1 minute read
Pillar 6: DP4DFS in Global and National Emergencies
> Make clear accountability of regulatory authorities providing relief. > Prohibit sharing of data with third parties except to the extent specifically permitted. > Encourage industry to engage with government and data privacy and financial sector supervisory authorities on DP4DFS issues.
This Pillar contains recommendations for dealing with DP4DFS issues in an emergency, such as COVID-19 but also applying more generally.
Advertisement
6.1 GUIDING PRINCIPLE: PROVIDE POLICY GUIDANCE ON APPLICATION OF DP4DFS IN EMERGENCIES
KEY RECOMMENDATIONS:
> Consider regulatory guidance for data controllers/ processors on specific data privacy challenges and expectations. > Ensure consultation between data privacy and financial sector regulatory authorities. > Consider DP4DFS challenges in any national coordinating body.
6.2 GUIDING PRINCIPLE: ENSURE DP4DFS LEGAL FRAMEWORK MAKES PROVISION FOR EMERGENCIES
KEY RECOMMENDATIONS:
> Consider powers to provide relief from DP4DFS rules in an emergency. > If power does not currently exist consider amendment to law.
6.3 GUIDING PRINCIPLE: EXERCISE APPROPRIATE FLEXIBILITY AS TO ENFORCEMENT IN APPROPRIATE CASES
KEY RECOMMENDATIONS:
> Consider providing regulatory relief from existing data privacy and identity laws for the purposes of the emergency to both public and private sector entities. > Ensure any relief provided is: - Proportionate as to risks - Clear - Transparent to the public - Specific as to purposes - Time – limited to period of crisis
