Key Benefits:
National Computer and Liberties Commission,
Seizure for opinion by the Ministry of National Education (MEN) of a draft decree creating an automated processing of Personal data relating to the management of school examinations and competitions;
In view of the Council of Europe Convention No 108 of 28 January 1981 for the protection of persons with regard to automatic processing Personal data;
In view of Directive No 95146 /EC of the European Parliament and of the Council of 24 October 1995 on the protection of natural persons with regard to the processing of personal data and free Circulation of these data;
Given the code of education, including articles L. 331-1, L. 331-2, D. 334-15 to D. 334-22;
Seen under Act No. 78-17 of January 6, 1978 Relating to computers, files and freedoms relating to the Protection of natural persons with regard to the processing of personal data, in particular Articles 27-11-4 and 27-III;
Given the Law n ° 78-753 of 17 July 1978 carrying various measures to improve relations between the administration and the public and various administrative, social and fiscal provisions, and in particular Article 16 thereof;
Seen Order n ° 2005-1516 of 8 December 2005 on electronic exchanges between users and administrative authorities and between administrative authorities, in particular Article 9-1;
Seen decree n ° 2005-1309 of 20 October 2005 modified for the application of Law n ° 78-753 of 6 January 1978 relating to computers, files and freedoms;
Seen decree n ° 2010-112 of February 2, 2010 The application of Articles 9, 10 and 12 of Order No. 2005-1516 of 8 December 2005 relating to trade Electronic communication between users and the administrative authorities and between administrative authorities, in particular Articles 3 and 5 thereof;
In view of the decree of 12 July 1995 establishing an automated processing of personal information relating to Management of school examinations and competitions modified by the order Of 16 January 1997;
In view of the deliberations n ° 93-073 of 7 September 1993, No. 95-044 of 4 April 1995 and No. 96-079 of 1 October 1996 concerning the draft decree submitted by the Ministry of National Education creating a model model of Automated processing for the management of examinations and examinations called SAGACES;
Seen the request for an opinion from the Director General of the General Directorate for School Education on a draft order for the creation of a treatment Automated personal data relating to the management of examinations and competitions School;
After hearing Mr. Eric PERES, Commissioner, in his report, and Elisabeth ROLIN, Commissioner of the Government, in her observations,
Emet the following opinion:
The Commission takes note of the fact that the information system OCEAN is composed of eleven treatments, grouped into four main modules.
The module " Regulatory " Contains no personal data. It provides the rules for the passage of the test (wording of the examination, specialties and options, compulsory or optional status of the test, written or oral type, duration, coefficient, age and title conditions for registration, rules For exemption, rules for calculating results).
The module " Registration " Consists of:
-on the one hand, the REGISTERINET teleservice that allows candidates to manage their online registration and manage registered applications;
-on the other hand, the basic management module that creates, Edit, delete applications under OCEAN and edit documents (confirmation of registration, lists, statistics, candidate tags, other).
The module " Organization-Allocation-Conduct " Allows the material organisation of the tests, via:
-on the one hand, the basic management treatment of the number of candidates enrolled in the tests, the distribution in the examination centres and the editing of the documents necessary for the organisation of the tests. Tests (summonses of candidates, labels to stick on tables); of the ORGANET teleganing tool, which allows the institutions to perform the distribution in the examination rooms and to edit the necessary documents.
The module " Notation " Has six processing of personal data:
-the basic management processing, which enables the preparation of the batch of copies to be corrected;
-the NOTANET remote management tool, which allows for the entry of the control notes for third-class students in the national patent Continuity and skills acquired and recorded in the personal competency booklet;
-the EPSENET telesecomanagement tool, which allows for the attachment of continuous control notes to physical and sports education for terminally ill students;
-the LOTANET telco-management tool for entering test notes Assigned by the evaluators to the candidates;
-the DELIBNET telecommuni-management tool for editing the final note statements;
-the PUBLINET teleservice that allows each candidate to access their detailed examination results online.
In accordance with article 27-11 (4 °) of the law of 6 January 1978 amended, the National Commission for Informatics and Liberties (CNIL) was seized by the Ministry of National Education (MEN) for a request for an opinion on the draft decree Creating an automated data processing for the management of Examinations and school competitions.
