CPDP LATAM 2024 | AI and Data Protection Regulation in the G20

So as uh people are finishing their lunch and arriving here I think we can get started uh so that we start to have the discussion on Ai and data protection in the G20 of course we could not uh have all the G20 members here uh because it's kind of uh difficult to have them all in the same room uh and then to have a meaningful panel in 100 in 90 minutes with 20 plus uh plus uh representative But we have decided to have some of the most uh relevant if you if we may say so

uh voices in the G20 coincidentally some of them are uh members of the bricks grouping so it will be like a brics plus EU representing the G20 uh some of the G20 Trends right uh of course if we have in the room other people that may be from other countries and they are or other organizations that have uh uh impact and connections with G20 so they are more Than than than welcome to to chip in uh I've instructed our panelists to keep their presentations to let's say six or seven minutes so that we have time

for debate and uh also uh questions from the from the audience uh so let's try to keep it interactive as interactive as possible I think that given that we are already 15 minutes uh late uh we can avoid to have long introductions and get directly into the discussion the uh the idea is really to have an overview of What are the main trends at the national level uh in the uh in the countries that are represented or in the case of EU the uh block that is represented and how this Trends National Trends can impact

G20 discussions and how G20 discussion could have an impact on the national or Regional Trends right uh so uh I think I could directly give the floor to uh TAA for the uh starting the the dance with our uh Brazilian overview the C is yours thank you LCA so let's start with Sambba in this afternoon good afternoon everyone uh it's a pleasure to be here today h thank you luuka for the invitation so Luca told us to be provocative and critical and to emphasize two main issues H what have been the most recent development in

Ai and data protection regulation in our region countries and what is could or should be the impact of such developments in G20 all of these in seven or six minutes So I wrote some I take some notes uh of course the a the commercialization of foundational models has revigor discussions about the global governance of AI in data protection action as these models use huge amount of data to be trained and by global governance of artificial intelligence we could understand as the process through which diverse interests that transcend borders are accommodated without a single Sovereign Authority

so that Cooperative Action may be taken in maximizing the benefits and mitigating the risk of artificial intelligence that says Vice uh so the United Nations secretary Antonio Gutierrez BR British prime minister Rishi sonak open AI Co Sam Alman our president Lisas Lula da Silva and even the pope have all argued for the creation of a new international a AI body recently since 2016 the organization for economic cooperation and development oecd has been Undertaking technocratic work through networks of experts to produce analysis and best best practices for AI in May 2019 oecd member countries adopted a

set of AI principles designed to promote use of artificial intelligence that is innovative and trustworthy and respects human rights and democra Democratic Values G20 leaders subsequently committed to a set of non-binding AI principles that were drown from oecs in November 2021 h93 member states adopted a UNESCO recommendation on the ethic of artificial intelligence designed to guide signatories in developing appropriate legal Frameworks the UNESCO AI recommendations outlines principles substantively like oecs yet the O oecd's principles were not mentioned in this document given that the the oecd and G20 countries which account for the vast majority of

the world's AI development Already agreed to the oecd AI e ethics principles the failure to acknowledge existing work is unconstructive and a waste of resources in 2023 the G7 jointly calleded for a Hiroshima AI process to enhance coer Co operation in AI governance while the UK announced that it will host a global AI Summit in late 2023 focus on AI safety and Brazil in Brazil we are in The year of the G20 presidency I am part of Task Force 5 which discusses inclusive digital transformation and the challenges opportunities and the governance of artifici IAL intelligence

so during four months we had many sessions of discussions and have just released the statement with recommendations for the governance and responsible development of artificial intelligence including the need for mechanisms that encourage the Sustainability of this technology furthermore we are discussing a strategic AI plan redesigning the Brazilian AI strategy and in the regul regulatory sphere sphere the regulation of artificial intelligence which which have the key aim to protect fundamental rights and to ensure the implementation of safe and trustworthy AI systems to benefit of human person of De the Democratic regime and scientific and technological development

besides also Prevent and Tackle discrimination bias the text brings a risk-based approach and includes the National Data protection authority as the AI agency in this regard our data protection authority recently published a decision determining the suspension of AI data training by meta for violating fundamental data protection rights there is still a long way to go and is important that the Brazil that Brazil during the G20 presidency and in such a Relevant year of discussion manages to approve the regul regulatory framework as a legacy and presents ways to encourage responsible Brazilian technology thank you thank you

TAA for for this introduction and this overview of Brazil and actually um I also uh would like to apologize with the people in the room because I forgot to introduce all our speakers so tun kilos she is professor at the University of Brazilia and works For the Brazilian Senate uh Thomas leer he is director of the of epicenter work an NGO European NGO but based in in Austria in Vienna ianga she is professor at the University of biking and also one of our cyber bricks fellows uh then we have Daniel Kimi that is also one

of our cyber bricks fellows and we have Zai vaa also one of our cyber bricks fellows uh all right so proceeding in Brick's order now is time for Russia well thanks very much LCA um Great pleasure to be here thank you very much for introducing uh I I will speak a little bit you know beauty of being an academic is really that you get to be critical and not being criticized for being critical um so I just wanted to go back to to to uh to the fundamentals does anyone of you here in the room

actually know how many countries are in G20 and then who else so who does un Secretary General Represent when he goes to G20 193 who does who does EU represent when they go to G20 who does African Union represent now another question is a the first G20 country largest economy in the world they're not the the G20 the the the the country that has the the 20th largest GDP in the world is Switzerland it's neither in EU no in G20 uh as a matter of fact many people have called G20 the largest uh transgression in

global governance since 1945 and yet here we are G20 is setting the tone but let's let's go back to the fundamentals why was G20 created was it to maintain peace and security after the World War II no no good it was it supposed to be to save our countries from economic crisis or help us coordinate with the crisis uh Mainly economic and financial that we're happening ever since well today we are are in a full fled um or infliction point where our economies are about to be fully embraced by AI or AI fully embra by

