Nearly half of regulators made a change to their regulatory approach during the pandemic, according to research carried out by the UK Information Commissioner’s Office (ICO) for the Global Privacy Enforcement Network (GPEN).
‘Resetting Privacy’ looked at how and whether privacy enforcement and consumer protection authorities have changed their approach to regulation and enforcement during the COVID-19 pandemic, and whether they plan to ‘reset’ their approach as it subsides.
Data was collected from privacy enforcement and consumer protection authorities via a survey and a virtual roundtable. 27 authorities responded to the survey, and 17 attended the roundtable.
Key findings from the research include:
- Almost half of participants reported that they made a change to their regulatory approach during the pandemic.
- Most authorities that made changes are undecided about reverting to their pre-pandemic approach but some have, or plan to.
- Changes in approach were mostly modest, but the different approaches could lead to a lack of clarity around the expectations of the regulatory community.
- A perceived relaxation of regulatory rules combined with the increasing collection and use of data may be contributing towards a ‘new normal’ of less privacy-friendly use of data.
To help address these types of issues, authorities from GPEN and other networks of privacy enforcement and consumer protection authorities aim to collaborate further and share experience to help better inform individual and collective decision-making and messaging around regulation and enforcement during and after the pandemic.
The GPEN report on this activity is available here.