In accordance with the provisions of Article 27-III of the Act of 6 January 1978, as amended, the order under review constitutes a single regulatory act, in reference to which compliance commitments will be addressed to the Commission by rectorships and academy inspections prior to the implementation of automated data processing for school examinations and competitions.
For purposes:
The purpose of OCEAN is to allow Management of " Operations specific to the organisation of school examinations and competitions " (art. 1, paragraph 1, of the draft decree), excluding the organisation of administrative competitions which may have been carried out by the public service agents of national education.
The teleservice ENTINET allows for immediate registration and Distance from candidates for school examinations and competitions.
The PUBLINET telesservice provides access to all positive results obtained in examinations or competitions (admission, mention, exclusion of any reference to rejected applicants) and, On the other hand, access, for each candidate, to a personal account presenting the
Committee recommends that Article 1 (2) of the draft decree be amended in order to clearly separate the three purposes of the teleserelated services. REGISTER and PUBLINET.
On processed data:
The Commission takes note of the categories of data processed in article 2 of the draft decree.
First, it considers the collection of the two categories of data Collected " For the development of statistics ", namely," Nationality " Candidates and the " Socio-professional category " Of their legal officials, must not, under any circumstances, condition the individual registration to a school examination or competition. It therefore recommends that the optional character of these fields be clearly indicated.
It also asks the MEN to clearly indicate the academic nature of the identifier " INE " By mentioning it in the format " INE-BEA ". This amendment will also have to be included in Article 3 (2) (3) of the draft decree.
In the second place, in order to improve the effective and specific management of the candidate during the passage of a school examination or competition, The committee points out that check boxes could specify the equipment or support to be made available to candidates with disabilities (wheelchair, room accompaniment, other type of assistance).
On addressees :
With regard to the first paragraph of Article 3 of the draft decree, the Committee recommends that the reference to agents of the Ministry of National Education (MEN) and the Ministry of Higher Education and Research (MESR) " Entitled to receive such data " In writing " Entitled, for the performance of their respective missions, to receive such data ".
The Commission also recommends the inclusion of this reference in the second paragraph of Article 3
The abolition of the procedure of affiliation of pupils or students to the social security scheme via OCEAN, ' The authorised agents of the primary health insurance funds for the application of the provisions of Article 64 of the Law No. 95-116 of 4 February 1995 " Referred to in Article 3 (2) of the draft order submitted to the Committee will no longer be identified as addressees in the draft final
. The press and private bodies, for the publication of the results of the candidates', Article 3 (2) of the draft decree shall submit the transmission of the information relating to the results obtained in the express and prior art of the consent of the Applicants concerned (check box on the registration form).
This provision, however, does not specify the tasks of the private bodies concerned, nor the purpose of the transmission of the data, nor the existence, or not, of a licence of Reusing the information in the scan result lists. It also does not indicate whether the transmission concerned is systematic or carried out when the private bodies in question expressly request it.
In order to supervise the implementation of this transmission, the Commission requests the Ministry of Specify the statement in the draft order as follows: " The press and private bodies which have signed a licence to re-use the information contained in the lists of examination results ", as provided for by the Href=" /viewTexteArticle.do?cidTexte=JORFTEXT000000339241&idArticle=LEGIARTI000006528250&dateTexte=19780718 &categorieLink = cid"> article 16 of Law n ° 78-753 of 17 July 1978 carrying various measures to improve relations between Administration and the public and various administrative, social and tax provisions.
In addition, the Commission considers that the data " Code in the national register of establishments of the establishment in which, where appropriate, education is continued " Is not strictly necessary for the mission of publishing (or making available online) the results of school examinations and competitions.
It therefore considers that, in the context of the publication of the results, this data need not be Transmitted to the relevant press and private organizations.
About " The authorised agents of the territorial authorities participating in the public service of education ', the Committee takes note that the purpose of the transmission of the identification data of the candidates will be to enable the communities to reward The winners of the examinations in various ways (invitation to receptions, cheques, etc.), that this transmission will be subject to the express and prior collection of the consent of the candidates concerned (check box on the form Of registration) and will only affect the communities that will
As regards this type of transmission, the committee proposes that the draft decree be completed as follows: The data transmitted to the local authorities shall be deleted after the award of the awards to the laureates of the various examinations
.
