G7 and Data Protection: Towards Shared Rules for Artificial Intelligence and Data Privacy
After three days of important work, what are the results?
A result that I consider somehow historical, also because we have brought to approval seven documents, all unanimously endorsed by the G7 leaders. We covered the subject of cross-border data transfer, of course with confidence, thus reaffirming a key principle for us: data must flow, but they must flow in a safe manner, in a reliable manner. Of course, there are different regulations within the G7 countries, but the goal is to find common rules in the long term.
The second major topic is emerging technologies, with important documents being drafted, such as one on the creation of a common glossary, on what anonymisation, pseudonymisation, and de-identification are, because, of course, there are semantically different concepts within the G7 countries. We worked to find common working grounds within emerging technologies. A major innovation was the approval of a document on artificial intelligence applied to the world of minors, who are the most vulnerable individuals. We shared several ideas on the need to protect the development of artificial intelligence and new technologies, but obviously with due regard for the most vulnerable individuals.
The other major topic is cooperation and the enforcement, namely how to apply what was agreed upon by the countries during the G7. A great achievement was due to the Italian proposal to question ourselves and reflect on what should be the role of Data Protection Authorities in the governance of artificial intelligence. A framework is being built, an architecture is being built, not only in Europe but all over the world, to handle artificial intelligence. We deemed it appropriate and we unanimously approved a statement claiming that Data Protection Authorities do play a key role in the governance of artificial intelligence, considering that artificial intelligence mainly relies on personal data, and that Data Protection Authorities have developed a specific competence and experience on the algorithms of artificial intelligence as can be seen in our case law that is now a decade old.
Thirdly, they have a key feature, they are independent subjects and, by being independent, they can perform their supervisory role effectively. This independent role should be, or at least this is our wish, and that of the G7, included in a so-called privacy by design approach for artificial intelligence. This means to monitor and take action during the construction phase of algorithms rather than at the final stage.
Then we approved the statement that summarises the activity carried out during this year, because the activity of the G7 is constant and continues throughout the year, along with the Action Plan for next year, whose work will be held in Canada, as you know. We are all very satisfied to continue to strengthen the relations among Data Protection Authorities at G7 level.
Will the discussion on these topics be continued?
These topics certainly are the three main pillars of our activity, but of course, we will continue to monitor, for example on governance of artificial intelligence, as well as the legislation of the various countries and the constantly evolving framework, because nothing is static here.
