Data Free Flow with Trust - DFFT
The 7 DPAs wish a free and trustful circulation of data, based on trust and accompanied by high protection standards as a prerequisite for the Data Free Flow with Trust to support global economic development.
The concept behind Data Free Flow with Trust (DFFT), was introduced by the Japanese government at the G20 in Osaka in 2019, and was first discussed by the DPAs during the G7 held in Bonn in 2022.
The DFFT aims at promoting cross border Data Free Flow with Trust at the international level, while also guaranteeing fundamental rights such as data privacy and protection, data safety and intellectual property.
For this purpose, the G7 wants to promote joint work on guidelines, common criteria, technologies and personal data protection measures. The DFFT concept will become more and more strategic mostly in relation to topics such as health, countermeasures for the pandemic, climate change, IoT and AI.
At the same time, the DFFT is intended to ensure uninterrupted data flow among countries, while guaranteeing data reliability.
More specifically, in light of the G7 Privacy2024, the DPAs committed to keeping discussions open on possible convergence elements to promote future interoperability among tools used for the transfer of personal data (e.g., by comparing the transfer tools used for existing data – in terms of certification mechanisms and contractual clauses).
Cooperation for the implementation of common rules
In the current digital economy, international cooperation among the G7 DPAs is felt as strongly needed to effectively implement regulations, mostly in relation to the adoption, worldwide, of new and emerging technologies and the increase in data flow.
To this purpose, the G7 Roundtable on Enforcement cooperation is already working to define a strategy shared by the G7 DPAs to prevent inappropriate processing of personal data by large global companies. The idea is to have a common enforcement cooperation between the Data Protection Authorities by sharing best practices and developing a solid working network that, as far as the G7 are concerned, should be able to extend also between the Data Protection Authorities of the other countries.
Against this background, a proactive sharing of information and best practices is, therefore, a priority for the G7 Italy 2024 to act together with coordinated actions in cases of common interest that could also have a negative impact at the global level. Among the ‘”hot topics” are those triggered by generative Artificial Intelligence.
Emerging Technologies
While new technologies favour the dissemination, usability and sharing of data, they also have a decisive impact on data processing methods.
Thus, the G7 Privacy in Rome will focus on the theme of ’emerging technologies’, starting with ‘Privacy-enhancing Technologies’ (so-called ‘PETs’).
PETs are tools that minimise the use of personal data, maximise security, and reduce the risk associated with their use. Examples are anonymisation techniques or technologies that allow data to be analysed without necessarily having to be copied.
In this respect, the work of the G7 has just concluded a case study on the analysis of the use of health-related data and on the in-depth study of the issues surrounding so-called ‘synthetic data’ – data obtained by using specific machine learning algorithms from real data of a sample of individuals – which can also be used for training machine learning algorithms without using real people’s personal data.
The case study analysed, therefore, starting from a database of prescriptions for real medical services, created a database of synthetic data that could no longer be traced back to real data. The new database then allowed this data to be shared and used for planning and allocating health system resources without compromising patient confidentiality.
Still in the area of PET, the G7 Privacy will strive to create a common ‘knowledge base’ about the terminology used (e.g. on ‘de-identification’, ‘anonymisation’, ‘pseudonymisation’) that, without containing legal elements specific to different legislations, can be used by all G7 members.