our economies um but I also feel and again being here critical is that our politicians somewhat like this topic they just jump on it because it's cool it looks good and then they they uh they yeah it's a little bit like hype it's Like VC it's like a political VC Hye VC put huge amount of money in the companies that may or may not justify that type of valuation the same way our politicians put the same way of their political capital in AI with no idea whether actually it will pay back now today and I

mean today the 17th of July 2024 it's actually most exciting time to have this B and let me tell you why today the King speech in London Turned marked a really turning point for a position of the UK government in terms of a regulations that have been quote unquote leading or drive well actually not quote unquote they have been quite a really um adamant in trying to position themselves as a leader in terms of global AI governance debate so we went from uh hands-off approach that was called AI safety to Hands-On approach who it's yet

to be known what it will be called and this is Also another thing that that always buffles me in the classical political terms when we don't want to deal with a problem we put it in the title like uh you know inflation reduction act led to the largest inflation and spending in the US History AI safety processes were all about we don't want to regulate do whatever you guys want uh so there are all these misnomers that I think now even the politicians Are starting to recognize and starting to say okay we've been jumping on

this band Bagon but now we're actually reaching the stage where we need to see whether our political Capital needs to be returned and again mentioning the the King speech um turning point between hands off approach to actually let's see what we can do quite a few other g20s countries are going exactly through the same uh process today so Korea which was a Partner of UK in thei safety process said well they didn't say it but because of the change of the leadership on the on in the parliament now from hands off to more regulatory stance

who knows which way us will turn based on November uh but there are quite a few changes in in the stand also yesterday I said today is the most interesting time to have our panel is because yesterday uh for those of you That didn't know until 3 p.m. local eastern time in New York it was a time a deadline for silent procedure for states to agree 193 member states of the United Nations to agree on new digital compact new digital compact of the United Nations that will be adopted in September in New York and there

is a silent procedure is there for a reason but those of you are you know legal nerds like myself it Basically meets if you're if you didn't say anything you agree well let me tell you when you reach that stage normally nobody raises your voice very s and believe me a digital compact quite a few countries raised their voices now the co coordinators are Sweden and and Rwanda so they have to come up with some sort of compromise and have to do it quickly during the time when nobody is in the office because it's locations

but in September all our member states Will be voting on this digital compact on his on which the Secretary General put his legacy on the line basically and we don't know what will come out of it the advisory body that has been created in the UN again um has been uh hit and miss quite a few people on the body themselves are going through questioning of their legitimacy in terms of how they approach AI um but but the point is is we need to really dial down the hype Around it whether it's BC hype or

PC hype and really get to work now I will speak about um perhaps Russia since uh Luca so pointed out the situation in in in in in Russian Federation is on AI and data protection is the following some of the legislation on data protection is about 20 to 30 years old it has been updated and reupdated protection legislation U I believe it's a federal legislation mon 5 To the latest Amendment came in June 2023 um there quite a number of other uh amendments legislations and and and and federal projects in terms of AI sponsorship uh

investment in education and so on but really what's happening there is that everybody agrees it's s and everybody agrees that it's time to update unify and review so in 2025 just like there's a global digital compact the Russian Federation will be going through the digital compact process There are early drafts where the idea is to really bring all these different strains of um of the legislation together and give people a kind of unified view of what is to expect I will stop here perhaps uh but again um the perhaps before I stop I didn't want

to leave you with an impression that I'm only hypocritical of G20 or the United Nations as a matter of fact the G20 did manage in the past to save our economies to coordinate the global Action uh it needs to continue doing that in the digital space the United Nations is the only Universal organization that is has 19 three countries as member states um and therefore that would be probably the right venue to take the thinking from G20 and many other places and make sure that everybody's part of that process thank you thank you very much

Daniel Al to to to highlight the kind of complexity we Face uh on the one hand The need to do something as quickly as possible but on the other hand the understanding that uh it's very difficult to do things quickly and uh especially uh when people disagree on so many things and there is so much hype around things so it's it is already very difficult to think to do things quickly when people have the same kind of understanding and you base your conversation on evidence it's much harder when people have completely Different understanding or no

understanding at all and the little understanding they have is based on a very inflated statement uh of uh on marketing statement basically on AI all right uh uh on this note of optimism let's move to India to understand what is happening there and how this could uh has impacted the G20 or could impact G2 thank you Luca thank you Daniel for that reality check which is much needed I think and I agree with the problems With the G20 and also the cooptation of uh un processes in AI regulation um having said that we all know

G20 happened in India last year Brazil this year South Africa next year and so this is given all these realities still perhaps a good opportunity for uh a nons Silicon Valley influenced um idea of AI regulation to come up through the G20 um perhaps more more of a global South focused um approach to AI regulation to come up um and it's funny which forums Turn up these approaches sometimes uh so I will talk a little bit more about India as you know India uh pushed the concept of digital public infrastructure last time when it was

hosting G20 uh but I want to talk about data protection today since that's the panel and uh a little bit about the leadup to the data Protection Law that India has uh discussions about it began after there was a judgment uh from the court that said privacy was a fundamental right in India uh there was a report called the justice report that made what I think is a philosophical advance in this field where it um it held the relationship between the collector of the data and the person from whom the data is collected as a

fiduciary relationship and you know that when there is a fiduciary relationship that means there's a duty of care and so the person who or the entity who collects your data uh has to act in your best interest so Uh the person about whom the data is is called the data principle he's not a data subject or a data owner but rather a data principle and so uh the use of personal data is framed as a principal agent problem like uh we call this in economics and I think in law as well um so I think

that using this sort of uh um understanding of the data relationship uh we can uh think of a way to frame um the deployment of artificial intelligence also as a principal agent Problem you can imagine uh thinking of the collection of data to uh replace you in your job and create an employment in the economy in general as a principal agent problem this is not why you agreed to give up your data for uh for an AI model or or even the degradation of services where um you know a model that is inaccurate is deployed

