Legal aspects of data flows between public agencies in France

Legal aspects of data flows between public agencies in France

Legal Aspects of Data Flows between Public Agencies in France Herbert Maisl 1. Introduction Professor at the Faculty of L a w and Economics o f the ...

574KB Sizes 9 Downloads 59 Views

Legal Aspects of Data Flows between Public Agencies in France Herbert Maisl

1. Introduction

Professor at the Faculty of L a w and Economics o f the University o f Orleans, 45018 Orleans, France

With regard to the storage o f information the public sector has some peculiar features which are due to the volume and variety o f the information it handles: public agencies centralise a large volume of data on people, as well as all kinds o f economic, social and cultural data. Although this is not a recent phenomenon, it has acquired a new dimension under the impact of two developments: the growing role o f the State and the advent o f computers. The latter have profoundly affected the ways in which information is handled and facilitated data flows which were formerly not feasible. In 1978, France endeavoured to regulate these data flows by two acts o f legislation: first, the Act o f 6 January 1978 on data processing, data files and individual liberties [1 ] which sets out rules on automatic processing of name-linked data, and then the Act o f 17 July 1978 lifting the secrecy o f non-personal administrative data [2]. The debate in France on data processing and individual liberties has flared up when the public got wind o f a project curiously labelled S A F A R I which aimed at introducing a single personal identifier for all public data files. Faced with the threat o f a generalised exchange o f all kinds o f information between public agencies, people said this was tantamount to "hunting the French" ("la chasse aux Fran¢ais") [3]. An opinion poll showed that the m y t h o f a "big central computer" was genuinely believed [4]. While the linkage of public data files containing personal information was feared because "it spells the end o f privacy", loud criticism was voiced on the other hand with regard to the secrecy o f non-personal data held b y public authorities, particularly central government. Their m o n o p o l y o f information was alleged to give them an undue power advantage. The two laws enacted in 1978 facilitate access to non-personal data and introduce controls over the use o f personal data. Apart from legal aspects, practical difficulties have also arisen in connection with various plans for integration o f public data fdes. In 1970 for example, the French Parliament rejected a bill pro-

The French public administration keeps a massive amount of information on file, for an ever increasing number of tasks. Moreover, data processing increases the possibility of exchanges of information held by different authorities, although in practice such exchanges are still infrequent, owing to a certain distance they prefer to maintain to each other. The trend confirmed by recent legislation is towards a restriction of personal data flows within the administration and towards third parties. This principle is implemented by the institutional control established over record-keeping, each record serving a specific purpose and being kept separate from the users of other records in the public sector. On the other hand, non-personal data is to circulare more freely within the public sector. The tradition of secrecy in which the public administration was veiled is replaced by a new policy of free access and sharing of information. Keywords: Data flows, public data files, official secrets, census, personal data, non-pers0nal data, local records, citizen access. Herbert Maisl was born in 1942. He is "Professeur agr6g6 de droit public et de Science politique" in the Law Faculty of Orleans, France,k of which he has been the Dean. He also teaches at the "Institut d'Etudes politiques", Paris. He specializes in administrative law and computer law, inter alia as consultant expert to the French Commission "Informatique et Libert~s" and to the Council of Europe, Strasbourg. His publications include "Le secret des fichiers" (co-author) and contributions to "Le Monde", "Encyclopedia Universalis" and "La semaine juridique". Conducts at present a research project on the application of the French data protection act to local authorities.

© North-Holland Publishing Company Computer Networks 3 (1979) 199-204 199

200

H. Maisl / Data flows between public agencies in France

viding for the establishment of a national health record. In another area, the Ministry of Industry is keeping since 1976 a data bank on industrial firms. Information is fed into this data bank by various ministries. It was found that some government departments restrict their contributions to the record and prefer to keep to themselves information which they consider to be essential for the exercise of their own powers [5]. Similarly, when it was attempted to bring together administrative data held by several government departments relating to soil, public buildings and installations [6], the setting up of a neutral computer network to be used by public authorities met with stubborn obstacles. Different information systems had been designed independently from each other. "In the absence of an overall design which could only be created and justified by virtue of a political power, the various administrative projects have been developed without hardly any regard for problems of overlap or for a rational system of data exchange" [7]. Data exchanges within the public sector therefore seem to be still relatively rare and this usually for reasons which have nothing to do with the legal system. In this article we will now concentrate on the legal basis for, and limits to, such data flows. In this connection, a double distinction should be made. First, we should consider the legal status of the public agencies which exchange information: do they belong to the same legal entity or to different entities, for example the central government and a local authority? Secondly, the nature of the information which is circulating should be taken into account: the position will be quite different depending on whether the information is personal or non-personal. In our opinion, this distinction is a fundamental one because we are in search of a new equilibrium between the right to information and the right to confidentiality: while the right to non-personal information should be increased, the right to confidentiality of personal data should be strengthed. These guiding principles should apply not only to data flows between the public and private sector, but also between administrative agencies inter se. 2. Restrictions on the Exchange of Personal Data

