Changes for page Guidelines for Confidentiality and Embargo in SDMX

Last modified by Artur K. on 2026/05/29 14:28

From 2.2 to 2.3 From 3.8 to 3.9

From version 2.3

edited by Helena K.
on 2026/01/27 13:01

Change comment: There is no comment for this version

To version 3.8

edited by Helena K.
on 2026/01/27 13:20

Change comment: There is no comment for this version

Raw
Rendered

Summary

Page properties (1 modified, 0 added, 0 removed)

Details

Page properties

Content

@@ -43,9 +43,11 @@
  The data’s CONF_STATUS attribute should be set to “Free (free for publication)”.
--{{box}}SDMX representation
--* **CONF_STATUS**: F{{/box}}
++{{box}}
++**SDMX representation**
++* **CONF_STATUS**: F
++{{/box}}
  == Use case 2: Confidential data ==
@@ -68,13 +68,12 @@
  The forwarding of confidential data is represented as follows in SDMX:
--|(((
--(% class="wikigeneratedid" id="HSDMXrepresentation-1" %)
--SDMX representation
++{{box}}
++**SDMX representation**
  * **CONF_STATUS**: N;
  * **CONF_REDIST **(Observation, Conditional): [Organisation(s)];
--)))
++{{/box}}
  === Adding embargo information to a data message ===
@@ -89,13 +89,12 @@
  If the goal is to allow the data recipient to have privileged access to embargoed observations in a data message (message), the embargoed observation’s CONF_STATUS attribute should be coded as “E: Not for publication until the embargo time expires; free for publication after the embargo time expires.” with an observation level attribute EMBARGO_TIME (date/time/time zone).
--|(((
--(% class="wikigeneratedid" id="HSDMXrepresentation-2" %)
--SDMX representation
++{{box}}
++**SDMX representation**
  * **CONF_STATUS**: E;
  * **EMBARGO**_**TIME** (Observation, Conditional): [timestamp]
--)))
++{{/box}}
  Including a time zone is strongly recommended and the best case is to use the UTC (Coordinated Universal Time) time standard. However, if no time zone is provided then the time zone of the recipient is assumed.
@@ -104,7 +104,7 @@
  * (Recommended) With UTC indicator: 2017-12-15T14:02:29Z
  * With timezone indicator: 2017-12-15T15:02:29+01:00
--**//Enabling the frontloading of data into systems//**
++=== //Enabling the frontloading of data into systems// ===
  If the goal is to allow frontloading of a whole data message into systems so that the data can be made visible to users at the expiry of the embargo date/time, the header section of the message should contain an embargo date/time attribute. This implies that all information in the data message is under the embargo date/time set in the header. The header attribute EmbargoDate with format date/time/time zone indicates until when the whole data message received cannot be shared with any recipient users.
@@ -112,12 +112,11 @@
  Note that this scenario presumes that all data in the message cannot be viewed before the header EmbargoDate, and that there is no privileged access before this time. However, observations may be marked with any other confidentiality status that is valid after the frontloading EmbargoDate elapses.
--|(((
--(% class="wikigeneratedid" id="HSDMXRepresentation" %)
++{{box}}
  SDMX Representation
  * **CONF_STATUS**: <Set to the required confidentiality status after the embargo time elapses>; <Header>\<EmbargoDate>: [timestamp]
--)))
++{{/box}}
  The two ways of representing embargoed data exist to provide efficiency in the exchange, allow for differentiating data intended to be frontloaded and data aimed to be provided in advance to a restricted audience, and provide flexibility when few observations need to be embargoed in a large data message. The trade-off is the complication of system implementation to support the two representations of embargo, which has to be done locally on a case-by-case basis.
@@ -125,38 +125,34 @@
  In data flows that feature confidential data, CONF_STATUS is highly recommended to be a mandatory attribute. However, if CONF_STATUS is optional in the DSD and missing from an observation, it is always implied to be “F” (free).
--=== Use of the CONF_REDIST attribute ===
++== Use of the CONF_REDIST attribute ==
  The CONF_REDIST attribute defines the secondary recipient(s) to whom the sender allows the primary recipient to forward confidential data. It is recommended to be an optional attribute at observation level. Ideally it should reference a shared code list containing standard organisation codes. To allow several secondary recipients there are these possibilities:
--Use a code that represents multiple organisations, or;
++1. Use a code that represents multiple organisations, or;
++1. Use several CONF_REDIST attributes to portray the multiple recipients. Each attribute represents one recipient and references the same codelist. This implementation is cleaner than the above point 1, though this will require adding as many attributes to your DSD as there are potential recipients of the redistributed confidential data.
--Use several CONF_REDIST attributes to portray the multiple recipients. Each attribute represents one recipient and references the same codelist. This implementation is cleaner than the above point 1, though this will require adding as many attributes to your DSD as there are potential recipients of the redistributed confidential data.
--
  If the EMBARGO_TIME and CONF_REDIST attributes are both used:
 . Data is available only to the organisations in CONF_REDIST until EMBARGO_TIME
 . Data is available to the public after EMBARGO_TIME
--|(% colspan="3" %)(((
++(% style="width:768.957px" %)
++|(% colspan="3" style="width:766px" %)(((
  (% class="wikigeneratedid" id="HPrivilegedAccess" %)
--Privileged Access
++**Privileged Access**
  )))
--|**Use case**|**No forwarding**|**Forwarding**
--|**Embargo**|(((
++|(% style="width:202px" %)**Use case**|(% style="width:207px" %)**No forwarding**|(% style="width:357px" %)**Forwarding**
++|(% style="width:202px" %)**Embargo**|(% style="width:207px" %)(((
  CONF_STATUS: E
--
  EMBARGO_TIME
--)))|(((
++)))|(% style="width:357px" %)(((
  CONF_STATUS: E
--
  EMBARGO_TIME
--
  CONF_REDIST
  )))
--|**No embargo**|CONF_STATUS: N|(((
++|(% style="width:202px" %)**No embargo**|(% style="width:207px" %)CONF_STATUS: N|(% style="width:357px" %)(((
  CONF_STATUS:N
--
  CONF_REDIST
  )))
@@ -169,17 +169,15 @@
  * The national statistical institutes send data to Eurostat, and allow the data to be shared with the ECB for statistical coproduction
  * The data may only be shared with the public on the next day
--**CONF_STATUS:**E**;**
++* **CONF_STATUS:**E**;**
++* **CONF_REDIST: **ECB**;**
++* **EMBARGO_TIME=<**T+1 day**, **e.g.** **2017-12-15T10:00:00Z>
--**CONF_REDIST: **ECB**;**
--
--**EMBARGO_TIME=<**T+1 day**, **e.g.** **2017-12-15T10:00:00Z>
--
  The solutions suggested above aim at covering the most common confidentiality and embargo use cases within a single transmission from the primary reporter to the primary recipient. However, for some more complex scenarios it might still be required to make multiple transmissions.
  It is strongly recommended that use cases are specified in an agreement between organisations involved in regular transmissions up-front in order to avoid unnecessary delay in data publication or – much worse – confidentiality breaches.
--**Annex 1: SDMX Representation of the confidentiality use cases**
++= Annex 1: SDMX Representation of the confidentiality use cases =
  |(((
  (% class="wikigeneratedid" id="HUsecase" %)
@@ -274,4 +274,5 @@
  ----
-- {{putFootnotes/}}
++
++{{putFootnotes/}}