G7 Data Protection Authorities Gather for Discussion on AI Regulation and Other Priority Regulatory Matters in Japan's Initial Privacy Symposium

G7 Data Protection Authorities Gather for Discussion on AI Regulation and Other Priority Regulatory Matters in Japan's Initial Privacy Symposium

In a significant move towards ensuring responsible innovation in the field of generative AI, the G7 Data Protection Authorities (DPAs) have adopted a joint statement emphasizing the importance of responsible innovation and prioritizing privacy, particularly the protection of children’s online privacy.

The symposium, held in Tokyo, served as a platform for discussions on the role of data protection and privacy in the context of emerging digital technologies. Commissioner Shuhei Ohshima of Japan's Personal Information Protection Commission delivered a keynote address at the event.

The G7 Commissioners' Communique expressed overall support for the Data Free Flow with Trust political initiative. This support reflects a coordinated effort within the G7 to address data protection challenges posed by emerging digital technologies, including generative AI.

The EU’s GPAI Code, published in July 2025, acts as a preparatory voluntary framework to guide providers in complying with forthcoming binding AI regulations. It reflects a risk-based approach classifying AI systems by potential harm, especially regarding datasets and transparency.

The G7 statement explicitly prioritizes children’s online privacy protections by promoting privacy-preserving design principles in digital services, including AI systems. The G7 DPAs have also made education a strategic priority, with the CNIL partnering with the Ministry of Education and offering a platform to certify digital skills for children.

The UK's Information Commissioner, John Edwards, emphasized the importance of ensuring that data protection and privacy commissioners do not miss the development of new technology like generative AI in the way they missed the moment of building business models underpinning social media and online advertising.

The G7 DPAs are concerned about the lack of legal authority to process personal data at all stages of developing and deploying generative AI systems. They advocate for mitigation and monitoring measures to ensure personal data created by generative AI is accurate, complete, and up-to-date, as well as free from discriminatory, unlawful, or otherwise unjustifiable effects.

The US FTC has initiated an investigation against OpenAI, underscoring the commitment to enforcing COPPA (Children's Online Privacy Protection Act) aggressively. The EDPS has been designated the competent authority to ensure that EU agencies and bodies comply with the EU AI Act.

The G7 DPAs have created a dedicated department to monitor how AI systems comply with legal obligations stemming from data protection law. The first Japan Privacy Symposium, hosted by S&K Brussels LPC and our website, brought together global thought leaders on the interaction of data protection and privacy law with AI.

In summary, the current status of data protection and privacy regulations related to generative AI under the G7 DPAs is one of strategic coordination and alignment with broader international frameworks. They promote responsible AI innovation while emphasizing privacy protection, with key regulatory instruments such as the EU AI Act and its associated Code of Practice acting as significant reference points for enforcing these principles. The approach is risk-based and supports voluntary compliance tools ahead of full legal enforcement that is expected to advance in the coming years across jurisdictions.

1. The G7 Data Protection Authorities (DPAs) have emphasized the importance of responsible innovation, particularly in the field of generative AI, to ensure privacy protection, including children’s online privacy.
2. The symposium in Tokyo provided a platform for discussions on data protection and privacy in the context of emerging digital technologies, such as generative AI.
3. The G7 Commissioners' Communique supports the Data Free Flow with Trust political initiative, calling for a coordinated effort to address data protection challenges posed by emerging digital technologies.
4. The EU’s GPAI Code, published in July 2025, serves as a preparatory voluntary framework to guide providers in complying with forthcoming binding AI regulations.
5. The G7 statement promotes privacy-preserving design principles in digital services, including AI systems, prioritizing children’s online privacy protections.
6. The CNIL, a G7 partner, offers a platform to certify digital skills for children as part of a strategic priority on education.
7. The UK's Information Commissioner has underlined the need to avoid missing the development of new technologies like generative AI, as they did with social media and online advertising business models.
8. The G7 DPAs are concerned about the lack of legal authority to process personal data at all stages of developing and deploying generative AI systems.
9. The US FTC has initiated an investigation against OpenAI, underscoring a commitment to enforcing COPPA (Children's Online Privacy Protection Act).
10. The EDPS has been designated the competent authority to ensure EU agencies and bodies comply with the EU AI Act.
11. The G7 DPAs have created a dedicated department to monitor AI systems' compliance with legal obligations stemming from data protection law.
12. The approach of the G7 DPAs is risk-based, supporting voluntary compliance tools and international frameworks to promote responsible AI innovation while emphasizing privacy protection.

Read also: