30
AFI GUIDELINE NOTE ON DATA PRIVACY FOR DIGITAL FINANCIAL SERVICES
PILLAR 6: DP4DFS IN GLOBAL AND NATIONAL EMERGENCIES This Pillar contains recommendations for dealing with DP4DFS issues in an emergency, such as COVID-19 but also applying more generally. 6.1 GUIDING PRINCIPLE: PROVIDE POLICY GUIDANCE ON APPLICATION OF DP4DFS IN EMERGENCIES KEY RECOMMENDATIONS: > Consider regulatory guidance for data controllers/ processors on specific data privacy challenges and expectations. > Ensure consultation between data privacy and financial sector regulatory authorities. > Consider DP4DFS challenges in any national coordinating body.
6.2 GUIDING PRINCIPLE: ENSURE DP4DFS LEGAL FRAMEWORK MAKES PROVISION FOR EMERGENCIES KEY RECOMMENDATIONS: > Consider powers to provide relief from DP4DFS rules in an emergency. > If power does not currently exist consider amendment to law.
6.3 GUIDING PRINCIPLE: EXERCISE APPROPRIATE FLEXIBILITY AS TO ENFORCEMENT IN APPROPRIATE CASES KEY RECOMMENDATIONS: > Consider providing regulatory relief from existing data privacy and identity laws for the purposes of the emergency to both public and private sector entities. > Ensure any relief provided is: - Proportionate as to risks - Clear - Transparent to the public - Specific as to purposes - Time – limited to period of crisis
> Make clear accountability of regulatory authorities providing relief. > Prohibit sharing of data with third parties except to the extent specifically permitted. > Encourage industry to engage with government and data privacy and financial sector supervisory authorities on DP4DFS issues.
