Under the presidency of the Italian authority, the G7 data protection authorities met from 7 to 11 October 2024 in Rome. On this occasion, they adopted, among other things, a common position on their role in promoting trustworthy artificial intelligence and stressed the importance of protecting minors in this context.
The adopted declarations
The role of data protection authorities in promoting trustworthy artificial intelligence
In a joint statement initiated by the Italian Presidency, the G7 data protection authorities recall that many AI technologies rely on the processing of personal data . Therefore, the law on the protection of personal data applies, including where specific legislation exists.
G7 authorities have a role to play in AI governance, given their experience and expertise in the following areas:
- supervision of personal data processing in AI technologies;
- monitoring technological developments;
- analysis and drafting of opinions on legislative proposals on AI;
- cooperation with other regulators (inter-regulation);
- support for stakeholders (production of guidelines, sandbox, etc.);
- raising awareness and educating the general public about digital technology.
Data protection authorities particularly insist on their independence, which alone can guarantee decisions that promote the development of responsible AI technologies.
Protection of minors and artificial intelligence
The G7 data protection authorities also wished to draw the attention of decision-makers, AI stakeholders and the public to the need to protect the fundamental rights of minors in the context of the development of AI.
Indeed, although AI technologies represent strong opportunities for minors, the risks to the protection of their personal data and their privacy must be given particular attention given the vulnerability of this population. Data protection authorities are therefore particularly concerned about decision-making based on AI, manipulation (false information, AI integrated into toys), and the use of minors’ data for training models. In addition to the need to integrate the protection of personal data from the design of systems, the authorities encourage digital education initiatives that can help raise awareness among minors of the opportunities and risks they may face in the context of AI.
Other documents prepared by the G7 working groups
Three G7 working groups produced more technical documents for this event.
First, the “Working Party on the Free Flow of Data under Trust” has produced a paper comparing the main elements of the GDPR certification mechanism, as a transfer tool, with the system set up outside the European Union, the Global CBPR System. The idea is to contribute to global discussions on the convergence of transfer tools. While some key principles are found in both mechanisms, important differences exist, in particular concerning the existence of enforceable rights and effective legal remedies for data subjects, the requirement for independent supervision, and the supervision of government access to data.
Then, the “Emerging Technologies Working Group” developed a paper on the definitions given by G7 jurisdictions to certain privacy-protecting technologies: de-identification, pseudonymization and anonymization. The aim is to achieve a common understanding of existing approaches within the G7.
Finally, the “Law Enforcement Cooperation Working Group” has drawn up a document summarising the common priorities of the G7 authorities in implementing their supervisory powers. This document will help to strengthen future exchanges between authorities (data security, protection of minors, etc.).
Finally, a press release and an action plan summarize the common positions of the G7 authorities and their cooperation projects in view of the next meeting of the G7 authorities in 2025 under the Canadian presidency.