Nordic DPAs join forces on AI and children’s data protection

The Nordic countries have adopted a joint declaration on measures to deepen cooperation between the authorities.

The Nordic data protection authorities (DPAs) in Denmark, the Faroe Islands, Finland, Iceland, Norway, Sweden and Åland have come to a new agreement to join forces on children’s data protection in gaming, Al, and administrative fines. The decision was made during this year’s Nordic Meetings, which have been held since 1988.

In the new declaration, the DPAs state they will work together on:

  • Children’s rights; where authorities have adopted joint principles on children and online gaming, and how children’s rights should be safeguarded by game developers. The principles will be published later.
  • The EU’s digital package; The 2022 Helsinki Declaration, which recognizes the overlap between EU GDPR and the EU’s digital package, “underlines the importance of avoiding unwanted fragmentation of supervision, and points to the need to ensure the consistent enforcement of the said legislations.” With added resources, the DPAs can provide practical guidance to help innovation and avoid legal uncertainty.
  • Artificial intelligence: With AI processing personal data, the countries will need to comply with the EU Al Act and with EU GDPR.
  • Administrative fines: To set a strong standards of data protection and good governance, so the DPAs can issue fines against public sector bodies. Today, the authorities in Finland, Åland and the Faroe Islands don’t have the same powers as the rest, which they wish to expand via this agreement.

“The Nordic data supervisory authorities share the same values ​​and face the same challenges. We will therefore continue the close collaboration and strengthen it in the future as well,” said director Line Coll of the Norwegian Data Protection Authority. 

Regulatory sandboxes

With this agreement, the DPAs say that the Nordic governments should thoroughly assess the resource needs of authorities. “With the proper resources, DPAs can provide operational guidance on Al and assist in avoiding harm from legislative uncertainty,” the declaration said.

They will also be able to take part in regulatory sandboxes as market surveillance authorities. “Ensuring that DPAs have sufficient resources to carry out these tasks is essential,” the declaration stated.

The DPAs also say that it’s important for all the participating governments to review if current national legislation provides for and supports responsible AI training development – in particular to ensure it processes personal data legally.