Looking back at 2019, how did the state of data privacy impact the global economic landscape?
It is highly likely that the year 2019 will be remembered as the era of data privacy, from both the consumer’s and the vendor’s viewpoint. To add weight to this, 2019 saw some of the largest privacy-related fines in history.
In fact, fines under GDPR included 50 million euros lodged against Google for privacy violations, involving a lack of transparency and consent. In an eye-watering decision, the FTC fined Facebook a staggering $5 billion, stating the company had “deceived users” on the level of privacy controls available.
The state of privacy landscape in 2019 may well be a turning point in computing history.
Data privacy in 2019 seems to be where cybersecurity has been over the last few years back – always in the news. Some of the highest profile privacy violations sent out international ripples and may change the course of how privacy fits into the technology road maps of organizations the world over:
The General Data Protection Regulation (GDPR), arguably one of the most advanced and far-reaching data privacy laws in the world, turned one in 2019. For example, the GDPR one-year birthday review by the European Data Protection Board (EDPB) reported 206,326 cases of privacy issues reported by supervisory authorities. In terms of fines, there were 9 major fines, totaling €358,780,500 up to August 2019.
The Toronto “Waterfront” smart city project with Sidewalk Labs first hit the news for issues around surveillance in 2018. At the time, ex-Privacy Commissioner for Ontario, Ann Cavoukian, resigned over privacy concerns in the project.
However, the smart city privacy debate rumbles on the latest twist in the tale being an open letter from the Chair of the Waterfront board, which includes reference to “all personal information will be stored in Canada” in an effort to dispel privacy fears.
Surveillance was a big privacy topic in 2019 and the privacy aspects of facial recognition was hotly debated.
In response, various U.S. states outlawed the use of facial recognition. By October 2019, California became the third state, along with Oregon and New Hampshire, to ban facial recognition in the state.
Now, ten years on, it is finally being implemented as regulations from GDPR to PIPEDA to CCPA encourage and mandate the use of the principles of Privacy by Design and Default in their requirements.
All in all, the “surveillance society” may continue to rear its head in 2020.
Published in 2019, “The Age of Surveillance Capitalism” by Shoshana Zuboff set a fire under the use of tools collating behavioral data for commercial purposes. The book is likely to continue to inform debate around the ethical use of personal data as we move into the 2020s. Legislative bodies are now seriously looking at ways of controlling and managing the free-for-all that we are seeing in the realm of digital data.
Of course, the EU’s GDPR is one such law that will continue to make changes in how we view what privacy is, and should be, across the world stage. In the U.S., the California Consumer Privacy Act (CCPA) has set a precedent for U.S.-based businesses to preserve privacy protections for consumers; the CCPA will come into effect on January 1st, 2020.
Previously a mosaic of privacy and data protection regulations, the U.S. is beginning to show interest in a federal law. The U.S. Senate Democrats are looking at several privacy protection laws. In November 2019, the Consumer Online Privacy Rights Act was lodged as a federal privacy bill.
Working diligently behind all of this are many privacy-focused groups and individuals. These groups, including the Me2B Alliance and MyData, are working towards building structures that inform data privacy and place it as a central remit within data transactions. Recently, a Tim Berners Lee backed initiative called the “Contract for the Web” has prepared to open debate and build commitment across a number of areas to build a better internet for all. One of the guiding principles of this movement is privacy.
To sum up what the 2020s may hold for the state of data privacy, a recent blog post by Google’s Product Manager, Privacy and Data Protection Office states:
“Differentially-private data analysis is a principled approach that enables organizations to learn from the majority of their data while simultaneously ensuring that those results do not allow any individual's data to be distinguished or re-identified.”
It seems that consumer pressure and regulatory fines may be turning the tide on privacy attitudes by the tech giants as we enter a new era.
Overall, 2020 is looking to shape up to be another year where data privacy sets the scene upon which organizations must pivot. Understanding how privacy can be integrated into services and systems, especially those that consumers transact with, should be on the road map of all businesses.
If you would like to know more about our privacy services, please click down below.