The past three years have seen an onslaught of cybercrime and acceleration in advanced technology across industries around the world. With the parallel rise of these behemoths, consumers have been put under the spotlight and at greater risk than before; as the era of digital transformation and remote work created a global pivot to mass digitization, consumers have been forced to reckon with a growing target on their back for their personal online information, not to mention more ‘invasive’ forms of data mining for audience targeting purposes.
In the last two years, lawmakers have intensified efforts to pass standard data protection laws, a trend that has seen regions including the USA, Asia Pacific, and the Middle East introducing or altering data privacy and protection policies to better secure individual and enterprise data against internal and foreign threats.
Let’s take a closer look at what this will look like in 2023.
Three trends behind today’s privacy governance
There are three trends that can summarize the most significant changes in privacy and data governance today:
- An increasingly complex regulatory landscape
Keeping up with the rapid regulatory or compliance law changes is a huge problem for businesses and privacy professionals. By utilizing standard well-documented security best practices, privacy and compliance teams can proactively keep ahead of the regulatory changes. Incorporating flexibility and agility into the architecture of business systems will help with the evolution to these new standards.
- Emerging and evolving data technology and applications
Business teams occasionally see compliance as a roadblock to innovation as cutting-edge technology, and data usage techniques continue to emerge. However, incorporating a privacy-by-design approach can help businesses stay compliant with legislation while still performing at the top of their game.
- Growing stakeholder awareness
Business procedures, ethics, and governance are highly scrutinized by stakeholders such as customers, employees, and investors. As a result, transparency and consent are very important. In the coming years, the ability to win over consumer trust through transparent communications will be a strategic differentiator for businesses.
The evolution of privacy is moving past the realm of legal compliance and into an era of integrated data governance and trusted data use. Additionally, boardrooms and stakeholders are giving privacy a greater amount of visibility. This gives compliance teams the chance to tell a compelling story about how privacy efforts are being deeply integrated throughout the enterprise to achieve new goals.
Major privacy milestones to expect in 2023
With the aforementioned trends as the driving force. We expect to see three significant milestones coming up in 2023 that will have major effects on privacy.
- US privacy laws and other legislation coming into effect
Depending upon which state privacy laws apply to your business, now is the time to assess and implement data governance controls to comply with the California Privacy Rights Act or the Virginia Consumer Data Protection Act by January 1, 2023; Connecticut’s Act Concerning Personal Data Privacy and Online Monitoring or the Colorado Privacy Act by July 1, 2023; and the Utah Consumer Privacy Act by December 31.
On a federal level, the American Data Privacy and Protection Act (ADPPA) is the most significant federal data protection law in the United States since the U.S. Privacy Act of 1974. The ADPPA takes a fairly comprehensive approach to protecting privacy, incorporating many of the policies of GDPR, and represents a step forward in how the nation protects people’s rights and their data.
- The end of third-party cookies
Third-party cookies won’t be used after December 31, 2023. This constitutes a substantial shift from current targeted advertising and personalization approaches, but it also creates new options for businesses and marketers.
- Global implications of cross-border data transfers and the Data Privacy Framework
In July 2020, the Court of Justice of the European Union (CJEU) identified the EU-US Privacy Shield Framework to be inadequate. Although the case referred to data transfers between the EU and the US, the implications are global. The European Data Protection Board (EDPB) issued guidance that clarifies next steps, and organizations will have to reassess their processes for handling international data transfers.
In October 2022, the Biden Administration published the EU-US Data Privacy Framework, which was met with mixed reactions. The European Commission will now have to adopt an adequacy decision, which is not expected before spring 2023.
Is it time for one global privacy legislation?
To paraphrase Greek lawyer Konstantinos Kakavoulis, while global privacy legislation will enhance personal data protection and elevate company privacy procedures, it is unlikely to be effective. While internally nations and states can enforce a set of rules, due to the sovereignty of international states, this is not possible on a global scale.
Making it possible to adhere to international data protection policies depends on the willingness and capacity for compliance of individual state and corporate entities. Not every company is likely to embrace rules that restrict their functions or force them to pivot to new approaches for audience targeting; at the same time, some standards are harder for individual entities to deploy than others due to constraints around budget, labor, capital, etc. But while it may not be 100% possible, as we have seen from the ‘Ruggie Principles on Business and Human Rights,’ it is indeed possible for corporations and multinational companies to embrace international paradigms. While current efforts may not see immediate effectiveness, they may very well kick off a movement in the world of data privacy and protection where growing calls for change and security will pave the way for successful global privacy legislation.
- What’s Now, What’s Next? A Deep Dive into Privacy Legislation in 2023 - January 28, 2023