinataires, sous-traitants), les durées de conservation. À partir de ce registre sont constituées des fiches descriptives des traitements, mises en ligne sur insee.fr ou des informations communiquées directement aux enquêtés.

L’Analyse d’Impact relative à la Protection des Données (AIPD) est un outil qui permet de construire un traitement conforme au RGPD et respectueux de la vie privée. Elle concerne les traitements de données personnelles qui sont susceptibles d'engendrer un risque élevé pour les droits et libertés des personnes concernées.

Pour mener une AIPD, il convient de :

1. délimiter et décrire le contexte du(des) traitement(s) considéré(s) ;

2. analyser les mesures garantissant le respect des principes fondamentaux : la proportionnalité et la nécessité du traitement, et la protection des droits des personnes concernées ;

3. apprécier les risques sur la vie privée liés à la sécurité des données et vérifier qu’ils sont convenablement traités ;

4. formaliser la validation de l’AIPD au regard des éléments précédents ou bien décider de réviser les étapes précédentes.

L’analyse d’impact sur la protection des données comporte une description du traitement, plus détaillée que ce qui figure dans le registre des traitements. Elle traite également des éléments permettant d’apprécier la sensibilité du traitement, au regard notamment de son échelle (toute la population ou un échantillon ?), des variables traitées (notamment vis-à vis de leur sensibilité au sens du RGPD) et de la nature même du traitement (implique-t-il un croisement de plusieurs fichiers ?). Y figure notamment une analyse des risques en termes de sécurité des données ou d’atteinte à la vie privée, assortie d’éléments de remédiation. Ce document est établi par une unité spécialisée de l’Insee, en lien avec le concepteur du traitement, qui bénéficie ainsi d’une expertise indispensable quant à l’analyse de ces enjeux.

… et une autre procédure pour l’intégrité et la sécurité des données

La sécurisation des données à toutes les étapes du processus est également une préoccupation du statisticien public, préoccupation grandissante avec la montée de la cybercriminalité. À l’Insee, les systèmes d‘information font l’objet d’une homologation de sécurité, impliquant des experts de la direction du système d’information et des experts externes. À nouveau, le processus va être « ausculté » mais cette fois sous l’angle de la sécurité informatique : disponibilité, intégrité, confidentialité et traçabilité. Concernant les enquêtes, les outils de collecte étant mutualisés dans une filière d’enquête, l’homologation d’une enquête s’appuie sur ce qui est fait pour la filière.

8

Source : CNIL

Mais être capable de sortir du cadre quand c’est nécessaire

Comment s’assurer de l’acceptabilité d’un projet sensible ? Enjeu : la légitimité au-delà de la capacité à faire

L'Insee a lancé en 2021 un projet ambitieux appelé Résil qui vise à construire un répertoire statistique des individus et des logements basé sur le couplage de diverses données administratives.

Concernant ce projet, l'Insee a la conviction que les enjeux juridiques et éthiques sont aussi importants que les défis techniques et nécessitent une attention particulière, en s'appuyant pour cela sur des regards extérieurs. Au- delà de la capacité technique et juridique à faire Résil, il fallait aussi acquérir la légitimité, à travers un « mandat social ». Un processus ambitieux de consultation de la société civile a donc été mené sur ce projet, en parallèle des travaux d'ingénierie statistique. Il s'est notamment appuyé sur un groupe de travail extérieur à la statistique publique, qui a fonctionné de manière très intensive pendant 6 mois, de mai à octobre 2022. C’est une démarche extra-ordinaire, allant au-delà des processus de concertation habituels, mais adaptée aux enjeux très spécifiques du projet.

Le groupe ne s'est pas opposé au principe de Résil, en tant que répertoire à vocation exclusivement statistique alimenté par diverses sources et permettant des appariements, et fait confiance à l'institution sur le plan technique et déontologique pour le construire et le faire fonctionner dans les règles de l'art et le respect des bonnes pratiques.

Cependant, il a considéré que compte tenu de la nature de Résil et du contexte actuel concernant l'utilisation des données personnelles, marqué à la fois par une plus grande circulation de ces données et par une vigilance accrue sur leur utilisation, il est nécessaire de fixer et de rendre visibles les règles du jeu, de s'appuyer sur des regards extérieurs pour que différentes autorités ou agences nationales les garantissent et en fixent les limites. Il a estimé également qu'il est essentiel de poursuivre dans la durée les efforts de transparence et de consultation entrepris par l'Insee.

