By Esther Shainblum and Martin U. Wissmath

A new statement from the G7 Data Protection and Privacy Authorities sets out coordinated expectations for embedding privacy into the design and deployment of digital technologies, with a particular emphasis on safeguarding children’s personal data. The statement, “Promoting Responsible Innovation and Protecting Children by Prioritizing Privacy,” was adopted on June 19, 2025, at the G7 Data Protection and Privacy Authorities’ (the “G7 DPA”) annual Roundtable, hosted in Ottawa by the Office of the Privacy Commissioner of Canada.

The Statement affirms that privacy is not only a matter of legal compliance but a foundational element of responsible innovation. It encourages organizations to adopt privacy-by-design approaches throughout the lifecycle of new technologies, including data minimization, deployment of technical safeguards, facilitation of individual rights, and continuous risk assessment and mitigation.

In addressing the digital experiences of children, the Statement highlights their particular susceptibility to harm in online environments and calls for protective measures that reflect their evolving capacities. It references the Recommendation of the Council on Children in the Digital Environment adopted by the Organisation for Economic Co-operation and Development, and the Convention on the Rights of the Child adopted by the United Nations General Assembly. These instruments are cited in support of requiring that the best interests of the child be a primary consideration in technological design and deployment decisions.

Recommended practices include limiting or disabling tracking for users identified as children, providing privacy communications in age-appropriate formats, avoiding manipulative interface design, and obtaining verifiable parental consent where appropriate. The Statement also addresses the role of age assurance technologies, which should be used only when necessary and proportionate, and designed in compliance with data protection principles.

Although the Statement is non-binding, it reflects a convergence of regulatory expectations that may influence domestic policy and enforcement activity. Charities and not-for-profit corporations in Canada that offer digital services, especially those directed at or accessible to children, should review existing privacy practices and consider alignment with these emerging standards.

​Read the June 2025 Charity & NFP Law Update