FAQ

F.A.Q.

How are data on COVID-19 cases collected in the ISS Integrated Surveillance System?

The Integrated Surveillance System of the Istituto Superiore di Sanità - ISS (Italian National Institute of Health) detects cases of SARS-CoV-2 infection, diagnosed in the Italian territory. The data are sent and validated by the 20 Regions and 2 Autonomous Provinces to the ISS IntegratedSurveillance System which develops the national statistics. The System uses an IT platform to measure the incidence of the spread of the disease and collect data on deaths as well.

What regulates data collection and sharing?

Data collection and use are treated under EU Regulation 679/2016 (known as GDPR, General Data Protection Regulation), theItalian national privacy code, and two Ordinances of the Head of the Civil Protection Departmentof 27 February and 4 August. In particular, the first states that “SARS-CoV-2 epidemiological surveillance is entrusted to the ISS.”

Which data are made available?

The ISS makes data available in aggregate form every day, through a dashboard on their website and in a series of descriptive reports. The data include, for example: the epidemic curve, cases per 100,000 inhabitants by analysed Region/Autonomous Province, by Province of domicile or residence, the ratio of cases by age group and medical condition. The data are made available in a diagram or can be downloaded in Excel.

How does the sharing of data work in the rest of Europe?

The European Centre for Disease Prevention and Control (ECDC) provides data from the European Surveillance System (TESSy) platform in Excel. In Italy, these data come from the ISS Integrated Surveillance System. They provide the number of cases and deaths per week, by gender and age. To access the data, you are required to provide a motivated request.

Is it possible to receive additional data?

The Ordinance of 4 August provides for the collection and sharing of data with the relevant centres in the field of science and research, as well as with relevant scientific, national, and international institutions and public administrations, in aggregate form or through pseudonymisation with a two-factor authentication code. Access may be requested using the specific form on the ISS website for scientific and research reasons, which must always be indicated.

What do other countries do?

A quick analysis in Europe shows that almost all countries provide data on the COVID-19 epidemic that can be downloaded in CSV and/or JSON. Anyway, the information provided by these countries is almost always the same as that provided in opencode by the Civil Protection in Italy.
Following, more detailed information provided by two institutions similar to the ISS: the Instituto de Salud Carlos III (ISCIII) in Spain, and the Public Health England (PHE) in the United Kingdom.

• ISCIII provides the number of cases, tests, hospitalisation (in total and in the ICU), daily deaths and patients cured (not cumulative) for the time series by region. No data by age group or gender. The date refers to the date of notification.
• PHE provides the number of cases available every day (daily and cumulative) by country, region and upper tier local authority. In the United Kingdom, there are 356 upper tier local authorities (NUTS3), something in between Italian provinces and municipalities. The date refers to the date of notification. The number of deaths (daily and cumulative) by country is also available.

How does the ISS share COVID-19 integrated surveillance data?

Since the beginning of the pandemic, and in compliance with Ordinance No. 640 of 27 February of the President of the Council of Ministers – Civil Protection Department, the ISS has been sharing COVID-19 integrated surveillance data with the Minister of Health (and not the Ministry), the Head of the Civil Protection Department in aggregate form, and with the World Health Organization (WHO) and the European Centre for Disease Prevention and Control (ECDC), making them available to the Regions and the Autonomous Provinces of Trento and Bolzano.

The ISS, in compliance with Ordinance No. 640 of the President of the Council of Ministers – Civil Protection Department (still in force), has extended the sharing of COVID-19 integrated surveillance data with the relevant centres in the field of science and research, as well as with relevant scientific, national, and international institutions and public administrations, in aggregate form or through pseudonymisation with a two-factor authentication code.

What did the ISS do to facilitate access to COVID-19 data?

To promote access to COVID-19 integrated surveillance data, the ISS set forth a method to guide the applicant in presenting the request. On the ISS website you will find the executive procedure and a facsimile to present your request. All requests duly submitted by individuals indicated in Ordinance No. 691 of 4 August 2020 have been accepted.
Moreover, the ISS has extended the number of recipients of COVID-19 data by setting forth, in favour of the community, the aggregate data which can be accessed on the ISS website This opendata operation was not easy as we tried to aim for the right balance between visibility of COVID-19 data and the aforementioned ordinances and privacy regulations (GDPR and new privacy code).

Then why do they say the ISS doesn’t share COVID-19 data with the scientific community?

There is a lot of confusion in relation to access to data (documents and information) as per Legislative Decree No. 33/2013 (the so-called Code on transparency for public administrations) and the regulations pursuant to Ordinance No. 640 and 691 of 2020. The measures issued during the declaration of the state of emergency caused by the pandemic, and the aforementioned ordinances, are enacted, therefore the ISS had to share COVID-19 integrated surveillance data with the recipients indicated therein. The ISS promoted the sharing of COVID-19 data with even more recipients, hoping and urging a replacement of Article 4 of the first Ordinance, which was too restrictive, with Article 1 of the second Ordinance. On the other hand, several instances of general access pursuant to Legislative Decree No. 33/2013 are based on assumptions other than the aforementioned ordinances, but have still been evaluated by the ISS and, when duly submitted, they were accepted!

If the data are aggregate or pseudonymised, why can’t they be made available to the scientific community without prior authorisation?

Simply because this is what is provided for by Ordinance No. 691, which the ISS must follow, and also because managing the pandemic has and still requires fundamental choices to be made for the country. The ISS is called to provide clear answers through the results of epidemiological and microbiological surveillance to determine policies to fight the spread of the virus.
Moreover, personal data collected for COVID-19 surveillance are individual data, therefore even though they are pseudonymised they still remain personal data and it is necessary to adopt all protective measures required by GDPR. Furthermore, in a country with many municipalities – some being very small –we tried to provide the best possible measure to try to ensure no traceability of the single individuals concerned.

Does the ISS have its own Data Protection Officer (DPO)?

Of course, the ISS has its own DPO, duly communicated to the Italian Data Protection Authority who may be reached at responsabile.protezionedati@iss.it