Metanav

How Will Data Privacy Impact Organizations in 2022?

data-privacy-in-2022

Since the European Union’s General Data Protection Regulation (GDPR) came into full force in 2018, it has raked up record fines for organizations that have failed to comply with it. According to CNBC, authorities in the EU have administered the equivalent of $1.2 billion USD in fines since January 2021, compared to around $180 million the previous year — and that’s just the beginning. 

In France, the Commission Nationale de l’Informatique et des Libertés (CNIL), the agency overseeing privacy regulations in that country, handed out $210 million euros worth of fines to Google and Facebook. Reported by The Guardian, the agency claimed the tech giants did not make it easy enough for users to reject cookies, which are small text files that give companies insight into a user’s web activity. (Under the GDPR, organizations must first get a user’s consent to obtain cookies.) Also occurring last year, EU regulators fined Amazon $888 million USD for allegedly processing users’ personal data in violation of GDPR rules. The company has disputed this claim.

Proposed Bill Takes Aim At Surveillance Advertising in United States

In the United States, which does not yet have a federal data protection law, a new privacy bill targeting data brokers has been introduced. According to Scott Ikeda of CPO Magazine, the “Banning Surveillance Advertising Act,” if passed, will restrict what is known as “surveillance advertising” by:

  • limiting ad targeting to context and to generalized location data that does not exceed city and state location
  • specifically prohibiting protected class information like race, gender, and religion 
  • banning the use of information collected by third-party data brokers in targeted advertising 

“Targeted ads would still be possible, but would rely entirely on the context of what the end user is viewing in a website or app at the time,” explains Ikeda. “Surveillance advertising does presently use this element, but with the added filters of collected demographic information to further refine its ad selection.”

The bill would be enforced by the Federal Trade Commission (FTC) and state attorneys, and could potentially cost organizations that violate it up to $5,000 USD per breach. It would also allow users to take legal action against organizations they believe violated their rights under the law. 

What To Expect from Data Privacy in 2022

According to predictions from TechTarget, organizations can expect 2022 to be a busy year for data privacy regulations. Here’s a summary of what to expect:

  1. Governments will continue to expand privacy regulations at local, state, and national levels, such as the EU’s GDPR, California’s Consumer Privacy Act, Brazil’s General Data Protection Law, and China’s new China’s Personal Information Protection Law (PIPL). These will have a confusing “patchwork effect” that will build consensus for more national and regional legislation. (The latter is likely to be overarching and easier to follow.) While there will likely be much discussion and debate over new laws, don’t expect them to come into fruition before next year. 
  2. Increased privacy regulations will pressure organizations to hire professionals with expertise in this field.
  3. Privacy and security experts may begin to collaborate. Whereas consumers have traditionally been more concerned about privacy, organizations have been more concerned about cyber security. With even more regulations to come, organizations will start to feel the pressure to integrate privacy into their security efforts.
  4. Privacy-related fines haven’t had a major impact on organizations’ bottom lines. However, this could soon change.

Is your organization prepared to deal with data privacy regulations? These laws may seem confusing and complex, but they share many similarities. Avoid the onslaught by preparing for them in advance. 

Data Privacy Engineering

Your organization needs to ensure that the products and systems it develops take data privacy into account. This means limiting the data they collect, determining how your organization retains and uses that data, and ensuring you are applying all relevant regulations— which can all help build consumer trust. 

Protecting Privacy in the Digital Age, brought to you by IEEE Educational Activities in collaboration with IEEE Digital Privacy, is a four-course program that provides a framework on how to operationalize privacy in an organizational context, how to make it usable for end users, and how to address emerging technical challenges to protecting digital privacy. Connect with an IEEE Content Specialist today to learn how to get access to this program for your organization. Interested in access for yourself? Visit the IEEE Learning Network (ILN).

Resources

Ikeda, Scott. (26 January 2022). New US Privacy Bill Seeks to Ban “Surveillance Advertising.” CPO Magazine. 

Browne, Ryan. (17 January 2022). Fines for breaches of EU privacy law spike sevenfold to $1.2 billion, as Big Tech bears the brunt. CNBC.

Milmo, Dan. (6 January 2022). France fines Google and Facebook €210m over user tracking. The Guardian. 

Harford, Isabella. (January 2022). 4 data privacy predictions for 2022 and beyond. TechTarget.

​​Bodoni, Stephanie. (30 July 2021). Amazon Gets Record $888 Million EU Fine Over Data Violations. Bloomberg.

, , , ,

Trackbacks/Pingbacks

  1. Four Steps To Implementing A Successful Data Privacy Program - IEEE Innovation at Work - March 31, 2022

    […] number of new laws – recently passed in Europe, China, the U.S., and Brazil – are presenting an urgent need for […]

Leave a Reply

https://www.googletagmanager.com/gtag/js?id=G-BSTL0YJSGF