in contexts where accuracy is really important but uh it's cheaper to deploy the model than to hire people who will check for Accuracy and this affects your life in a way that you did not imagine when you gave up your data for this purpose or uh markets end up being cons Consolidated or if you're in the financial sector there's predatory lending that happens using your own data with the use of AI models that use your own data and uh so this idea of a principal agent problem can be useful uh for jurist Prudence in AI

regulation I do however worry about uh you know it may not always be a good Idea to bring all these determinations of political economy issues under the Judiciary and under the interpretation of uh a law but uh you know and also under the topic of personal data because a lot of these political economy problems are not necessarily about personal data they're just about how products are deployed and who gets a say in how products are deployed so it doesn't always have to be the person whose data is used it can just be P the Person

on whom the product is deployed but I think that even so understanding this as a fiduciary relationship um brings a sort of stop Gap it's a good stop Gap arrangement in law and it stops the kind of freefor all that is occurring today with the development of AI models because even basic data protection even data protection that uses different concepts of the relationship of data uh I think is today being underutilized uh in the Regulation of AI and if data protection as it exist today was utilized to its full extent you would probably not see

the kind of AI development that you see uh today um that's one thing one part is personal data but India's also had Innovations in thinking about non personal data so even the framing of the concept of non-personal data uh the regulation of e-commerce platforms uh in terms of thinking of non-personal data uh the concept of digital public Infrastructure itself which relies on the existence of some kind of non-personal data in certain cases uh have all been Innovations from India one thing is that these Innovations have Arisen in a context where the IND Indian government has

been trying to keep um the influence of foreign Capital at Bay in a certain way so large foreign Capital uh large monopolists like Amazon or uh Google um but it is also the case that this response has been motivated by Very limited and almost oligarchic concerns in terms of trying to protect large capital or some elements of large Capital within India so it's a f between large domestic capital and large International Capital um but uh what G20 can do or you know like-minded countries at G20 can do is take this concept of using public protocols

uh on top of which the private sector can build products as an antim monopolistic concept that can be deployed in various Countries using different sort of sorts of uh coalitions of people who are interested in uh in the in anti-monopoly or in antitrust so I think that the idea the framing of non-personal data as something that the state can govern and can make rules around is uh is an important framing uh because it shows you that this is an area where also rights are implicated it may not always be the right to individual privacy but

there are rights that are implicated Within the creation of non-personal data as well so for instance there's a right to group privacy and there's uh economic rights that um are implicated and uh with the creation of large AI models I think these rights become even more important uh am I running out of time one minute okay so I just want to highlight um there is a response from Farmers organizations in India to the creation of Agri stack which is supposed to be a digital public infrastructure For agriculture where they where they talk about the protection

of their own economic interests that they are scared for with the creation of of this infrastructure and the use of their own data both personal and non-personal so I think the intersection between economic rights and data rights is the big innovation that India can bring to this conversation and that the G20 ought to take seriously because all kinds of new technologies that enter our uh lexicon Or our environment should be open to negotiation in the way that they develop thank you all right before we pass the floor uh to uh China uh let's try to

start to highlight some macr Trends because I think that is also the purpose of the of the worship so we have seen that there is uh willingness uh in all countries in all examples we have analyzed to regulate somehow something already exists in all the three countries we Have seen that there is already data protection regulation to some extent applies to AI of course most of AI uh is uh well most of the of the resource used by AI is personal data although you can have also nonpersonal data uh we have attempts to regulate AI

but we still don't know how in Brazil uh and again most of it it may be driven by political uh willingness to show off that you are doing something but not necessarily doing something uh we have an Interesting Trend in Russia to uh take advantage of the confusion that is uh that exists in normative terms to try to centralize it uh it may be a choice to streamline things it may be a choice to control things we will see uh interesting the the the Indian example of because many people out of India think about India

as the lead the leader in digital public infrastructure but then when we scratch the surface we also need that at the end of the day uh to do Things although there is a lot of digital public infrastructure going on it's then it boil down to the choice between foreign versus Venture Capital versus uh domestic uh Venture Capital so it's again it may be highly concentrated nothing against Venture Venture Capital per se but it they may be very very concentrated and the choice that proposed the solution that are proposed may not be uh necessarily Solutions right

so let's see how China is uh uh Dealing with this with uh iang my please iang the floor is yours thank you so much luuka uh for this opportunity um and thanks for coming today well uh what I wanted to see is uh kind of um well generally speaking the Chinese government is pursuing a developmental agenda with the data protection uh so actually um the Chinese government is kind of under a draw pressure uh well I tend to uh use 2019 as the division line in my Publications Uh well actually uh before 2019 uh um

China actually does as the United States uh uh in the sense that the government uh use a property uh based approach uh to regulating uh the data so the uh personal data and the non-personal data are actually uh mainly uh controlled uh and regulated by the uh um by the firms actually and then um so from 20 uh 15 uh all uh the Chinese government has uh progressively built a relatively mature uh data strategy uh in 2015 there is Already the national uh Big Data uh strategy uh and then uh at that moment uh the

priority is really to uh unleash the economic potential of the data for boosting the economic upscaling and then there is the very famous um made in China 2025 uh strategy uh so actually this is also a very uh ambitious uh strategy uh uh trying to change China into a global manufacturing Power by 2025 and this is a politically very uh sensitive strategy uh to such a point That today uh Chinese Academia and the industry alike uh are uh kind of not allowed to publicly talk about this strategy because um it's a bit sensitive and then

the most recent um data regulation role is um released this year uh in March uh is kind of about the data um circulation under the treade uh places in China so actually the the regulation is uh the data governance is um it depends on whether it is the personal data or nonpersonal data uh so Actually if it is the uh personal data uh so the production uh the production and the pro uh processing of all the uh personal data uh should be uh stored within the physical infrastructure uh in ch uh inside the country and

