March 6, 2023, Washington, DC – FDATA North America and its 30+ member companies today released a set of principles to govern the usage, disclosures, liability, oversight, and technology involved in open finance ecosystems. Upon release of these new principles, FDATA North America Executive Director Steve Boms said:
“As policymakers in both Canada and the United States contemplate open finance and federal data privacy frameworks, FDATA North America’s members are pleased to have collaborated on a set of privacy principles that we hope will inform their work. Today’s release is a detailed and comprehensive set of principles which we intend to serve as critical guideposts for legislators and regulators in the U.S. and Canada as they undertake the important work of creating modernized, customer-centric financial services regulatory environments.”
The first section of this document includes definitions of data types, and requirements for minimization, secondary usage, and silent parties. The second section covers consumers disclosures, what elements they should include, their length, and options for consumer revocation. The third section discusses assessments of data breach liability, notification requirements, and consumer redress. The fourth section covers regulatory oversight, and suggests which regulators in the U.S. and Canada should be granted supervisory authority over data privacy to ensure that consumers, data providers, and third-parties are protected and acting responsibly. The final section covers the technology involved in user authentication and authorization, and how they can be changed and revoked by consumers.
A high-level summary of these principles is available here. The full set of these principles is available here and can be shared with attribution.