This week's view is from Jersey's lovely shores, where hundreds of privacy regulators, civil society, industry and academia representatives gathered last week for the 46th annual Global Privacy Assembly.
The theme for the week was the "Power of i:" individuals, innovation, information, integrity, independence, international, intercultural and indigenous. These eight themes are "intrinsically linked to encompass the harms, values, and enrichment of our human lives," the event website states.
Indeed, the notion of human-at-the-center was a theme in many discussions. Helping people understand technology is equal to — if not more important — than a robust enforcement approach, said Jersey's Minister for Sustainable Economic Development Kirsten Morel.
The importance of the human dimension and context was also made apparent in a refreshing discussion with Jersey teens about their relationship to privacy and technology. In a world where 80% of children below the age of 2 have a digital footprint in the Western hemisphere, teens said they are interested in privacy and aware of the risks, but not to the full extent, and are often overwhelmed by privacy policies and cookie banners. Many in the room smiled complicity.
Beyond the power of individuals, another common theme was a general sense of complexity and unique challenges faced by every type of stakeholder present — regulators, civil society, policymakers and businesses, alike. It was visible that not everybody sees the chips fall in the same place when it comes to supervision and enforcement of artificial intelligence. Keynote addresses by France's data protection authority, the Commission nationale de l'informatique et des libertés, President Marie-Laure Denis and outgoing European Commissioner for Justice Didier Reynders were particularly revealing of the different approaches.
Denis reinforced that the CNIL's original mandate, like that of many other DPAs, remains true in today's world. "Technology neutrality makes data protection rules futureproof. It is primarily the means and methods that need to change rather than the regulators' structure," she said.
Reynders on the other end noted how DPAs' environment has profoundly changed and has become increasingly more complex since they first met at global level in 1979. "Privacy is and will remain central while data protection authorities will, if I may say, lose some of their 'natural monopoly' over privacy. They will increasingly be part of broader decision-making processes. Less of an island and more about other 'Is' such as interplay, interaction and interconnection," he said. These different wavelengths will be among the top trends to watch in the coming year.
The Republic of Korea will host the next GPA in September 2025, looking to bring a different take to the gathering — at times perceived as a rich-boys club, in which the global community and Global South struggle to bring representation. Bringing this home was founder and Executive Director of the Africa Digital Rights' Hub Teki Akuetteh, who underscored that 36 African countries now have data protection laws in place. Most are principle-based, which requires a dynamic and proactive regulator, empowered to issue interpretative guidance.
"In the last five years, we saw an enormous interest in adopting new legislation," Akuetteh said, noting, however, that the lack of adequate resources impacts the ability to implement new rules despite Africa's quick adoption of technology.
Isabelle Roccia, CIPP/E, is the managing director, Europe, for the IAPP.
