G7 Data Protection Authorities: Promoting Privacy Internationally

Echoing the meeting of G7 Digital Ministers held last May in Düsseldorf, the data protection authorities were able to address, during two days of debates and discussions, the international issues related to the protection of personal data as well as ways to strengthen their cooperation. The CNIL was represented by Bertrand du Marais, commissioner in charge of international issues.

A press release, published at the end of the meeting, summarizes the points discussed by the participants. The CNIL and the BfDI jointly warned their partners to the issues involved in data transfers in the context of international data spaces and the instruments to be developed to guarantee the protection of individuals' rights. Last year, the CNIL addressed the issue of government access to personal data held by private actors.

At this meeting, the authorities decided to consolidate the G7 Roundtable of the data protection and privacy authorities through annual meetings. They will be organized to bring together the commissioners representing the authorities. In addition, regular exchanges will continue to take place within expert groups.

The next meeting of the G7 data protection authorities will take place in 2023 in Japan, under the chairmanship of the Japanese data protection authority (the Personal Information Protection Commission).

Discussed topics in 2022

Following on from the 2021 discussions

• Intersection between data protection and competition;
• Shaping the future of online tracking (cookies);
• Designing artificial intelligence with respect to the protection of personal data;
• Greater law enforcement effectiveness in the digital age;
• Technological innovation in a pandemic context;
• Access by governments to personal data held by the private sector;
• Development of a framework for cooperation between G7 data protection authorities.

The new topics covered in 2022

• Transfer instruments in the context of international data spaces, including certification mechanisms;
• Privacy technologies (« PETs »);
• De-identification;
• Data minimisation and purpose limitation principles in the context of commercial surveillance;
• The role of data protection authorities in promoting an ethical and cultural model for the governance of artificial intelligence.

G7 data protection authorities

• Office of the Privacy Commissioner of Canada;
• Commission nationale de l'informatique et des libertés, CNIL (France);
• Bundesbeauftragter für den Datenschutz und die Informationsfreiheit - BfDI (Germany);
• Garante per la Protezione dei Dati Personali (Italia);
• Personal Information Protection Commission, 個人情報保護委員会 (Japan);
• Information Commissioner's Office - ICO (United Kingdom);
• Federal Trade Commission - FTC (United States of America);
• European Data Protection Board (EDPB);
• European Data Protection Supervisor (EDPS).