then if the personal data of a Chinese people is uh processed outside China then this company should have a representation uh on the Chinese territory um and then on the Non-personal data uh there are two types of non uh personal data so depending on whether the Chinese uh cyber space or the administration of China defines it as uh important or not important uh then they will go through the security assessment uh non um I I know that it's a bit uh it's a bit complicated non important data can uh circulate outside China freely but if

it is important data uh it must go through the security assessment before uh being exported Outside of the country uh so this is the latest uh regulatory changes so what I want to uh share uh what I wanted to see today uh is actually uh the big uh Power um competition so the big power game uh between China the EU and the USA actually uh the way uh in which so the the the the data governances approaches of China is profoundly uh influenced by the EU and the USA so the way they are going to

deal with the data uh so for Instance there is the uh Federal data strategy of the USA in 2019 uh which actually uh kind of um changes uh the American data governance uh approach to more uh centralization and also the EU 2020 uh data strategy U maybe Tom can tell more uh so this is also kind of um strategy uh towards more centralization uh so the Chinese uh the the Chinese data regulation systems uh actually goes in parallel uh with the Data governance system uh in in EU and in China so what I want to

see is that um um the the the Chinese government is trying to produce what we call uh the Beijing effect uh so in parallel to the Russel effect and the evidence on the ground has shown that actually in a similar way uh as the uh the EU so the CH the China is also kind of trying to become um a kind of a a regulatory power uh for the data governance uh today there is kind of um an increasing number Of jurisdictions who are uh imitating uh the way uh in which the China is doing

uh the data uh governance so um well uh for the future um I think that um so the China is known for uh Champion uh for upholding the Cyber sovereignty um uh um Doctrine uh or in the uh in the digital area there is also maybe the data sovereignty the AI sovereignty uh things like that so um for the EU and the USA is the same thing I think the the emphasis on the Sovereignty thing is a driver for uh fracturing uh the global the transnational data governance uh framework um and also uh in particular

for the inclusion of the extra territorial effects uh in the data governance rules uh this kind of uh very easily to produce the uh conflicts uh between different jurisdictions so what I hope for the Brazilian uh uh presidency for the G20 uh to do maybe is to try to kind of um to initiate uh a Soft law approach for the transnational uh data governance and then to reduce uh the the FRA the risks of the fracturation the fragmentation uh for the uh transnational uh data governance uh that's all thank you very much thank you very

much I found to bringing into the debate also this developmental approach that China has and that indeed actually when we look at how many government are positionings in terms of data policy is uh contaminating A lot of thinking outside outside outside China and I think that uh again I think that is a very interesting Movement we are studying this uh the the the the Beijing effect you are describing is not as uh well uh sponsored and there is not such a good PR as the Brussels effect but it is indeed uh taking place either because

of other country are copying it or taking inspiration or because also part of the Beijing effect is also being driven by Investments like through the the digital Silk Road or this kind of uh more assertive again economic uh developmental policy of China uh before we get into the U let me give the floor to our friend uh C Sile uh kamt that I forgot to present sorry uh C I I I hope you will apologize uh if I forgot to to to introduce you before so CES Niles he he's not only a very good friend

SE he's not only a very good partner of our uh cyber bricks project He is professor at Nelson Mandela University and uh he was the former uh one of the former uh directors of the information Regulators of South Africa so C thank you very much for being with us again today and please the floor is yours thank you uh Prof belly thank you to everyone listening in Rio I was hoping to be there this year but unfortunately this year didn't work out hopefully next year again um I wanted to do a a slightly longer presentation

and Then I got the email from Luca saying please please please focus on updates strictly updates so I'm I'm going to touch on on the updates that have happened in South Africa so I first of all I want to make the point that that South Africa does not necessarily have ai legislation in place um and that we are still in a process of formulating AI legislation to that extent the the common law as it applies um has been Used to basically deal with various aspects of AI be it aspects of data protection copyright uh or

other aspects relating to AI pertaining to data protection we've we we've had recently uh a spade of cases last year uh when I was there in Rio only the parka decision and the ALU decision had been decided where both an attorney relied on AI um as well as a presiding officer relied on AI and they got into hot water we do however now have the new decision of Makunga versus Indigo uh trading as spur and in this particular case a self representing litigant in other words this was a gentleman who did not have a lawyer

he drafted heads of arguments and successfully defended himself uh using and relying on the assistance of Google as well as other AI uh based Technologies and the court said look um he has not done anything wrong as long as the sources are correct the court Also said that you know maybe we as lawyers and judicial officers we must watch out for AI as one day it may replace our employment now uh earlier on in this year five of April 2024 our department of communications and digital Technologies in South Africa um developed what they call the

artificial intelligence planning discussion document uh um you will see um I've I've said The Good the Bad and The Ugly so this is a document that has had a lot of criticism from uh a lot of stakeholders as well as legal experts uh let's let's start with the good the good that is that finally there is some form of document or national policy or strategy towards developing a a WI paper on AI it also proposes the creation of a specific AI expert group that will also advise government in particular the department of communications and digital

Technologies uh um on aspects of AI they Have also given themselves the target to develop uh uh and Implement regulatory approaches to AI uh from 2025 to 2017 you will see later on in my critique I will be saying but this is too short to be developing any legal framework um then obviously as well um there is going to be legal certainty regarding AI in terms of this plan um and also uh talks about government pumping in the necessary resources in developing AI as well as E-government Services furthermore on on on the good um it

it seems to be making reference to data sovereignity um in other words the concept of data sovereignity in the context of AI has also been uh placed there as as an important factor and I think what is also very very important is the ethical considerations uh regarding the use of robotic and autonomous devices social Risk um as well as the um you know the consequences of using AI models um and them being used for criminality and Military purposes that is the good let's talk about the Bad and the Ugly and and I'm going to try

and keep this short Bad and the Ugly is that this discussion document is 53 Pages it was published as a draft uh but it was published in its form and a lot of our commentators here in South Africa like Pierce say look this document shouldn't have been published in this form more attention should have been made in terms of the deliverables uh in this document who will be responsible for what um a lot of heavy jargon is used in other words the plain legal language principle has also been completely ignored and it also seems as

if um bits and pieces of AI strategies from all countries around the world has just been Mosaic together furthermore um the what we call the AI intelligence Institute that was set up as early as 2022 it really hasn't done much and if one looks at this policy document it really focuses around the artificial intelligence Institute to assist with with you know drafting policy uh as well as assisting in creating a regulatory framework um as I said earlier on um I doubt one can draft an AI legislation in 12 months taking The EU years it's taking

