Since the European Union’s General Data Protection Regulation (GDPR) came into full force in 2018, it has raked up record fines for organizations that have failed to comply with it. According to CNBC, authorities in the EU have administered the equivalent of $1.2 billion USD in fines since January 2021, compared to around $180 million the previous year — and that’s just the beginning.
In France, the Commission Nationale de l’Informatique et des Libertés (CNIL), the agency overseeing privacy regulations in that country, handed out $210 million euros worth of fines to Google and Facebook. Reported by The Guardian, the agency claimed the tech giants did not make it easy enough for users to reject cookies, which are small text files that give companies insight into a user’s web activity. (Under the GDPR, organizations must first get a user’s consent to obtain cookies.) Also occurring last year, EU regulators fined Amazon $888 million USD for allegedly processing users’ personal data in violation of GDPR rules. The company has disputed this claim.
Proposed Bill Takes Aim At Surveillance Advertising in United States
In the United States, which does not yet have a federal data protection law, a new privacy bill targeting data brokers has been introduced. According to Scott Ikeda of CPO Magazine, the “Banning Surveillance Advertising Act,” if passed, will restrict what is known as “surveillance advertising” by:
- limiting ad targeting to context and to generalized location data that does not exceed city and state location
- specifically prohibiting protected class information like race, gender, and religion
- banning the use of information collected by third-party data brokers in targeted advertising
“Targeted ads would still be possible, but would rely entirely on the context of what the end user is viewing in a website or app at the time,” explains Ikeda. “Surveillance advertising does presently use this element, but with the added filters of collected demographic information to further refine its ad selection.”
The bill would be enforced by the Federal Trade Commission (FTC) and state attorneys, and could potentially cost organizations that violate it up to $5,000 USD per breach. It would also allow users to take legal action against organizations they believe violated their rights under the law.
What To Expect from Data Privacy in 2022
According to predictions from TechTarget, organizations can expect 2022 to be a busy year for data privacy regulations. Here’s a summary of what to expect:
- Governments will continue to expand privacy regulations at local, state, and national levels, such as the EU’s GDPR, California’s Consumer Privacy Act, Brazil’s General Data Protection Law, and China’s new China’s Personal Information Protection Law (PIPL). These will have a confusing “patchwork effect” that will build consensus for more national and regional legislation. (The latter is likely to be overarching and easier to follow.) While there will likely be much discussion and debate over new laws, don’t expect them to come into fruition before next year.
- Increased privacy regulations will pressure organizations to hire professionals with expertise in this field.
- Privacy and security experts may begin to collaborate. Whereas consumers have traditionally been more concerned about privacy, organizations have been more concerned about cyber security. With even more regulations to come, organizations will start to feel the pressure to integrate privacy into their security efforts.
- Privacy-related fines haven’t had a major impact on organizations’ bottom lines. However, this could soon change.
Is your organization prepared to deal with data privacy regulations? These laws may seem confusing and complex, but they share many similarities. Avoid the onslaught by preparing for them in advance.
Data Privacy Engineering
Your organization needs to ensure that the products and systems it develops take data privacy into account. This means limiting the data they collect, determining how your organization retains and uses that data, and ensuring you are applying all relevant regulations— which can all help build consumer trust.
IEEE has partnered with the International Association of Privacy Professionals (IAPP) to provide the IEEE | IAPP Data Privacy Engineering Collection to organizations. This unique training is designed to further educate technical professionals tasked with developing products so they understand, maintain, and protect data privacy throughout the R&D process. The program provides access to tools that allow the technical workforce to implement policies and processes for designing products that take ethical personal data use into consideration right from the start.
Learners will understand how to:
- recognize the benefits and challenges of emerging technologies and how to use them while respecting customer privacy
- establish organizational privacy practices for data security and control
- learn practical knowledge and insights to address corporate privacy challenges
- leverage the knowledge gained to develop products that take data privacy into account
Contact an IEEE Account Specialist today to learn more.
Ikeda, Scott. (26 January 2022). New US Privacy Bill Seeks to Ban “Surveillance Advertising.” CPO Magazine.
Browne, Ryan. (17 January 2022). Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt. CNBC.
Milmo, Dan. (6 January 2022). France fines Google and Facebook €210m over user tracking. The Guardian.
Harford, Isabella. (January 2022). 4 data privacy predictions for 2022 and beyond. TechTarget.
Bodoni, Stephanie. (30 July 2021). Amazon Gets Record $888 Million EU Fine Over Data Violations. Bloomberg.