In the interest of the citizens, French law embodies the principle that exchange of personal (namelinked) data should be restricted. However, administrative practice tends to apply this principle with a

certain flexibility and to orient itself towards a new, functional concept of information.

2.1. The Principle o f Restrictions on the Exchange o f Information Restrictions on the exchange of personal data may derive from criminal law, civil law and administrative law. Article 378 of the Criminal Code (Code Pdna/) sets out not only a definition of the professional secret but also it extends the obligation to observe secrecy to "persons who by reason of temporary or permanent functions become the depositaries of secrets entrusted to them". The Code makes violation of such secrets punishable with emprisonment or a fine. Public servants to whom citizens entrust some of their personal secrets fall under the terms of this law. For example, exchanges of personal secrets between social security offices and the police do not appear to be permissible under the law. The Criminal Code also protects the privilege of defense lawyers. In the area of civil law, Article 9 of the Civil Code provides that "everyone is entitled to the respect of his privacy", a rule which, although a bit vague, clearly sets limits to the recording of information and a fortiori to their exchange. Moreover, the General Public Servants Statute places public servants under the obligation to be prudent with regard to facts and information which have come to their knowledge in, or on the occasion of, the exercise of their duties. Only a minister may waive this obligation. Therefore, exchanges of information can only be decided by the highest administrative authority, i.e., at the government level by a minister and at the local authority level by a mayor. Their decision may not be arbitrary, but should be in conformity with the law and in particular with professional secrecy. In this context, the Act on data processing, data files and individual liberties tightens the rules even further.

2.2. Flexible Application o f the Pn'nciple Professional secrecy has lost its absolute character. For example, many laws have lifted secrecy obligations concerning medical information vis4-vis certain public authorities: there is a duty to report some diseases. Similarly, in matters of civil status, births and deaths must be reported to the competent civil authorities. There will be a systematic exchange of information between public hospitals and certain public authorities.

H. Maisl /Data flows between public agencies in France Generally speaking, the Act of 6 January 1978 has called a halt to a certain degree of legal chaos which existed for a long time with regard to the establishment of public data files and the exchange of information between them. First, no public data file may be set up unless by a statutory instrument which must be submitted for advice to the controlling authority. This instrument should specify, interalia, the nature of the data collected, their users, as well as the comparisons or interconnections envisaged. Therefore, exchanges of information can no longer take place informally; they must be formally authorised. Not only must the National Data Processing and Liberties Commission be seized to give an opinion on them, but their illegality may also be challenged before administrative tribunals. Moreover, the law restricts the storage and dissemination of information relating to matters such as criminal offences, convictions or security measures. Lastly, it makes the decision to use an identifier, whose general use had been envisaged at the time of the SAFARI case (cf. supra), conditional on a solemn procedure, i.e. a Decree adopted in the Conseil d'Etat. Exchange of information between public agencies is therefore subject to control. We pointed out above that the small number of linkages so far has been due to rivalry between agencies rather than to legal considerations. Henceforth the law lays down precise rules on this topic. Furthermore, the law makes a reservation with regard to certain automatic data processing applications which should be specifically authorised by law. Such will be the case with regard to exchange of data which require a derogation from the legal rules on professional secrets. It may also concern the establishment within government agencies of data banks which could be widely accessible and thereby constitute a risk to individual liberties. The integration of public data files within data banks poses different problems depending on whether one or several public entities are involved. 2.2.1. Integration o f Files within the Same Public Entity All public entities-the central State, local authorities, public corporations-have to correlate the information in their possession. With regard to central government agencies, the problem arose in 1970 in the French parliament when the Government expressed the desire to set up a data file on drivers. To that end it proposed that "documentation and information relating to motor vehicle

