11-04-2025

Discussions at the Baltic States conference focused on how to maintain a balance between legal regulation and technological advancement

On 3 April in Vilnius, a conference of the Baltic States’ banking sector focused on data protection within the financial sector. The event brought together the heads of data protection authorities from Latvia, Estonia and Lithuania – Jekaterina Macuka (joining remotely), Pille Lehis and Dijana Šinkūnienė – along with Valda Beizītere, a legal and policy officer at the European Commission’s Data Protection Unit, and representatives from the banking and technology sectors across the Baltic region.

Experts explored the application of artificial intelligence in the financial industry, assessing its potential, as well as its legal and ethical implications. They also examined the handling of personal data in the context of anti-money laundering efforts and fraud prevention, while seeking to identify ways to balance privacy protection with the implementation of cutting-edge security standards.

In her opening address, the Director of the State Data Protection Inspectorate (SDPI), Dijana Šinkūnienė, emphasised that the conference themes – GDPR implementation, artificial intelligence and evolving data protection issues in the financial sector – are highly relevant not only to financial institutions and regulatory bodies such as the SDPI, but also to the wider public. She explained that new technological tools and innovations of the digital age are significantly impacting not only the financial sector but also everyday life. Therefore, our core responsibility as supervisory authorities is to strike a balance between innovation and regulation, while upholding the highest standards of data protection.

Speakers and participants broadly agreed that effective solutions can only be achieved through dialogue and collaboration among all stakeholders, which is essential for maintaining a thoughtful balance between legal frameworks and emerging technologies. According to attendees, balance, cooperation and ongoing learning are key to a robust and modern approach to data protection.

Some key reflections from conference moderator and journalist Eglė Daugėlaitė summarised the discussions:

  • Businesses aiming to protect their clients should manage data flows effectively, employ reliable tools and handle sensitive data with care.
  • Risk assessments should be carried out only after operational goals, scope and appropriate technical measures have been clearly defined.
  • We must remain vigilant – cyber threats are constantly evolving.
  • AI impact assessments should become a routine and standardised practice.
  • When implementing AI, the human perspective must remain central – even if machines are faster, people must remain the priority.
  • Transparency is critical – the pursuit of balance must be ongoing.
  • Supervisory authorities must go beyond enforcement – they should also help interpret legislation and work jointly with businesses and other institutions to find optimal solutions.
  • Penalties do not solve problems – the most effective oversight comes from clearly defined boundaries.
  • The financial sector resembles a battlefield where legal violations must be swiftly identified.
  • At present, there is no comprehensive system in place to detect fraud.
  • Creative thinking and collaboration are vital to achieving success.
  • Above all, for everything to work – communication is essential.

We extend our sincere thanks to the participants and guests for their active engagement, and to the Association of Lithuanian Banks for the opportunity to contribute to the organisation of this valuable and insightful event.

(Photos by Gediminas Gražys)