Global Privacy Harmonization 'Challenging,' Italian Data Protection Official Says
Finding common ground on data protection "remains a challenging task, primarily because privacy is deeply shaped by cultural, legal, and economic contexts," Ginervra Cerrina Feroni, vice-president of Italian privacy watchdog Garante, said in an email. The General Data Protection Regulation (GDPR), for example, is rooted in a fundamental rights-based approach, while frameworks like the Global Cross Border Privacy Rules (CPBR) system emphasize voluntary compliance and flexibility, reflecting different traditions and priorities.
Sign up for a free preview to unlock the rest of this article
Another major challenge is balancing innovation with regulation, Cerrina Feroni said. "Crafting regulations that protect individuals without stifling technological progress requires delicate negotiation." The rapid pace of technological change "adds urgency to this issue."
Group of 7 (G7) data protection authorities (DPAs) met in Rome in October (see 2411060005). The roundtable resulted in a "concerted focus" on strengthening international collaboration and advancing privacy enforcement mechanisms this year.
An emerging technologies working group will also play a critical role, Cerrina Feroni said. It is charged with advancing the use of privacy-enhancing technologies (PETs) and encouraging responsible innovation. G7 DPAs are exploring how PETs can minimize risks, particularly for vulnerable populations like children, while maximizing AI's benefits and those of other emerging technologies.
Another key objective for the G7 is monitoring AI governance frameworks across member countries, Cerrina Feroni said. Members adopted a statement on the role of DPAs in fostering trustworthy AI in which they committed to tracking legislative and regulatory developments in the field.
In addition, the G7 will continue promoting data free flow with trust (DFFT). It will do this by aligning data protection frameworks, such as GDPR certification and the CPBR system, to support secure, trustworthy cross-border data transfers, Cerrina Feroni said.
The outcomes of the Rome roundtable "mark a pivotal moment for privacy compliance worldwide," Cerrina Feroni said. One of the most notable achievements was the emphasis on AI governance, she said. The statement on fostering trustworthy AI "is more than a theoretical framework; it represents a blueprint for integrating ethical and privacy considerations into the design and operation of AI systems."
The focus on PETs also signals a shift, Cerrina Feroni said. These tools are becoming essential, particularly in processing sensitive data or protecting vulnerable groups like children. G7 DPAs also approved a use case on synthetic data in the health sector to give data controllers practical advice about implementing the technology, she added.
The G7's work on interoperability between GDPR certifications and the CPBR system has practical implications for businesses engaged in cross-border data flows, Cerrina Feroni said. Harmonizing the frameworks "offers the promise of streamlined compliance, though it also sets the bar higher for demonstrating adherence to robust data protection standards."