Cette expérience de concertation a été très prenante, mais très utile pour l’Insee, car elle a permis d'identifier certaines craintes qui pourraient émerger à propos d'un tel système, certains défis en matière de communication et de consultation sur Résil et l'utilisation de données externes, et d'améliorer la conception de notre projet.

Données sensibles Enjeu : une collecte proportionnée

Savoir ne pas aller trop loin pour des raisons liées à l’acceptabilité sociale : sur l’exemple de TeO, les exceptions prévues à la réglementation sur les données sensibles (sur les origines raciales ou ethniques notamment) permettaient à l’Insee de recueillir une information sur la couleur de la peau avec un consensus trouvé sur une auto-perception avec réponse libre sans catégories prédéfinies. Cependant le principe de ce recueil faisait débat et, constatant que l’acceptation sociale de ce questionnement n’était pas assurée, l’Insee et l’Ined ont préféré y renoncer.

Autre exemple avec Résil, certaines sources administratives envisagées n’ont pas été retenues suite aux échanges dans le groupe de concertation, ce dernier ayant alerté sur les risques (proportionnalité et acceptabilité). À cet égard, bénéficier d’un regard extérieur est un atout essentiel pour apprécier ce principe de proportionnalité.

Et communiquer… sur nos valeurs

Dans le cadre de Résil, au-delà de la transparence et la collaboration avec les parties prenantes pratiquées lors du groupe de concertation, il a été décidé de communiquer plus largement sur les valeurs sous-jacentes à la

9

construction des répertoires également en mettant en avant l’indépendance professionnelle, la confidentialité, la pertinence et l’impartialité.

En aval, encore des occasions de se poser des questions

Une fois les données collectées et traitées, d’autres occasions permettent au statisticien de se questionner sur la pertinence des résultats et la documentation associée. On citera en particulier sur certaines enquêtes la mise en place d’un comité d’exploitation associant au-delà de la statistique publique des chercheurs spécialistes du domaine. Ce comité permet à la fois un regard extérieur sur les données et des échanges sur les premiers résultats, ou encore sur le contenu et la documentation associée aux fichiers diffusés (fichiers de production et de recherche FPR, cf. infra). Ce comité s’appuie généralement sur des personnalités déjà présentes dans le comité de concertation mis en place lors de la conception ou de la refonte de l’enquête.

De nouveaux défis se posent lors de la diffusion des résultats : la prise en compte du secret statistique pour la diffusion Enjeu : trouver un équilibre entre open data et protection des données

Pour ce faire, le responsable d’enquête peut s’appuyer sur les experts de la division Méthodes et référentiels géographiques pour assurer le secret statistique sur les tableaux produits, particulièrement prégnant pour les enquêtes auprès des entreprises. Il peut également s’appuyer, en particulier pour la diffusion de données localisées, sur les compétences des experts de la direction de la diffusion.

La loi de 1951 sur l’obligation, la coordination et le secret en matière de statistique a instauré la mise en place d’un Comité du secret statistique pour veiller au respect des règles du secret statistique et émettre un avis sur les demandes de communication de données couvertes par le secret statistique à des fins de statistique publique ou de recherche scientifique ou historique. Les données concernées peuvent avoir été collectées par voie d’enquête statistique ou transmises au service statistique public à des fins d’établissement de statistique par des administrations ou opérateurs privés. Le demandeur dépose un dossier expliquant la finalité de son étude, justifiant la liste des données nécessaires, et après avis favorable, l’accès se fait généralement au CASD (centre d’accès sécurisé) qui permet au demandeur de travailler sur les données et d’en extraire des résultats respectant le secret statistique.

Une procédure simplifiée a été mise en place pour les chercheurs avec les fichiers de production et de recherche (fichiers moins riches que ceux disponibles au CASD pour limiter les risques de ré-identification).

L’importance d’une culture partagée des personnels Insee

Les agents des corps de l’Insee suivent un cursus de formation initiale de haut niveau spécialisé en statistique et en économie dans l’une des deux écoles du Groupe des écoles nationales d’économie et statistique (Genes) ou au Centre de formation de l’Insee à Libourne (Cefil). Un programme de formation continue assure le développement des compétences des agents tout au long de leur carrière. La formation n’est pas le seul levier pour l’appropriation des valeurs éthiques de la statistique publique. La politique de mobilité permet aux agents des corps de l’Insee de régulièrement élargir leur champ de compétence, en pouvant soit aborder différents métiers au sein d’un même domaine, soit évoluer entre différents domaines d’activité. Ainsi, ils peuvent démarrer leur carrière sur un poste d’expertise méthodologique avant de prendre la responsabilité d’une enquête, ou le contraire. Ils sont également encouragés à travailler dans les services statistiques des ministères et concourir à la diffusion des bonnes pratiques en matière d’éthique au sein de l’ensemble du service statistique public.