America years it's taking Brazil years as well so I don't think that it is a um a realistic objective to say that this piece of legislation um will be done within 12 months briefly on the African continent um um as as we are talking G20 G20 being South Africa as well as the Au um I'm adding on the previous comments as to who or what is the G20 the the Au has also come up with a digital strategy for for Africa with regards to AI governance Uh that is something that we should have a look

at that is developing very quickly in in South Africa and in Africa as a whole um as well as the work that has been done by out nead together with the Au to like I said develop a African strategy now last but not least data protection um I'm not going to talk about data protection we do have a data Protection Law in South Africa theia so I'm not going to talk about that again but it has been a very very big cont ous Point in South Africa in the last couple of months about telemarketing and

whether telemarketing falls under uh the armit of section 69 which basically regulates direct electronic marketing it's been a a big debate about that um another thing that's been happening in South Africa from a compliance perspective is that the regulator has really been going in and using its powers to do assessments uh most of the um National Banks and Renowned banks have been subjected to data protection assessments um as well as the political parties during our elections you may know that we just had elections not too long ago um so in terms of compliance the regulator

really using uh its powers to do assessments last but not least so that I don't exceed the time given to myself um there are some interesting milestones in terms of the enforcement that we've had um in in the last should I say 24 months Right we've had the the creation of certain guidelines there a guideline on security breaches there's a guideline now that's being drafted on Direct marketing that The Regulators been talking about there's a a guideline on political parties as well as direct marketing there as well so there are various guidelines that have been

issued by the regulator and very Mo most importantly as of last year the regulator has started giving fines I'm Not going to go through all of these decisions I will share the slides with uh Prof belly can share them with everyone but what's important is the latest decision of Ft Rams now in this decision of FTR Rams an enforcement notice was issued and it seems as if in terms of telemarketing like I said um it is the regulator's view that telemarketing um does fall within the armit of unsolicited electronic communications however the the critique Uh

around that is that you know the definition of of electronic communication or of electronic form uh most probably does not uh include a telephone call and for that one would have to go to the definition uh section one of the propia and it specifically talks about any text voice sound or image sent over an electronic communications Network and and that's the first part the second part which is stored in a network and then the last Part or in the recipient's terminal equipment so the the critique against the regulator is to say but when you're doing

cold calling and telemarketing you are not necessarily sending a data message it is not being stored it is a telephone call and therefore there's a big contention as to whether direct marketing and telemarketers electronic telemarketers fall within that armit um I would have loved to have said more but that is the update coming from me thank You Prof belly and thank you for everyone to listen thank you very much s for the update from South Africa and then uh now last but of course not least uh our European Friend Thomas uh everyone has been hearing

a lot about the AI act and arguably the U is the region with the most refined uh regulation uh but so I've asked Thomas to tell us to what extent uh there are things uh ele elements from which other countries not Only not necessarily only G20 countries all countries can learn from Europe both in terms of successes and also miserable failures that I'm sure May abound as in any country so please Thomas the floor is yours thank you Luka thank you for the kind invitation I'm very happy to be here as Luca's mentioned I'm coming

from Vienna Austria so you could say we started with sambba and now we end up with vaults and um yeah so what has Europe Gotten right wrong with the eii ACT I think there are certainly things that are very interesting that that show good way of getting biases out of training data having a product safety and risk based approach towards AI I think that is a very helpful approach to enter into this field one thing that I would caution everybody in every piece of European legislation is everything uh winning or failing is decided by enforcement

particularly about such Novel Technologies even more complicated questions come into play like the technical skill of regulators the ability to actually comprehend things that are happening right now their impacts of on on vulnerable parts of society on certain industries there is so much at stake here and um we can see in the DSA now the digal services act that in order to get it right you really need an open and communicative and transparent regulator that is willing to Cooperate and go across borders which is some times a no concept if you come from data protection

world where data protection authorities are often perceiving themselves as silos we know best and not really talkative I think an AI regulator needs to be talkative but there are also very obvious things that I wished would have been in the AI act the biggest of all of course is the question of State surveillance we have nothing in there that could actually Limit the dangers of um facial recognition biometric recognition and many other forms of automated decision making that make law enforcement uh activities particularly dangerous and that's not just going to predictive policing the old style

facial recognition danger is not addressed accordingly in this law um the second big um admission is copyright uh right now we see all around the world that these hot questions are Tossed to the courts and I think that's wrong of course it's um brilliant of the new of times to sue open Ai and we have now also the record industry doing that but I would like to live in a world where it's not just very powerful actors with Deep Pockets that can afford to get their right or being paid off like the Atlantic like if

you can either make a deal and get paid or you Sue there are many people that will be left outside of either option and I don't think that This is fair and this is not really asking the real questions like if we follow the trajectory of copyright law it is very very obvious who will win it will be the labels it will be Spotify it will be Hollywood remember the actor strike those that already have the usage rights of certain data and that can make a case about this falling under um copyright exceptions under fair

use exceptions then suddenly having a whole separate catalog that they have created Via Ai and can claim that this is um their right to license and use uh that would certainly be a world in which the current trajectory of copyright is extended with the artists the creators being disenfranchised but the aggregators The Gatekeepers being further empowered and the trench them that is something where the legislators need to act and I think that is a global problem and lastly the whole question of like which business models maybe we Should really Outlaw and ban thinking about non-consensual

nudity thinking about the use of ai ai agents in particular uh for Crime for ransomware for spyware for many things where we could I think as a world agree that we really don't want to have it and something like that maybe there's now still a time to do it and I feel like this window is closing um stepping a little bit back also reflecting on the fact that uh we We are quite an international audience here I feel that um it's time for old jokes in my community there is this joke that we told ourselves

