According to Gartner, “by 2024, 75% of the global population will have its personal data covered under privacy regulations”. This prediction is far-fetched, considering the increasing number of laws across the world targeting data protection and privacy.
The EU has what are perhaps the stringiest data protection laws and leads the rest of the world in this area. In the US, regulations are less tight, but the varied concerns are loud.
Amidst these, organizations cannot afford to be lax about data protection and privacy. The rules are changing, and rapidly. In this article, we explore some of the top five immediate concerns that will shape data privacy regulations in the coming months. Leaders need to pay attention and adapt their operations appropriately.
Generative AI
Much of the otherworldly allure that accompanied ChatGPT when it first launched in November last year has faded, giving way to sharp scrutiny of OpenAI’s handling of data privacy.
In March, Italy became the first country to ban ChatGPT, threatening penalties over alleged breaches of data regulations. The launch of Google’s counterpart to ChatGPT, Bard, was delayed in the EU over similar data privacy concerns.
There are larger conversations underway about how AI, and specifically Generative AI, algorithms, and their makers handle and misuse data. Presently, the European Union is finalizing details of its Artificial Intelligence Act, a comprehensive legal framework concerning the deployment of AI in a safe and transparent manner.
It is not exactly a data privacy law, but it’ll surely have a significant impact on AI data governance.
<<Also Read: Why Data Protection Should Matter More To Your Business?>>
Data Governance
By the beginning of 2022, fines for breaches of EU privacy law had increased sevenfold compared to the previous year. Earlier this year, Meta was handed the heaviest fine since the introduction of the GDPR – $1.3 billion.
But given the history of heavy fines issued to large corporations for having breached GDPR provisions, it’s not so surprising. Going into 2024, these heavy fines have contributed to an increased emphasis on data governance.
Excellent data governance is essential for compliance with all the data laws springing forth around the world, and it also reduces the rapidly increasing risks of data breaches.
To engender mature data governance, leaders must think beyond role assignment and intelligently promote accountability and integrity across the organization. This includes promoting data loss security practices and technologies.
International Data Transfers
One of the thorniest aspects of data privacy regulation is how to handle international data transfers. This is especially critical because the global data regulation landscape is a patchwork of laws with sometimes differing provisions.
From Brazil to China, the US, and the EU, how to handle cross-border transfers is not exactly clear. It is particularly challenging for international companies, which have to navigate the sea of legal contentions when such transfers are inevitable.
In fact, much of the debate about TikTok’s business in the United States revolves around its ties to China, despite the company claiming not to have been sharing data collected on US consumers with China. This has become a national security issue and continues to shape conversations regarding data privacy and security.
And despite the EU adopting a decision for the EU-U.S. Data Privacy Framework, there are still major concerns surrounding cross-border data flows.
Children and Social Media
In March, Utah passed legislation, going into effect in 2024, that limits access to social media for children. Social media companies must obtain the consent of parents to open accounts for users under the age of 18.
The law is the first of its kind across the country and its passage came with a lot of public backlash. However, it came on the back of increased concerns for the safety of kids and their personal data on social media.
At the federal level, these concerns have received no little attention, with the Senate floating the Protecting Kids on Social Media Act that has provisions similar to Utah’s law, expanding government oversight over social media platforms substantially.
There are diverse views on these moves, and social media companies must pay attention to how regulations will affect how they verify users, deploy algorithms and provide access to various features.
Ads and Privacy
Sometime within the past couple of decades, businesses figured that personalization was the most effective advertising technique and have not halted since then. But this has led companies, especially large corporations, to collect sensitive data from users, often surreptitiously and without consent, for the purpose of advertisements.
Worse, the data are misused and sold to partners, again without the user’s consent. The GDPR and subsequent data regulations have been effective in placing user consent front and center when it comes to data privacy. However, it has become apparent that invasive advertising techniques themselves must be dealt with, especially since most people are uninformed about data regulations. Finally, Meta had announced some months ago that it will allow users to opt out of behavioral advertising tracking.
Also, in contrast to micro-targeted ads, many companies are looking towards privacy-centric and consent-based advertising methods such as contextual advertising, zero-party data, etc.
<<Also Read: How To Build A Data Backup And Recovery Plan?>>
Conclusion
The evolution of data protection regulations demands constant vigilance and proactive adaptation. Business leaders must stay abreast of emerging regulatory developments and implement comprehensive data protection strategies to ensure compliance and safeguard sensitive information.
