Title: ID NUMBER POLICY: REPORT ON FRANCE

ID number policy: Report on France

Fanny Coudert, Katholieke Universiteit Leuven, ICRI 

The national directory of natural persons’ identification (RNIPP, répertoire national d’identification des personnes physiques) was created in 1941 by the Ministry for Internal Affairs of Vichy Government with the purpose of organizing administrative files and establishing demographic statistics. It has been maintained after the war but its administration has been transferred to the INSEE, the National Institute for Statistics and Economic Studies (Institut National de la Statistique et des études économiques).

Every individual born in the French territory or who becomes a beneficiary of the French Social Security is attributed a registration number (NIR - numéro national d’inscription au répertoire des personnes physiques). It thus appears more as a population register than a French citizens’ directory. The sole purpose of the Directory is to prevent mistakes about the identity of individuals. Its use for the purpose of individual tracking is explicitly forbidden, except under the circumstances foreseen by the Law which mainly refers to judicial proceedings (Art. 60-1, 77-1-1 and 93-3 of the Penal Procedure Code).  The RNIPP is currently and mainly used, apart from Social Security agencies, by Fiscal Agencies, the National Bank, and by the INSEE for the administration of the companies’ directory (SIREN) and of the electoral file.

The NIR is a meaningful identifier and it is based on the gender and the year, month, province and city of birth of the individual (Art. 4). Therefore, although its structure makes it stable and reliable, the information it provides may lead to gradual use of data for purposes other than those for which they were collected (commonly known as ‘function creep’). Actually, it has been immediately deviated from its original purpose in order to identify ‘Jews’ and ‘non-Jews’ through the gender key which was more ‘complete’ in its origin. This painful memory remains attached to the use of the NIR.

After World War II, it has been largely used by the Public Administration as a reliable identifier and particularly by Social Security Agencies. However, in 1972, its computerization with the aim of obtaining a unique identifier for French citizens together with the launch of a large project for the centralisation of police databases (SAFARI), initiated a large public debate. The fear raised by the impact of this project on private life, individual freedom and public liberties led to the adoption of the Data protection Act in 1978. This Act restrains the use of the NIR and of data matching processing to a previous authorisation given either by the French Data Protection Authority, the CNIL (Commission Nationale de l’Informatique et des Libertés) (Art. 25.6°), by legal provisions, or by regulatory provisions taken after the (non-biding but public) opinion of the CNIL (Art. 27.1°) and under the control of the State Council (Conseil d’Etat) . The infringement of these provisions is punishable with a maximum of five years of imprisonment and a fine of 300,000 euros (Art. 226-16-1 of the Penal Code).

The opinion of the CNIL as regards the use of the NIR as identifier will be further discussed as it is expressly endorsed by the French government in its e-administration policy. Since 1984, the CNIL has claimed that the RNIPP was a civil register, created for preventing mistakes in the identity of individuals based on homonymy. A “universalistic” concept of the NIR which would convert it into a national identifier, should be avoided. This means that the NIR cannot be used as unique identifier and should be completed with other information such as the address, when it is used. Moreover, the use of this number by Public Agencies for the linkage of databases is limited to a strict application of the finality principle: if two public agencies are legally authorised to use the NIR and to transfer personal data to each other, thus they can use it as a key for their transfers of personal data. In any other case, the CNIL considers that the sole need of linking two databases is not sufficient reason for justifying the use of this number. This interpretation has played a key role in preventing the use of the NIR by Public Agencies as a common identifier for the linkage of different public databases, compelling them to create their own identifier and maintaining its use, expanding it each time, within the health sector.

This doctrine has only been breached once by the legislator in 1998 when the Finance Act for 1999 authorised some Fiscal Agencies to use the NIR for fraud control. The provision allows these Agencies to use the NIR with the only purpose to avoid mistakes about identity and to verify the address of individuals in the framework of some of their competencies. This provision has been put to the Constitutional Council, which has validated it. The fact that Agencies’ employees are bound to professional secrecy and that the CNIL has supervisory power over the processing, as well as the existence of a data protection legislation, were considered as sufficient safeguards. The Council also observed that the finality principle was clearly defined and that the use of the NIR would not lead to data processing non-related with the competencies of Social Security and Fiscal Agencies.

The Finance Act, as well as the possible use of the NIR as identifier for the Medical Personal File and the implementation of electronic identity cards using biometrics, has relaunched the public debate, raising new fears related to the use of a unique national identifier. However, the French government in the Electronic Administration Strategic Plan 2004-2007 expressly opted for adopting sector based identifiers in electronic identity management systems, in accordance with the position of the CNIL. In that sense, a connection should be established between the certificate number of the card and the sector based identifier used by the public authority. Introduction of the concept of a federate identity is also foreseen. This allows the user to get a unique identifier for accessing public services and prevents any link to be made between public databases. Following this statement, the CNIL suggested in its opinion on the Medical Personal File, that in order to benefit from the large use of the NIR in the health sector and of its stability and reliability, a specific identifier could be generated from the NIR according to certified procedures of anonymisation.

References

BRAIBANT 1998 

G. Braibant. Données personnelles et société de l’information, Rapport au Premier Ministre sur la transposition en droit français de la Directive no 95/46, La documentation française, 3 March 1998

CNIL 1998 

CNIL, 19è Rapport, La documentation française, 1998 

CNIL 1999 

CNIL, 20ème Rapport, La documentation française, 1999 

CNIL 2007 

CNIL, Conclusions on the use of the NIR as health identifier [Conclusions sur l’utilisation du NIR comme identifiant de santé], 20 February 2007, available at: http://www.cnil.fr/index.php?id=2197&news[uid]=434&cHash=dd6d3df873

GMSIH 2002 

Groupement pour la modernisation du système hospitalier (GMSIH), Project Si 1.1 "Principes et Processus d’identification du patient" Synthèse de l’analyse réglementaire, 6 March 2002 

LECERF 2005 

J.-R. Lecerf. Intelligent Identity and Liberties [Identité intelligente et libertés], Information Report to the Senate n°435, 29 June 2005, available at : http://www.senat.fr/rap/r04-439/r04-439.html

PSAE 2004-2007 

Ministry of Civil Service, State Reform and Land settlement, Electronic Administration Strategic Plan (PSAE) 2004-2007, p.15 

TRUCHE, FAUGERE, FLICHY 2002 

TRUCHE P., FAUGERE J.-P., FLICHY P., Administration électronique et protection des données personnelles : Livre blanc, La documentation française, 2002.

UJA 2000 

Colloque de l’Union des jeunes avocats (UJA), L’anonymat dans la société de l’inform@tion : fichage et démocratie, où en sont nos libertés ? , Paris, 26 April 2000, http://www.delis.sgdg.org/menu/nir/uja2000.htm