G7 privacy authorities reaffirm commitment to data protection and responsible innovation

On 18–19 June 2025, data protection and privacy authorities from the G7 countries met in Canada for the fifth edition of the G7 Data Protection and Privacy Authorities (DPAs) Roundtable. Hosted by the Office of the Privacy Commissioner of Canada, the meeting brought together regulators from leading democratic economies to address the challenges and responsibilities of safeguarding privacy in a rapidly evolving digital landscape. This year’s roundtable focused on advancing cross-border cooperation, aligning data protection with innovation, and reinforcing global standards for trustworthy data flows.

The event took place against a backdrop of increasing global attention to the governance of emerging technologies, such as AI and quantum computing, and followed closely on the heels of the 2025 G7 Leaders’ Statement on AI for Prosperity. G7 DPAs took note of the broader political momentum behind a ‘human-centric’ approach to AI and reiterated their role in ensuring that data protection principles underpin digital transformation efforts.

The roundtable included participation from international stakeholders, including the International Network for Digital Regulation Cooperation (INDRC) and the OECD’s Data Governance and Privacy Unit. Representatives from Korea’s Personal Information Protection Commission and Singapore’s Personal Data Protection Commission joined on behalf of broader international regulatory networks, reflecting a growing emphasis on harmonised action across jurisdictions.

A key output of the meeting was the adoption of a statement titled Promoting Responsible Innovation and Protecting Children by Prioritizing Privacy, which underscores the importance of integrating privacy protections from the outset in technological development. The statement highlights privacy as both a fundamental right and a necessary condition for long-term societal and economic benefits.

In alignment with ongoing international commitments, the G7 DPAs welcomed the G7 Leaders’ emphasis on operationalising ‘Data Free Flow with Trust’ (DFFT), a concept aimed at enabling secure and rights-respecting cross-border data flows. Recognising the role of privacy regulators in shaping and supporting this agenda, the DPAs offered their technical expertise to help translate political goals into workable regulatory frameworks.

To this end, the Roundtable’s three working groups reported progress on key priorities:

• The DFFT Working Group, co-led by the UK Information Commissioner’s Office and Germany’s Federal Commissioner for Data Protection, is developing frameworks for interoperability among national regulations. It continues to build on prior international resolutions and seeks to advance the OECD Declaration on Government Access to Data as a global reference.
• The Emerging Technologies Working Group, chaired by the UK, is exploring privacy implications of technologies such as connected home devices and third-party tech integration. The group is also focused on facilitating shared understanding around AI governance, particularly as it relates to agent-based systems.
• The Enforcement Cooperation Working Group, co-chaired by Japan’s Personal Information Protection Commission and the U.S. Federal Trade Commission, is working to enhance practical mechanisms for cross-border enforcement. This includes establishing shared formats for exchanging case-related information and identifying common enforcement strategies.

These groups plan to finalise their work during a virtual session scheduled for December 2025. This continuity reflects the G7 DPAs’ long-term objective to foster coordination in areas where data governance intersects with security, commerce, and human rights.

Looking forward, the group emphasised the importance of collaboration with other international partners and organisations to maintain momentum in global privacy standards and regulatory cooperation. Preparations are already underway for the 2026 Roundtable, to be hosted by the French data protection authority, CNIL.