Joint Statement on Trustworthy Data Governance for AI: Twenty Data Protection Authorities Commit to Innovative and Privacy-Protecting AI

At the Global Privacy Assembly (GPA) Seoul 2025 (15-19 September, 2025), twenty data protection authorities (DPAs) – Australia, Belgium, Bulgaria, Canada, Croatia, Finland, France, Germany, Hong Kong, Ireland, Italy, Korea, Netherlands, New Zealand, Luxembourg, Macao SAR, Spain, Poland, Sweden, and the United Kingdom – signed the Joint Statement on Building Trustworthy Data Governance Frameworks to Encourage Development of Innovative and Privacy-protecting AI (Joint Statement).

The Joint Statement was initially signed by the Office of the Australian Information Commissioner (OAIC), the Personal Information Protection Commission (PIPC), the Information Commissioner’s Office (ICO), the Commission Nationale de l’Informatique et des Libertés (CNIL), and the Data Protection Commission (DPC) at a side event, co-organized by the CNIL and the PIPC, to the AI Action Summit in Paris last February.

Building a Reliable Governance Framework for Trustworthy AI

The Joint Statement highlights the numerous opportunities offered by AI across various fields. At the same time, it also sheds light on several risks, including concerns over data protection and privacy, discrimination and bias, disinformation, and AI hallucination.

To ensure AI is compliant with the current legal frameworks, the DPAs advocate incorporating data protection principles by design in the approach to AI systems, establishing robust data governance and anticipating risk management.

The statement also underscores the increasing complexity of data processing by AI and emphasizes the diversity of actors involved, and the need for a regulatory framework adapted to technological advancements.

Commitment to Addressing Legal Uncertainties Raised by AI

Twenty DPAs recognize their leading roles in shaping data governance to address challenges raised by AI and committed to:

• clarify legal bases for the processing of data by AI;
• share information and establish appropriate security measures;
• monitor the technical and societal impacts of AI by involving various actors;
• encourage innovation while reducing legal uncertainty; 
• strengthen cooperation with other competent authorities (consumer protection, competition, intellectual property).

On the occasion of the GPA Seoul 2025, a joint signing ceremony was held on 17 September 2025. At the ceremony, the DPAs gathered together to formally express their support, marking an extended global commitment to innovative and privacy-protecting AI.

Taking this opportunity, the DPAs reaffirmed their shared commitment to the Joint Statement and expressed their hope that more like-minded DPAs will join this meaningful initiative.