201

driving licences.., delivered by civil authorities shall be centralised and there shall be kept a data file on drivers against whom judicial or administrative decisions have been rendered for offences committed while driving a v e h i c l e . . . " A public agency would administer this central file. The Parliament preferred, however, to separate the management of purely administrative data under the authority of the Minister of the Interior from the management of judicial data under the control of the Minister of Justice [8]. The legislature ruled that there should be imperviousness between different government agencies. With regard to the data file on industrial firms we mentioned already the reluctance of various agencies to furnish their own data to the Minister for Industry. In March 1974, when the SAFARI case caused an uproar, the Prime Minister ordered, in a circular letter, that for the time being no linkages between automated systems belonging to different Ministries would be permitted and that no system already existing should be used for purposes other than the proper purposes of each agency. The major handicap of this text, spurred by the occasion, was that it was based on the division of tasks between Ministries as it happened to be at that particular time. Today, such exchanges may be decided by a public regulation subject to judicial control, or, as the case may be, by a law, provided however that they do not prejudice professional secrets or infringe on privacy (cf. the laws mentioned above). Local authorities who keep many different kinds of data files have been induced to regroup these and to set up population data bases. In some automated town administrations it is already possible for every official who has a certain rank or post to ask for any kind of statistical operation to be performed on data files. On the other hand, processing operations relating to individuals are subject to the agreement of the mayor himself [9]. Therefore each head of a department in the local administration would not have acess to all data stored in the file but only to those which are necessary for his department. Technically such restrictions are easy to introduce. Professional secrecy as well as the obligation for officials to be discreet applies between public agencies [10]. The professional secret can be invoked between personnel of one and the same agency. Similarly, "an official is bound to be discreet vis-a-vis any of his colleagues who do not need to know the document, information, or ease at issue in connection with their task in the department" [11 ].

202

H. Maisl/ Data flows between public agencies in France

2.2.2. Integration o f Files between Different Public Bodies These limitations apply afortiori between the data files kept by different public entities. Should the central government be enabled to link up with local population files? Replies to this question are cautious. Some people think that there is, in spite of the distinction between legal entities, an obligation between public bodies to inform each other. Nevertheless, during the last census taken in 1975 by the local authorities on behalf of the central government, deep-seated reticence was expressed with regard to possible data exchanges. The Ministries of the Interior and for the Economy, after consultation with the Conseil d'Etat, were of the opinion that present legislation "prohibit municipalities to take copies of questionnaires collected in connection with the c e n s u s . . . Local authorities should therefore refrain from establishing or updating personal data files, particularly in automated data carries, on the basis of data collected in the process of the census" [12]. In the field of social security experiments have been carried out concerning the transmission of personal data between health insurance offices, family allowance offices and agencies collecting the premiums. The experience of this inter-departmental system at Grenoble can hardly be called positive, "due, it seems, to the reluctance of the different offices to use the possibilities offered by a common data base" [13]. 2.3. Towards a Functional Concept o l i n formation At first sight one would be inclined to consider information exchanges from the point of view of organisation. However, since exchanges are more frequent within the same legal entity than between different entities, it is more useful to look at those exchanges from a functional point of view. Simitis underlined recently that the public service is not a monolithic entity within which information may circulate freely. He has added that "data processing makes it necessary to reconsider this concept, to acknowledge that all information should be seen in the light of its function and is therefore accessible only to that part of the public administration which has a direct need to know it in order to perform its public task" [14]. The Conseil d'Etat has also referred to this idea in connection with a police file. According to this high tribunal " . . . while it is the task of the police author-

ity to gather and, where necessary, store in the form of a data file, any relevant information on individuals whose mental condition may constitute a threat to public order, it should at the same time see to it that access to the information gathered should be strictly limited to those officials who are under its orders and whose job it is to carry out the public task thus defined" [15]. Therefore, according to this decision, the data in a name-linked file should, save when a special instrument provides otherwise, not only be restricted to the officials belonging to one public agency, but even more specifically to those whose job corresponds with the purpose of the data file. The importance of this decision is that it emphasises the existence within a legal entity of watertight internal sub-divisions and that the purpose of the file should be taken into account. While today exchanges of personal data do not occur very frequently they tend to increase. What matters is to bring them under the discipline of a set of basic rules, which should be spelled out in the instruments establishing data files. The lawfulness of these rules should be assessed in the light of the law on secrecy and on protection of privacy. It seems to us that this part of the law should be developed more fully. Unavoidably, the professional secret will be determined more by the subject matter than by the person; it will become "objectivized". Personal data flows will be determined within two main parameters: the notion of "authorised person" where the handling of data is concerned and of "lawful purpose" where the exchange of data is concerned.