um over a decade ago our job is to explain the internet to politicians um because they don't understand it was the subtext I think that joke is no longer fun and it's no longer true now everybody has an understanding of the internet we have quite competing Visions actually that on An international stage we have to fight about um Luca and me know each other from the fight for net neutrality there are now vastly different concepts out there if you look for China and U IP and these are concrete proposals that are put to the table

they Merit a discussion um I find myself caught up in the digital public infrastructure debate around digital identity systems and atar in India and uh go. VR here in Brazil and I'm also have the privilege of being In the um DPI safeguards um project of the United Nations heading the governance working group our job there is to create Universal safeguards for digital public infrastructure it's a horribly difficult task and it turns out that suddenly having millions and billions of people into a digital system without any redress any privacy safeguards or any real thought about what

this would do to the people that already uh live in a Country that might not have access might not have digital or legal literacy to even use these systems safely these are secondary concerns and they will fall on our head and we are not even talking about making these systems interoperable these are the operating systems of our modern societies we have the technology first and the legal framework the human rights assessment indicators the competency to actually Roll this out safely those are Afters that's the wrong way around so right now the trajectory of digital public

infrastructure is this becoming a tool of Oppression and it is a very dangerous trajectory to find ourselves um and I I was intrigued when hearing that the Chinese approach to personal data is that this is dual use and you have to distinguish between the the the important and the non-important um this reminds me of the Old joke data personal data or data in general is the new oil it is not it's is the new CO2 if you have too much of it about a certain population you have very dangerous microscopic trends that suddenly materialize and

the one solution is an old one data minimization privacy by Design and by default we know these things like climate mitigation and how to save the Planet we would have the technology we would just need the political decision to act on it and the benefit of building these systems safe meaning privacy respecting is similar to the building we are in right now fire codes are costly they increase the time to build a house but it makes the whole thing much more livable safe for people and if you have to do it Afterwards it is even

more expensive so it's a design based consideration and maybe to close um recent memory gives us a great lens through which we could look at current challenges we just had a pandemic and this pandemic I I remember telling my team in March 2020 Lean Back digital issues will be no longer important other things are primary now we can work on our backlog the opposite Was true of course we never had such uh hard time as digital rights activists working on things because suddenly everything was digital and if we look around the world we see so

vastly different approaches to the same problem um we we have in some areas and regions of the world simply the repurposing of existing anti-terrorism legislations agencies and Technologies to fight the spread of the virus metadata facial recognition CCTV um any type of tracking people became a way to track the virus spread that of course has a huge privacy cost to it and in other areas we have brilliant privacy preserving technology were created uh like dp3 and these are means by which we can actually achieve the same thing without the negative privacy cost so these things

are possible the QR codes that we all use to prove that we are vaccinated or recovered or Um have been tested recently those were also made based on a privacy friendly standard and then could become a un standard so these things are possible and it's certainly worth spending that extra brain power in order to create systems that given there we are right now globally speaking are bad weather systems that can even protect us if elections or regimes go the out of thank You thank you very much Tom for bringing all these very interesting elements into

the discussion I think that one a couple of things that I really want to stress before we open for questions uh first the fact that so we focus a lot a lot of efforts into crafting the the legislation or the regulation but then uh we forget that the most important part is implementation so we might have wonderful debates that take here here in Brazil or somewhere else and take a long A lot of inspiration from product safety and risk mitigation uh and risk management in the UI act but then if you don't implement it you

you can check the box on on on the surface there's a facade where you look like the EU but then in practice is very different and secondly something that we are again uh working a lot in our cyber bricks project in the different ways of regulating uh considering not China with through investment Uh and and also I mean dpis themselves are a tool of Regulation so the it's really what Le was writing 20 years ago about Cod is law it's really you have really a practical implementation of how you regulate an entire Society entire country

through technology what they could do behaviors they can engage on how they can transact amongst each other through codes through software so that is also something that one has to think about and what you were mentioning that Cannot be an afterthought the kind of values that are baked into it uh because is not neutral there will be some values baked into it and if you don't think about it before you then have to try to solve the problem that you have grade right uh so uh there are there is a lot of very interesting thoughts

to to to for the discussion here I'm pretty sure there will be questions I already see a hand so I have a question okay so we have two questions one from the panel And so let's do this let's let's start with a question from the audience and then your question and then if anyone else has other questions you can raise your hand we can take two or three and then have another round of questions in next 20 25 minutes look I had actually something to add to what uh what Z had said um I think

one of the things that we should remember is that the Indian data protection Regulation uh was born out of a conflict where the state didn't with the Indian government didn't want the fundamental right to privacy and in the report that followed which he also referenced the SRI Krishna report there was an attempt to strike a balance between economic growth uh and therefore the growth of the digital economy and privacy uh and and data protection right and the non-personal data framework that We're talking about uh I'm glad that you mentioned group privacy because that didn't come

up in the conversations around that time there was no concept of privacy in the nonperson data uh conversation at this point in time in India uh at least over the last 6 months uh to 8 months there have only been conversations around liability with respect to AI there have been no conversations around personal data protection and Ai and I think it's Important to remember in this context that the data Protection Law which passed last year in India actually excludes publicly available personal data from the Ambit of data protection and therefore we treat that data Protection

Law as not a data Protection Law uh it means that clear view AI which has lost the case in the in the US around scraping data of Facebook and social networks to train AI will have a free run in India so it's almost as if and when we've talked about the non-personal data aspect the focus on data trusts in that context in India was about how do we make more data available and this bleeds into the discussion that we're having about digital public infrastructure because uh the primary approach to digital public infrastructure has been to

make consent so easy and so Seamless that people don't even realize they given consent and there are account aggregators that are set as another form of digital public infrastructure structure which can take data from multiple account accounts that we have uh and they can aggregate them and there is no regulation preventing the misuse of that data or even the sale of that data to third parties so the entire focus in India is not around data protection but enabling access to Personal data whether it is in the public domain through no restrictions in the data Protection

