The G7 Data Protection and Privacy Authorities (DPAs) have endorsed a plan based on three pillars resulting from a roundtable discussion with the authorities.
The regulators met earlier this month in Japan to discuss key privacy and data protection topics.
The G7 is an intergovernmental group of officials discussing world economics. Seven large Western nations make up the group. The DPAs are officials from each nation’s data privacy agencies.
Their three pillars include developing and implementing the data free flow with trust (DFFT) concept as well as emerging technologies and enhancing enforcement cooperation.
According to the World Economic Forum, DFFT is a guiding principle for international cooperation regarding data flows.
DFFT has focused on issues like trade agreements, including e-commerce negotiations at the World Trade Organization and regional and bilateral free trade agreements (FTAs).
The DPA promised to be “attentive and supportive” of the efforts to develop the DFFT concept.
This pillar includes creating a new institutional arrangement for partnership and emphasizes that trust is vital to the flow of data around the globe.
The first pillar also promotes a common understanding of the idea and its key components as related to data protection and to assess “common goals to ensure a high level of data protection and privacy.”
The second pillar is related to promoting the development and use of emerging technologies in ways that reinforce trust and respect privacy.
This is said to include collaborative work and discussions on de-identification, anonymization, pseudonymization and privacy-enhancing technologies (PETs) by “fostering a common understanding of key terms and concepts in use across G7 jurisdictions.”
According to the United Kingdom’s information commissioner, PETs “are technologies that embody fundamental data protection principles.”
This includes minimizing personal information use, maximizing information security or empowering people.
Many PETS have direct biometrics and digital identity uses, for example, zero-knowledge proofs, a cryptographic concept that reduces proofing transactions to a simple confirmation or denial without sharing details or user data.
This pillar includes creating a terminology reference document outlining key terms and characteristics of important concepts used by G7 DPAs to facilitate collaborative work and discussions and to address relevant international definitions and uses of the terms.
The second pillar is also about fueling adoption and development of PETs by developing a use case demonstrating how one specific PET (synthetic data) “can be used to reduce privacy risks while contributing to the public benefit.” This approach will then be expanded to other use cases.
According to the UK’s ICO, synthetic data is artificial data created by data synthesis algorithms.
This data copies patterns and the statistical properties of real data, such as personal information, and is generated from real data.
This means that analysis of synthetic data can produce very similar results to analysis carried out on the original data while minimizing data collection.
The second pillar also concerns the Global Privacy Assembly 2022 Resolution on Principles and Expectations for the Appropriate Use of Personal Information in Facial Recognition Technology, which is meant to set global shared principles for facial recognition use by public and private organizations.
The pillars also laid out plans to collaborate on the issue of personal data protection within the context of generative AI “from an ethical, legal, social, and technical perspective.
The third pillar is related to enforcement cooperation, increasing dialogue among enforcers among the G7 DPAs and the broader data protection and privacy enforcement community
This would involve sharing domestic and international best practices for effective enforcement collaboration, including successful cooperation cases, and exploring differences in enforcement from perspectives of deterrence, accountability and protection of individuals.
The DPAs will report on the progress and achievements of the plan at the 2024 G7 DPA roundtable, to be held in Italy.
Article: G7 data protection authorities endorse 3-pillar plan, nod to privacy-enhancing tech