3. Extending the Exchange of Non-personal Data While our study is cautious with regard to integration of personal data files, the legal barriers to the setting up of widely accessible data banks containing non-personal information have been lowered. In this field too, the function served by information is decisive.

3.1. Legal Trends For a long time, Fench law was dominated by a tradition of administrative secrecy. This practice has been strongly criticised because its legal justification was lacking in precision, its explanation was weak, and its effects were questionable [16]. The civil servant's obligation to be discreet has

H. Maisl / Data flows between public agencies in France

been explained to apply not only in relation to third parties but also between public officials [17]. As a rule, only those officials who by virtue of their powers within a public agency were competent to deal with a matter were entitled to know the internal information relating to that matter. Only a Minister, who was the top of th,~ hierarchy in this department could decide, at his discretion, on the horizontal flow of information. It has become necessary on the one hand to relax administrative secrecy in relation to citizens, "to make the unity of the State prevail over the notion of hierarchical power" and on the other hand "to articulate the principle of free exchange of information between ministerial departments, subject to some clearly defined exceptions" [18]. The Act of 17 July 1978 reaffirms "the right of citizens to information insofar as freedom of access to non-personal administrative documents is concerned". It is true that the Act has only the citizens in mind. But will the lifting of the administrative secret in relation to citizens not lead to the tearing down of partitions between public agencies as well? 3.2. Towards the Integration o f Public Data Files

The Act does not mandate the creation of data banks common to several public agencies~ but it does promote the idea. Public agencies may demand a treatment not less favourable than that accorded to the citizens. This claim is likely to be launched between rival ministries, or by local against central authorities, by the Parliament, etc. Exchanges of information may counteract shift of power and reduce the monopoly of knowledge which certain administrative agencies have been able to carve out for themselves. The case of the Parliament deserves special mention. The French Parliament's position with regard to information is still far removed from the situation of the American Congress. But recently, supported by the Council of Europe's Assembly Resolution Nr. 576 of 26 September 1974 on the use of computers for parliamentary work, it has been enabled to link itself to several data files of the French public administration and to set up a link with the CELEX system for European Community Law. An agreement between the Government and the Parliament spells out the principles applicable [ 19]. Henceforth, the obligation to observe professional confidentiality is subject to an important proviso deriving from freedom of access to administrative

203

documents. However, hierarchical power is there to stay. It is always up to the hierarchical superior to arrange for access.to administrative documents. But an essential difference with the previous situation is that the power exercised by the hierarchical superior is no longer discretionary. The way is now open for the adoption of a policy on public data banks in the economic, social and cultural field. The action taken by public authorities has so far been rather scattered, and the resources it has at its disposal are limited [20]. We should like to mention here the pilot project, under way since 1973, concerning the harmonisation of data files containing localised information. For example, national and local authorities have worked together on physical or geographic localisation in administrative files in order that in the long run geographical reference files should be designed "on the basis of collaboration between local authorities and the State and technically with the aid of a directly accessible information system". Similar findings have been put forward with regard to information systems relating to buildings, premises and public installations. Since 1975, the City of Avignon has been experimenting, in collaboration with central government services, with a combined use, for purposes of local administration, of geographical reference files and documentation relating to immovable property of the State. An experimental protocol on the follow-up to the operations has been worked out, making it possible to identify the responsibilities of each party. The interdepartmental operation of administrative data files has led to the setting up of a Centre for studies and experiments on information systems. Its purpose is to promote by means of experiments, the design and implementation of information systems, taking into account the wish of the authorities commissioning these systems to see them developed in a co-ordinated fashion. The aim is to obtain eventually an integrated public network which will give access to various information systems and which will be widely accessible by automatic means. It is clear that "computerisation can provide an opportunity to overcome the present fragmentation by means of a functional integration of administrative decisions" [21 ]. 3.3. Towards a Functional Concept o l i n formation

The function served by information should be the basis for any analysis of non-personal data flows. Not