Law or through uh in the private uh process through consent managers which allow the extraction of data at scale uh and all of this is rooted in enabling the training of AI so philosophically there is no scope there is no focus on enabling data protection in AI in India so thank you very much as this was more a comment than a question I will comment on it because there are actually read two points that are very interesting uh well one probably because uh the the digital person protection act of India is one of the most

recent data protection laws it is interesting to see that actually the choice that maybe not many people noticed around the world was precisely to include as a uh legal ground for processing the fact that personal data are uh published online Which basically is green light for scraping and training models so very successful lobbing from Tech Enterprises in India a good friend of us that now is a very prominent uh lobes in in in an Indian in well in an American uh tech company in India was telling us that it was an excellent law and I

was telling him yes of course because you can do what what whatever you want with the data but it's not necessarily excellent for the data subject and then another Very important point that actually the the right to privacy in India was created precisely because because of a failure of a digital public infrastructure Adar uh which was questioned by Justice bwami that won the case and created the privac the right to privacy in 2017 precisely because the of the misuse of the DPI so I think that when we speak about DPI they are very interesting tool

but we always have to take this with a grain of salt because It's not always a Rosy picture we need to be a little bit more critical your question thank you Luca so International Ally speaking there is already a consensus in my view on ethical principles and in AI data protection H and in this sense I love the the expression of the Silicon non silicon Valor that G20 presidencies in recent years can leave as a legacy uh because I believe that now what we need is to understand how to apply the principles In National context

and how to balance Innovation and stimulation local innovation create infrastructure do you guys uh agree that now it's time to understand how to put in practice all those principles and uh a a little H second question in Brazil after years of discussion like four years there is a certain consensus in all sectors that we need to regulate AI H they accepted the regulation but my impression is that especially in countries in the global South the big Tech Market is against and kind of any kind of Regulation uh everyone else accepted to be regulation which increased

the challenge because they confuse this this discussion of regulating AI with uh uh freedom of expression Etc so my qu my second question is how to De colonize or how you guys are facing and if you are facing this same problem with big TX fantastic question do we have any other questions from the audience Otherwise we can yes two question let's say this let's take these two questions and then we can have a quick round of answers yeah I just have a quick and simple question from from China I was in China last week or

the week before in Shanghai and I visited there's a special trade free trade zone lingang uh that's a city that is being built or that is that is built next to Shanghai there was a there was a data Port that was built there and uh we had a discussion about The uh liberalizing some of the Chinese uh data governance rules or uh or the privacy rules that are in place so I just want to understand a bit more about how those free trade zones and there I was told that there are few around China um

how they are structured and how is the data regulation applied differently to to those zones uh than to Mainland China thank you right let's take also the last question and then we can have quick uh can may just ask you yeah but We need to have it for for the video recording and for our online participant hi everyone thank you so much for these uh relevant uh perspectives from our big uh bricks representatives and I'd like to take all of this into consideration and dive deeper into our discussions in the G20 as I understand the

G20 they function differently from other forums right they have like these two tracks uh there there's the shpass track and the finance track and within Niche They have all these working groups and I would like to know if you can expand a bit more on how these topics of data and AI are being discussed Within These two Tres thank you all right we have several interesting questions who wants to go first uh thank you so much uh I will try to uh answer the your question um yeah I hope that whether you like shangai after

your travel there uh yeah well um I think that it's it's indeed a very Crucial uh observation uh you made here about the differentiated implementation thing uh for the data uh governance in China uh actually um so the in the regulation studies um in the regulation studies actually so uh the China uh Japan so the Asian countries belong to a group of countries uh which Implement what we called a static regulation so the static regulation means that what within the state the regulated firms are not treated in the same way so the Priority is not

to uh is not to kind of to promote the free competition but the competition is or case treaty uh so organized competition meaning that the state uh picks up the priority firms the priority sectors to support so in the data uh in the data protection uh is the same thing actually uh so which you have very uh per observed there so meaning that were uh in the case for shangai for shenen for uh Beijing uh um actually so these uh areas belong to kind of the uh The free economic zones meaning that the level of

liberalization is higher than for instance than the England China uh so therefore they have a kind of a um so the local governments are allowed uh to kind of to make more liberal policy uh so to attract more Investments so this is a kind of um the the kind of uh the differentiation uh in the implementation uh for the data governance um yeah thank you Sly I cannot answer this specific About the T20 process but I would I'm curious to hear the answer maybe someone else can take that one I I would like to come

back to your question on the the values in general and I feel that we have with the for mentioned Global digital compact a great example of almost like a wara text everybody can read everything into that but it doesn't give you real guidance it doesn't give you real Answers and I would say that this is by Design uh because these are hard questions that will be winners and losers and we're talking a lot of money here and decisions that decide about about the characteristic the freedom of the societies we will live in ultimately it's it's

look I mentioned uh Cod is law yeah in in a way um this is on steroids um because the way in which not just your um security system your police will work But also your education your welfare system um your your your elections if you're having uh certainly your media distribution the information diet that people have all of that and I would say that we need to be much more inspirational and concrete and we also need to be mindful about the opportunities in business and those are very obvious at this point this is not a

theoretical debate anymore we have flesh to the step there are um real victims And there are real perpetrators and I would say that uh uh forward-looking regulations needs to address both it needs to hold people into account for the business model and it also needs to provide protections for um vulnerable people I mean just to to to to end with a water cooler story it's like um look and me we go so long back that we have friends who switched sides and are now working for big companies and and one of my former friends now

is in The Policy Department of meta and their water cooler talk is the policy team of meta the water cooler talk really is like let's not have another Myanmar like that's the bar in an office chitchat if we can avoid it let's not have another genocide I consider them still my friends they are not former friends they just have a different employee with regard to the G20 uh question that is a really very uh Administrative question about G20 so I'm not sure that every anyone here is very much if you want to if you want