In accordance with Articles 3 and 5 of Decree n ° 2010-112 of 2 February 2010 taken for the application of Articles 9, 10 and 12 of Order No. 2005-1516 of December 8, 2005 relating to electronic exchanges between users And administrative authorities and between authorities The technical architecture of OCEAN processing has been modified to meet the requirements of the General Security Repository (RGS).
The Commission takes note that a registration to this repository is currently in progress and will be Effective before May 2013.
However, the department indicated that the risk analysis would focus exclusively on the application CYCLADES, which will eventually replace the OCEAN application.
Since technical measures are likely To diverge between CYCLADES and OCEAN, the Commission recommends that The OCEAN application is the subject of a comprehensive security analysis. It considers that, in order to comply with the requirements of Decree No. 2010-112 of 2 February 2010, the in-depth modification of the technical architecture of OCEAN, which Broadly justifies this reference to the CNIL, must give rise to such an analysis.
As such, it takes note that, in accordance with the recommendations of the ANSSI, the safety analysis (risk analysis, safety objectives, functions of the Security and level of these functions) will cover data security to Personal character. The Panel recommends that this analysis not only consider the impacts on the organization but also the impacts on the individuals involved.
In addition, the national registration will be accompanied by a formal commitment to security at the level
On this point, the Committee observes that Article 7 of the draft decree submitted to the committee deals exclusively with the traceability of access (user ID, date And time of intervention), without specifying the type of access concerned (consultation, creation, updating or deletion).
This is why the Commission stresses the need to define, in a new article of the draft decree, the conditions for guaranteeing data security and the requirements Minimum that will be required to respect the rectorats and the academy inspections likely to make a commitment to comply with this order.
It proposes that the draft order be completed, after Article 8, by an article Additional indication that the rectorats undertake to put in place the security measures Recommended by the EN in the risk analysis. This could be read as follows: Rectorates and academic inspections addressing compliance with this Order shall also undertake to implement 1 'set of risk reduction measures provided for and recommended by the safety analysis carried out by the Department of National Education ".
The Commission draws the attention of the Department to the need to raise awareness of the relevant Academy reviews and inspections of the obligations arising from this risk analysis and the measures it has taken Should be adopted to comply with it.
On shelf life:
The retention period for data set out in item 6 of the draft order does not call for comment.
On the Rights of Persons:
Pursuant to Section 32 of the amended Act of January 6, 1978, candidates for school examinations and competitions (or their legal officials) will be informed of the registration of personal data concerning them in OCEAN in the
accordance with Articles 39 and 40 of the Act of 6 January 1978, in accordance with Articles 39 and 40 of the Act of 6 January 1978 Amended, the exercise of the right of access and rectification shall be carried out with the School examinations and examinations of rectorats or academic inspections. The committee proposes that Article 4 of the draft decree states: And Article 40 " In place of the reference " And following ".
The Commission notes that" In accordance with the third paragraph of Article 38, paragraph 3, of the Act of 6 January 1978 amended, the right of opposition shall not apply to this treatment. However, candidates have the right to object, on legitimate grounds, to the fact that the data concerning them are published via the electronic service of PUBLINET, in accordance with the first paragraph of Article 38 " (art. 5 of the draft order).
All of these elements do not refer to any comments by the Commission.
Other Recommendations of the CNIL:
As regards the prior consent of the candidates to any data transmission concerning them, the Committee recommends that the prior and express consent of the candidates be collected by two separate check boxes (not precoded) On the one hand, the local and regional authorities who request it, and on the other hand, the private bodies which have signed a licence to re-use the information contained in the lists of examination
. Applicants who do not wish to use the ENTRY services, and PUBLINET, or would not be in a position to do so, the MEN should clearly inform them of the means at its disposal (postal procedure, computer equipment at its disposal in institutions) to register for a review or a competition The
asks the MEN to address, within two years, a review of the implementation of the OCEAN treatment, concerning:
-the RGS certification process currently underway;
-implementation of the MEN security recommendations (risk analysis, safety objectives, security functions, and levels of these functions) to comply with the SMR, By rectorships or academic inspections;
-commitments to comply with the single regulatory act performed by rectorats and academic inspections;
-the procedure for the express and prior consent of the Candidates for examinations and examinations for the transmission of data With respect to private organizations that have signed a license agreement with the MEN and the local and territorial communities by making the request;
-the REGISTERED and PUBLINET teleservices (summary statistical table).
The President,
I. Falque-Pierrotin
