In May, 2018, the European Union’s General Data Protection—GDPR—was implemented and since that time the Universe of Data Privacy has modified direction from monitoring to more aggressive enforcement. Just last year, two Data Protection Authorities (DPAs) slapped substantial fines on three multinationals, and additional similar activity is expected. Will we see consumers exercising their rights over their data this year? If a survey from a recent PwC Study of preparedness for the California Consumer Privacy Act is to be believed, companies will add significant resources to meet customer requests for data. Five influencers will play a part in this development going forward.
TWO) THE EUROPEAN UNION
FOUR) STATE ATTORNEYS GENERAL
FIVE) PRIVACY ADVOCATES IN BUSINESS, AND AMONG THE CITIZENRY
The California Consumer Privacy Act went into effect January 1, 2020—inspiring other state jurisdictions to pursue their own privacy bills, as Microsoft and other companies opt to apply the rules across the country. No longer are California residents the only ones affected. A vast number of corporations will spend upwards of $10 million and a fifth of them will exceed $100 million in effecting protection of their data services.
The introduction of the GDPR established the European Union as the preeminent regulation entity of data privacy globally. The GDRP enjoys respect for recognizing privacy as a basic human right, and it bars collection and process of personal data without legal exclusion. By contrast, U.S. law currently allows such processes with few restrictions.
Earnest attempts to create a national privacy law are underway in Congress, and assorted members of the Senate are positioning to have their states’ privacy laws enacted first. In the House, representatives who introduced 2019 Online Privacy Act (HR 4978) are petitioning for an independent federal agency governing body to protect privacy and keep an eye out for abuses.
In actuality, state attorneys general are likely to have a more forceful impact on privacy law enforcement than any other US governmental agency. The office in New York has levied fines in excess of $600 million related to data improprieties based on current statutes, and additional state laws are on the way. Senator Ron Wyden’s (D-OR)Mind Your Business Act calls for state AGs to be allowed to enforce data privacy regulations. The act hints at more punitive enforcement, permitting privacy watchdogs to act on behalf of individuals, and potentially imposing tax penalties on firms when their governing bodies run afoul of privacy practices.
Business leaders and groups are becoming more vocal about the high cost and confusion generated by fragmented, often conflicting, state privacy laws. The Business Roundtable’s 2020 American innovation agenda advocates synchronizing approaches to the privacy of data and beefing up security to dispel roadblocks to innovation. However, many efforts to craft a national privacy law have failed, and legislators and business leaders maintain opposing positions on the basic principles from which rules flow. In one notable example, Apple CEO Tim Cook has voiced support for a US data privacy law, and raises at least three points that are not universally advocated: “We at Apple maintain that privacy is a basic human right[…]Our own information, from the everyday to the deeply personal, is being weaponized against us with military efficiency[…]We’re not willing to leave our users to fend for themselves. And, we’ve shown, we’ll defend those principles when challenged.
How can you make sure YOUR company is prepared for the Shift? Basically stated, a forward-thinking company needs to mesh privacy into all core operations and as a component of product design, in order to nurture trust among consumers. At nSightful, our professionals are experts at disseminating information and regulations as they apply to developments that will impact your operations. We’d be happy to show you further how your firm can navigate this changing—and challenging!—landscape.