Between July and September 2024, we’ve been observing and engaging with regulators, policymakers, international organisations and relevant stakeholders on the interplay between data privacy and AI across the globe. There are commonalities, complementarities, and divergences in legislative, policy, and regulatory approaches. Owing to the latter, we’ve divided this policy spotlight into two parts. Part one covers macro-level regional updates in Asia-Pacific (APAC), Europe, and Latin America (LATAM). Part two will cover macro-regional updates in Sub-Saharan Africa (SSA), Middle East and North Africa (MENA), Central Asia and China, and emerging themes to consider across the mobile ecosystem.
APAC – leading through hybridity
Some ASEAN member states, India and Pakistan have been progressing in their AI national strategies, policies and frameworks. Singapore adopts non-binding principles for ethical AI, combined with business-friendly measures, including developing regulatory sandboxes, encouraging investment in innovation and business and building infrastructure and skills. As we write, some countries in APAC have reformed and amended their data privacy legislation to partly replicate the EU GDPR requirements and, to a certain extent, partly replicate New Zealand’s, Australia’s, and Japan’s best practices.
There’s ongoing alignment between telecommunications regulators, data protection authorities and sector-specific regulators that administer and enforce digital governance. In the context of cross-border data flows, ASEAN has published a voluntary ASEAN model of contractual clauses that could be incorporated in data transfer agreements (depending on the context, purpose, and contractual relationship). The recent ASEAN guide on AI Governance and Ethics reflects promising progress to accelerating potential alignment between data privacy, cybersecurity and AI, within the lens of digital integrity and inclusivity.
Europe – regulating and regulating
The EU AI Act was passed earlier this year and will come into effect by early 2025. The risk-based approach applied by the EU might partly or minimally influence APAC, LATAM and SSA regions’ present and future AI policy and regulatory landscape. Whilst many countries are still in the initial stages of thinking about AI governance, regional organisations such as ASEAN, CIS, and the African Union published governance guidance and frameworks for their member states to advance interoperability.
International organisations are also developing their AI governance approaches – the Council of Europe Framework Convention on Artificial Intelligence and Human Rights, Democracy and the Rule of Law was signed in September, and whilst it is a non-binding treaty, it creates a shared understanding of ethical AI for those countries who sign it. The G7 Hiroshima AI process and the Seoul AI Safety Summit both brought policymakers and industry together to set standards for the development and use of responsible AI. We observed an increasingly fragmented AI policy landscape globally, with countries taking very different approaches but also at very different stages of developing an AI governance strategy.
LATAM is catching up
In LATAM, data privacy legislative progress is ongoing, although regulatory debates remain prevalent. In Brazil, the regulation on data transfer (in Portuguese) has been published by the National Data Protection Authority. AI has gained significant traction as several countries are striving to lead discussions at regional and global levels. Brazil’s telecommunications regulator, Anatel, launched an AI public consultation, and the federal government announced a USD 300 million investment for national AI strategy 2024-2028. We learned that the bills of law in the Brazilian Congress proposed principles related to ethical AI use and development, transparency, accountability, and non-discrimination, AI decision-making processes disclosure and risk mitigation.
In the “Ministerial Summit for AI”, hosted by Colombia’s Ministry of ICT, 22 regional ministers participated, and some countries signed a declaration on AI governance, ecosystem development, and the promotion of education in AI. This declaration focuses on three pillars: unleashing ecosystems, education and training, ethics, and responsible AI. In Argentina, there are ongoing efforts to legislate AI with inclusive public-private consultation and collaboration to frame effective policy by embedding innovative and ethical considerations.
Read part two of the blog focusing on SSA, MENA, Central Asia and China.
With thanks to the GSMA contributors to this article:
- Natasha Nayak, Senior Policy Manager, APAC
- Elizabeth Wiltshire, AI Policy Senior Manager
- Larissa Gontijo Jales, Policy and Regulatory Manager, LATAM
- Felipe Fitzsimons, Policy Manager, LATAM