to yeah what I can say about isadora's question is the experience of participating in the Task Force 5 ER task force Task Force 5 focuses in h its efforts on developing uh recommendations to leverage digital Innovation to advance the H sustainable development goals of the 20 agenda while ensuring inclusivity and ethical Considerations so after four months we had a lots of discussions and re and we receive also uh contributions of many think tanks H all over the world that H ER discussed about H digital inclusive and and ethical challenges of technology and uh we published

last week the statement uh with with the conclusions of these H contributions that we received just just also to to to make sure that we all have the same kind of expectations one also have to remind That G20 is is a club governance uh system where uh no binding uh regulation is elaborated it's more about understanding which are the priority aligning them and trying to share good practices so uh it's a little bit like the brick if you want actually the bricks has been molded on the g s or G8 at the time and then

the G20 has been built to include also the bricks in the G7 and G8 so in G8 so it's it's a little it's very much about Club governance a Group of friends that meet once per year and discuss things and makes de declarations so to be very Frank that is not something that changes the world and not no no single issue has been changed over the past 20 years right radically because of a G20 declaration but is a very interesting Forum to discuss things so to try to advance Mutual understanding and share ideas I see

that there is another question or comment here yes um and just to Echo you look And I'll follow with the question um the G20 it's not a forum to actually uh improve in terms of like Concrete Solutions it's it's much more a form for to shaping IDE ideas and to shaping an agenda that let's face it it's very polarized right now around the world so having more spaces where we bring different stakeholders as well and I I'd have to give credit for the presidencies of India but also Brazil in terms of engaging think tanks and

Academia and Civil Society in this conversation that often is very hard to to take place in in the UN level as well in terms of uh the dynamicism right there's much more flexibility in terms of process that the presidency can bring the different presidencies can bring uh and give their own flavor and then my question would be to our South African colleague Who's online uh given that this is a panel around the G20 and and data and and AI how is this been shaping Uh in the preparation for the presidency of South Africa and and

how are um Academia and Civil Society organizing themselves to to include within that agenda well a priority and I see that this is an opportunity not only to shape a conversation globally as we said with IND the G20 and and bring other uh countries on board in terms of the narrative the Indians have done that very well within their their DPI agenda they've been very successful and very Influential as well in the global level but also in terms of domestic agendas right uh how does this can also help Foster and advance a conversation that often

nationally becomes a bit um you know auxiliary or secondary uh uh in other topics so the G20 it's that opportunity as well for countries to align their National agendas that let's face it within digital uh agendas is usually very fragmented there's a lot of competition between different Ministries And agencies that want to Champion certain topics and the G20 is that place of negotiation for national agend gas as well so uh it's a two-part question but uh but hoping to that you can shed some light in terms of how you see South Africa starting to get

organized to to yeah um of now going to that role of uh of the presidency of the G20 C are you still with us yes I am can I can I answer that fantastic thank you Um yes I I like the question because it's it's a very relevant question so with with this year H having been a election year I can tell you with almost 100% certainty that our our drafters of our laws have not been busy drafting laws at the moment they've been busy with politics and trying to get voters but I can I

can tell you though that um with with any International event that happens in South Africa be it uh the bricks event uh last year or now the G20 Event um Civil Society is very strong Civil Society is very strong in in um advising government and assisting our government in in shaping policies um as well as drafting legislations that are in line with um International best practice our constitution actually requires that so um it may be quiet at the moment I think once the the parliamentarians settle in and and our ministers settle into their jobs I

think in the next month or two we will start Seeing um a lot of movement towards the president of South Africa of the G20 as well as shaping like I said policy towards um International best practice and the discussions that are taking place around the globe I I hope that answer answers you thank you very much C and I I think also you bring into the the discussion a very important element which is political stability uh and I think that is something very evident when we Analyze last year G 20 declaration where uh India uh

sees the occasion to shine and to to to show to the world what they have been working for 10 years basically uh and to and then to successfully then Lobby for this around the world so this morning where we were hearing from secretary Lana huni this in in the Brazilian uh uh digital government strategy there is mention to digital public infrastructure which was a concept to Unheard of in Brazil until the G20 Declaration of last year so I think that one again non none of the G20 declarations is binding but they can be very influential

and and I think that one has lower uh his or her expectation with regard to what the direct impact of it can be uh it is not the Declaration of the G20 that will tell us uh which kind of risk of AI have to be regulated and how but uh it can successfully introduce ideas and share ideas and is a Very good diplomatic Vue to share ideas and to try to build things and I think that has a a huge values in in in diplomatic term and I think we can witness this however to be

successful in promoting ideas one has to have a plan as everything in life and consistency and what C was bringing into the discussion the fact that South Africa just had recent elections and the government now will change that brings uh this this this disrupts consistency And coherence in policies and politics so uh and that is also a reason why we see now maybe the current Brazilian presidency not an exemp a shining example of organization not because people are not in good fate or not uh working like hell because they are honestly uh many of us

know a lot of people in the Brazilian government really are working extremely hard uh and they are many of them are extremely competent but they have they are a new Government I mean in some in some Ministries I mean the secretaries are still going to be I mean are still appointed in the in the next in the past months so it's very difficult to have to construct an international agenda when you don't have uh yet a a consistent internal one right and that is why some countries like I mean when we analyze the bricks countri

that is all this frequently an issue of discussion I mean uh India it's not it's not a mystery That India Russia China managed to have enormous digital transformation over the past two decades because the government is always the same so it's it helps uh now it presents a lot of other problems but in terms of having a vision and implementing it is much easier right uh do we have any final remarks otherwise being we started with 10 minutes of delay we are 10 minutes late so I think we can call it a day do we

have any final Illuminating mark question comment Nope fantastic so let me thank very much our distinguished panelists and our online panelists and all our participants here for the excellent comments and questions and there is still a A bash of of of sessions after the the coffee and there is coffee now thank you very much