10

Conclusion

Le contexte dans lequel nous exerçons nos missions est en perpétuelle évolution. Il offre de nouvelles opportunités, en termes d’accès aux données ou de traitement de ces données, il nous place en situation de concurrence face à des producteurs de données désormais capables de produire leurs propres analyses ou valorisations, il nous confronte à de nouveaux besoins de données ou d’analyses pour comprendre les phénomènes démographiques, économiques ou sociaux.

Face à la concurrence, les exigences de pertinence et de qualité sont essentielles, ainsi que le strict respect de la protection des données et de la transparence sur les traitements ; elles doivent s’accompagner d’un « faire savoir » qui les valorise en même temps qu’il valorise la donnée elle-même. Nous devons apprendre à mieux communiquer sur nos valeurs.

Les nouvelles opportunités nous confèrent de nouvelles responsabilités : il faut en faire le meilleur usage, tout en respectant le cadre de nécessité et de proportionnalité et en assurant la transparence sur leur usage. C’est un gage de la confiance que les citoyens comme les utilisateurs de nos données nous accordent.

Être réactifs et adaptables sans renoncer à nos valeurs ni à la qualité de nos productions implique plusieurs exigences : technicité, expertise, qualité des outils de collecte, de traitement, de mise à disposition, existence de processus éprouvés, mais aussi une vision partagée des finalités de nos travaux, permettant d’en optimiser la mise en œuvre, de manière sécurisée, en fonction des circonstances tout en restant alignés sur nos valeurs. Il s’agit de savoir faire du « sur mesure », en utilisant de manière optimale les « machines-outils », sans que le processus se transforme en travail à la chaîne.

Tailor-made vs Taylor-made...

11

Textes réglementaires

Loi n°51-711 du 7 juin 1951 sur l’obligation, la coordination et le secret statistique

Décrets n°2009-250 du 3 mars 2009 modifié et n°2009-318 du 20 mars 2009 pour les missions de l’ASP, le Cnis et les comités du label de la statistique publique, du secret statistique et du contentieux des enquêtes statistiques obligatoires

Loi n°78-17 du 16 janvier 1978 relative à l’informatique, les fichiers et aux libertés

Règlement (UE) n° 223/2009 révisé du Parlement européen et du Conseil du 11 mars 2009 relatif à la statistique européenne

Présentation de la statistique publique en France sur insee.fr

Bibliographie

 Anxionnaz I. et Maurel F., Le Conseil national de l’information statistique : la qualité des statistiques publiques passe aussi par la concertation, in Courrier des statistiques n° 6 (juillet 2021)

 Roth N. et Christine M., Le Comité du label : un acteur de la gouvernance au service de la qualité des services publics, in Courrier des statistiques n° 5 (décembre 2020)

 Bureau D., L’Autorité de la statistique publique : dix ans d’activité, pour une statistique indépendante et de qualité, in Courrier des statistiques n° 5 (décembre 2020)

 Redor P., Confidentialité des données statistiques : un enjeu majeur pour le service statistique public, in Courrier des statistiques n° 9 (juin 2023)

 Tavernier J.-L., Un système statistique intégré à l’administration centrale, in Courrier des statistiques n° 1 (décembre 2018)

 Isnard M., Qu’entend-on par statistique(s) publique(s) ? , in Courrier des statistiques n° 1 (décembre 2018)

 Lefebvre O. Towards a "social mandate" for the French project of a statistical directory of individuals and dwellings by France - Unece (juin 2023)

12

Using EGSS data for measuring circular economy

9th Joint OECD/UNECE Seminar on the Implementation of the System of Environmental-Economic Accounting (SEEA)

Geneva 18-20 March 2024

Frédéric NAUROY, Ministry of Ecological Transition, Statistical Department (SDES)

19/03/2024CGDD/SDES/SDIE - Sous-Direction de l’information environnementale

Contents

- How to define circular economy and delimitate its scope? - Approach in France for producing employment estimates in the CE; results - Relationship between CE and EGSS - Sources used for compiling employment in the CE - Strengths and weaknesses of using EGSS as a basis

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 2

Different definitions for circular economy

Ministry of Ecological Transition

The circular economy consists in producing goods and services in a durable way by limiting the consumption and waste of resources and the generation of waste. The objective is to move from a throwaway society to a more circular economic model.

