G7 DPAs: Ensure Data-Driven Technological Innovation Is Responsible

Talks centered on how prioritizing privacy in the design and use of new technologies supports responsible innovation and protects children online.

People may be wary about engaging with new digital products and services if they're not confident their rights and applicable rules are respected, the DPAs noted. Organizations can ensure the public's expectations are met by considering privacy and data-protection issues at "the outset of product design," the statement added.

Individuals must be clearly informed about what data processing will be associated with a device or service, particularly where those activities vary from reasonable expectations, the DPAs said.

When people see that organizations consider their privacy to be a priority, trust will follow, the statement said. Failure to consider privacy, however, could hurt an organization's reputation in the market.

Many jurisdictions have recognized that children may be affected by technologies differently than adults and need special protection, the DPAs said. As such, many have introduced, or are considering, age-assurance recommendations or requirements to protect children online.

Where age-verification tools are used, "this should be done in a risk-based and proportionate manner, only when necessary and proportionate for the aim pursued, and in compliance with privacy and data protection principles."

Making privacy a priority involves determining whether personal data processing is necessary; carrying out a privacy risk assessment; and making appropriate design, development and deployment decisions to mitigate identified risks.

In addition, they said, technologies should be designed in a way that supports the exercise of privacy rights, and risk mitigation should be regularly monitored and reassessed.