Surveys measuring diversity within public and private organizations are not prohibited, but they require guarantees to protect data and the privacy of individuals. In order to support professionals, the CNIL is submitting a recommendation for public consultation until September 13, 2024.
What is the purpose of the recommendation submitted for public consultation?
In a context of increased awareness of the fight against discrimination, many companies and institutions wish to measure diversity within their workforce through systems that involve the collection of a lot of personal data, including sensitive data.
Measuring diversity is a delicate exercise because it involves intrusive questions about the private lives of employees/agents. In this context, employers must take particular care to respect the decision of the Constitutional Council of November 15, 2007, which very strictly regulates statistics linked to origins.
Twelve years after the publication of the methodological guide co-written with the Defender of Rights “Measuring to progress towards equal opportunities”, the CNIL publishes a specific draft recommendation to guide organizations wishing to implement diversity measurement surveys , in compliance with European regulations in force since 2018.
Indeed, the implementation of diversity measurement surveys must be accompanied by guarantees to ensure respect for the right to privacy of participants, in compliance with the GDPR. In particular, these surveys must remain optional and participants must be properly informed and their rights respected. The CNIL also recommends favoring anonymous surveys and limiting the data collected with closed questions.
Among the possible options, and taking into account the relationship of subordination between the employer and its employees or agents which can make participation in the investigation difficult, the CNIL considers that using a trusted third party can constitute a valid guarantee, by ensuring that the employer does not have access to the data collected.
Reminder :
State of health, sexual orientation or even perceived racial or ethnic origin are sensitive data: their collection and use are prohibited, in principle, by the General Data Protection Regulation (GDPR).
As part of a survey to measure diversity, the CNIL considers that only the free, explicit and informed consent of individuals could lift this ban.
https://www.cnil.fr/fr/consultation-projet-recommandations-mesures-diversite-au-travail