Canada Engages in the G7 Data Protection and Privacy Authorities Roundtable
On June 20-21, 2023, the 3rd annual G7 Data Protection and Privacy Authorities (DPA) Roundtable was held in Tokyo, Japan.
This international event brought together the Chairpersons and Commissioners of the G7 DPA, whose membership consists of representatives from Canada, France, Germany, Italy, Japan, the United Kingdom, the United States, and the European Union. Guided by the ultimate aim of strengthening cooperation amongst the G7, this year’s roundtable was focused upon the promotion of Data Free Flow with Trust (DFFT), cross-border enforcement cooperation, emerging technologies, and privacy protection.
In order to comprehensively address the global data protection and privacy landscape in a manner that promotes collaboration and formulates concrete measures, the G7 DPA drafted positions and initiatives under the following three Pillars:
Pillar 1 – DFFT
With a shared consensus that the globalization of economic and social activities has resulted in an increase of cross-border data transfers, opportunities, and digital technologies, the G7 DPA recognized that this integration has also brought forth associated serious challenges to the protection of personal data and privacy.
Under the common objective of achieving DFFT, it was concluded by the G7 DPA that a high standard of protection of personal data and privacy is a fundamental prerequisite to facilitate the free flow of data. In order to address this necessity, the G7 DPA analyzed currently implemented approaches, different legal systems, and international frameworks. These steps will contribute to identifying means of convergence between the existing regulatory approaches and instruments enabling DFFT in a manner that will continuously foster interoperability.
As the next steps to advance DFFT, the G7 DPA is committed to further advocating, promoting, and advising on the development of global scale data transfer tools that will help businesses comply with data protection and privacy requirements worldwide. Additionally, forward-looking commitments were made to conduct a comparative analysis of existing data transfer tools, such as certification mechanisms and model contractual clauses. To further extend cross-border outreach, dialogues will be encouraged with additional networks and organizations regarding these transfer tools and frameworks, such as with the Ibero-American Data Protection Network.
Pillar 2 – Emerging Technologies
As the subsequent Pillar, the G7 DPA transitioned its focus to discussions regarding emerging technologies. This included engagements to address the global concerns regarding the increased risks to privacy and other human rights posed by the development, application, and use of Artificial Intelligence (AI), especially Generative AI.
It was emphasized that due to the ability of emerging technologies to automate the collection and processing of large quantities of personal information without appropriate safeguards, there is a need for developers and users to demonstrate compliance with relevant legal obligations and ensure that risk-mitigation measures are implemented. In order to do so, the relevant privacy bodies, such as Commissioners, should be engaged. Furthermore, pertinent guidelines and methods should be supported and bolstered, such as the Resolution on Principles and Expectations for the Appropriate Use of Personal Information in Facial Recognition Technology and Privacy Enhancing Technologies.
To address the further actions under the Pillar, in a supplementary dedicated session on emerging technologies that was chaired by the Office of the Privacy Commissioner of Canada, the Emerging Technologies Working Group conveyed its commitment to develop a Privacy Enhancing Technologies use case. This use case will be utilized to demonstrate how to achieve a safe and private method for obtaining insights from sensitive data. Furthermore, it was agreed that the group would collaborate to draft a future terminology document for anonymization, pseudonymization, and de-identification to ensure that there is a common understanding across jurisdictions.
Pillar 3 – Enforcement Cooperation
As cooperation is a key goal and principal of membership, the G7 DPA reaffirmed the necessity for international partnership among members to effectively exercise regulatory powers in today’s digital economy and everchanging landscape. To further advance enforcement cooperation, especially in the face of global adoption of new and emerging technologies and increased data flows, further dialogues will occur regarding national laws and powers, international best practices, and the implementation of the data minimization principle.
Guided by the Action Plan that was published by the G7 DPA during the Roundtable, the three pillars will be endorsed and pursued through regulatory cooperation and a shared commitment to the upmost standards of data protection and privacy. These efforts will be tangibly advanced at the next Emerging Technologies Working Group engagement, which is set to occur under the chairpersonship of the Garante, Italy, in 2024.
As for Canada, this intergovernmental engagement holds the potential to inspire and influence amendments to domestic data and privacy rules. This is particularly pertinent going forward as the European Union is a G7 member who allied countries, including Canada, have recently regarded as the global leader for advancements in technology-related legislation. For the 2024 Emerging Technologies Working Group, the Office of the Privacy Commissioner of Canada will certainly look towards the European Union’s guidance on progressing AI related legislation, especially as the European Parliament is currently in the process of passing the first ever rules on how AI can be utilized.