ADEME The circular economy can be defined as an economic system of exchange and production which, at all stages of the life cycle of products (goods and services), aims to increase the efficiency of the use of resources and to reduce the impact on the environment.

National Institute for Circular Economy (INEC)

The circular economy consists in producing goods and services in a durable way by limiting the consumption and waste of resources and the generation of waste.

Eurostat The circular economy goods and services sector is a sub-set of the whole economy. Economic goods and services of the circular economy sector are those that maintain the value of products and materials as long as possible and minimise waste and resource use, thereby, closing or narrowing the [raw] material cycle.

Basis of French perimeter on circular economy

Alternative: 9 purposes framework → refuse, rethink, reduce, reuse, repair, refurbish, remanufacture, repurpose, recycle, recover

Source: ADEME

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale

4

General approach and results

Reflexions and participation to working groups led to define a new EC perimeter in 2023

Following principles followed: o Only one perimeter considered, no connected pillar (or activities) o To consider the main purpose of activities rather than their impact o Main purpose of CE activities to be in phase with one of ADEME pillars (selection criterion) o As a consequence, public transports, renewable energy and energy saving are excluded

A specific CE database implemented, separately from the one used for EGSS • Observations from 2008 to 2021 • 4 pillars out of 7 are covered

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 5

Source : SDES

Total: 811 426

Source: SDES

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information

environnementale 6

Comparison with EGSS and classification of environmental purposes

- Classification of environmental purposes (CEP) developed in international taskforces (Eurostat, UNSD)

- Question: which parts of CEP can be directly used for compiling CE, using EGSS data?

- In French CE framework 3 CEP divisions contribute to CE: 3, 4 & 5 • CEP3: Wastewater and water resources: fully included • CEP4: Waste, materials recovery and savings: fully included except landfilling and streets cleaning • CEP5: Soil, surface and groundwater, biodiversity and forest: only remediation of soils (incl. organic farming) and water bodies

included

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 7

Environmental activities

Circular economy

- Air and climate (CEP1) - Biodiversity and landscapes (CEP5) - Forest resources management (CEP5) - Noise and radiation (CEP6) - Energy management (CEP2) - R&D (CEP7) - Cross-cutting and other environmental activities (CEP8)

- Wastewater and water resources (CEP3) - Waste, materials recovery and savings (CEP4) - Protection of soil, surface and groundwater (CEP5)

- Repair activities (for non- environmental products)

- Reuse of products (sales of second-hand goods)

- Rental activities - Downstream activities

(manufactured products using recycled materials)

Relationship between EGSS and CE

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 8

Sources used for compiling

1) EGSS data: 30% of employment Use in Recycling and Sustainable supplying pillars However EGSS data is a secondary source, elaborated with a lot of (primary) information. Primary sources for compiling EGSS: Insee, ADEME, Agence Bio, EPEA, Ministries…

2) Insee data: 70% of employment Use in Longer Duration of Use, Sustainable supplying and Responsible consumption pillars 2 kinds of use:

- As a source for output of different products, employment being estimated with ratios - As a direct source of employment (NA, Insee social databases) when industry fully included into CE Case of e.g. repair

activities

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 9

Strengths with using EGSS

 Availability of a comprehensive and coherent annual dataset covering well some purposes of CE (wastewater sewage, waste management and recovery)

 EGSS framework offers different variables: output, value added, employment, foreign trade in the format of national accounts

 Possible replication of EGSS estimation methods (e.g. for employment or value added) for CE activities not covered by EGSS

 Data sources used for EGSS can be extended to CE

 In conclusion: synergy and consistency expected when compiling CE in complementarity with EGSS

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information

environnementale 10

Weaknesses or limitations

 Strong dependence of CE to the perimeter adopted (harmonisation needed) - if strictly based on circularity and resources saving, EGSS value added is quite low - if perimeter enlarged to all environmental issues, EGSS VA is optimal

 EGSS not helpful for solving tricky issues as compiling CE data for: - Industrial and territorial ecology - Service economy

 Approach based on purposes or pillars (ADEME) difficult to comprehensively combine with monetary accounts classifications (CEP or CEPA/CReMA). Space left to interpretations

 In terms of organisation, distance between EGSS and CE to be reduced Often working groups are separated (different staff implied) as well as objectives and plans on indicators. Need of sharing information on a larger scale.

19.03.2024 CGDD/SDES/SDIE - Sous-Direction de l’information environnementale 11

Thank you for your attention