204

H. Maisl /Data flows between public agencies in France

only every citizen, but also every administrative agency has a "right to know". The exercise of this right for the common benefit is necessary for the proper functioning of democratic institutions. Is there not a new danger of an 61ire which controls files and data, an information aristocracy? Will there soon be talk about the privileges of the "Computer Nobility" [22]? Once the right to know has been widely recognised there remains to be defined an information charter to serve as a guide for information flows. Should we envisage the setting up of national data agencies, totally independent public bodies whose sole task would be to "foster information, documentation and analysis in order to furnish information which is indisputable and credible to all" [23]? It is not so much a matter of structures but rather of generalising the flow of public information. On the other hand, with regard to personal data, while data processing facilitates certain data flows between agencies which have identical functions, a total "decompartmentalisation" between different government agencies is out of the question: t h e special character of each agency makes it desirable to give it access only to those data which are relevant to its task. Data processing obliges us to search for a new equilibrium between the right to information and the right to confidentiality. It calls for more thinking on the flows of information in the public sector. In the end it is the model of public administration, and therefore of society itself which is at stake, depending on whether we are inclining towards an automation scenario in the public sector providing for the Almighty State or rather for decentralisation.

References [1[ Journal Officiel 1978, p. 227 and our commentary to Jurisclasseur p~riodique (semaine juridique) 1978 I 2891. [2] Journal Officiel 1978 p. 2851 and our analysis "Une nouvelle libert~ publique, la libert6 d'acc~s aux documents administratifs" in M61anges en l'honneur du Professeur Charlier, to be published (Paris, 1979). [3] Le Monde, 21 March 1974, Ph. Boucher: "Safari ou la chasse aux Franqais".

[4] Cf. the results of an opinion poll in our study "Le secret des fichiers", Paris, 6d. Cujas 1976, together with F. GaUouedec-Genuys: 51% of the persons interviewed in 1975 believed that there exists a central file in which the Government stores all information on individuals, without their agreement, and which is accessible to public and private bodies. This is, or may be, a very serious problem for 31%, rather serious for 35%, not very serious for 20%, and not serious at all for 14%. [5] S. Nora, and A. Minc, L'informatisation de la soci6t6, la Documentation franqaise, 1978, Annexes Tome III, Ph. Jaffre: L'informatique et l'administration franqaise, p. 94. [6] S. Nora and A. Minc, Op. cit., p. 81. [7] S. Nora and A. Minc, Op. cit., p. 15. [8] Law of 24 June 1970 on the centralisation of documentation on road traffic. [9] Cf. our work cited above, p. 66. [10] Institut international des Sciences administratives: Le secret administratif dans les pays d~velopp6s, Ed. Cujas, Paris 1978, The report by JC. Boulard, p. 179. [ 11 ] Cf. the conclusions of the government agent, Chardeau on the decision of the Conseil d'Etat, Demoiselle Faucheux, 6 mars 1953, Recueil Lebon, p. 123. [12] Circular letter of 22 September 1974 cited in our study "Le secret des fichiers", p. 65. [13] S. Nora and A. Minc, Op. cit., p. 28. [14] Cf. J. Frayssinet: "L'informatique et le secret des fichiers (compte rendu de la Journ~e d'~tude de l'Institut franqais des Sciences administratives)" in Revue administrative, 1977, p. 182. [ 15] Conseil d'Etat, 13 February 1976, Deberon in Jurisclasseur p6riodique (Semaine juridique) 1976 II 18383 with conclusions G. Guillaume and note F. GallouedecGenuys et H. Maisl. [16] Cf. Commission de coordination de la documentation administrative; la coordination documentaire, L'acc6s du public aux documents administratifs, la Documentation franqaise, Paris 1974, p. 32. [17] Cf. the decision Faucheux cited above. [18] Commission de coordination, Report cited above. [19] Commission de coordination de la documentation administrative, Pour une documentation plus ouverte; la Documentation franqaise, Paris 1977; Rapport by L. Mehl on access by members of Parliament to automated data banks. [20] S. Nora and A. Minc, Op. cir., Annexes, Tome I. R. Beca: Les banques de donn6es, p. 104. [21] Cf. R. Beca, Gestion du domaine foncier, bilan d'une experimentation, inforrnatisation et soci6t6 No. 2, la Documentation franqaise, 1978. [221 R.G. Schwarzenberg, "Le droit de savoir", Le Monde, 7 May 1975. [231 R.G. Schwarzenberg, Ibid.