11/02/2021 by Rune Rasmussen
Data protection in 2021: Is it safe and sound?
Be honest - on a scale from 1 to 10, how likely are you to read through a privacy policy before buying a digital service? For me, maybe 5 on a good day. Most consumers give consent without knowing how their data is going to be used.
Data privacy issues and data subject rights are hot topics right now and staying on top of changing legislation can be difficult. This raises both challenges and opportunities for businesses.
Two and half years after its introduction, The European Union’s General Data Privacy Regulation (GDPR) has kept lawyers busy and increased the public’s awareness of privacy rights. Unfortunately, most consumers still don’t care. That’s a problem because real data protection requires consumers who are actively exercising their rights.
Projections for 2021 - 22 predict that consumers will start to care more about data privacy and that lawsuits and fines related to data privacy will become more common. Action stems from understanding. GDPR is still new, and it will take some time for it to catch on.
At the same time, global privacy legislation is spreading and becoming more diverse and complex. This should be good for consumers and businesses - but it is also a challenge.
The good and the bad
Data protection and trust are vital in an increasingly digitalized world where ill-intended uses of personal data and cybercrime are flourishing. The good news is that 65% of the world's population will have their personal information covered under modern privacy regulations by 2023, according to a study by Gartner.
The challenge for businesses everywhere is that they must be constantly on their toes to keep up with ever-evolving legislation on a global scale.
In the United States, the Biden Administration is likely to pursue privacy legislation as a priority. The California Consumer Privacy Act (CCPA) which was enacted in January of 2020 might serve as a blueprint for new federal legislation with a broader reach.
60 countries, including Argentina, Australia, Brazil, Egypt, India, Indonesia, Japan, Kenya, Mexico, Nigeria, Panama, Singapore, and Thailand have enacted or proposed new privacy and data protection laws since GDPR came into effect in 2018.
In this sense, GDPR has been somewhat of a catalyst for other nations, regions, and economic areas to follow suit. On the surface, this is a good thing for consumer rights, but only time will tell if this geographically fragmented approach is the best way to tackle broader data privacy issues.
The need for global corporation
Although most of the world’s newly introduced data privacy legislation is based on similar principles to that of the EU’s GDPR, there are many differences and local requirements. For international businesses, this poses a unique challenge.
E-commerce accounts for roughly 15% of all sales, and this number rises with each passing year. There’s a rising need for harmonization and international corporation around privacy legislation and data transfers; all this accelerated by the global pandemic.
In July 2020, the Court of Justice of the European Union invalidated the EU-US Privacy Shield, a framework designed to facilitate transatlantic data transfers. Thousands of businesses transferring personal data from the EU to the US were not given any grace period to adapt to this new legal environment.
There’s a dire need for an agreement on a new transatlantic framework for the transfer of EU personal data to the US (something that is also likely to be high on the new US administration’s agenda). Brexit poses a similar challenge to the United Kingdom.
Trying to hit a moving target
2020 was a year of rapid changes, 2021 will see yet again more changes. SMBs and the service providers serving them must be prepared to adapt to the many changes to come and educate themselves to handle the rising demand. They must review privacy policies frequently and keep data protection agreements up to date.
There will be 3 macro trends corresponding to new technological changes and responses to regional data protection regulations. These are:
Cookie consent
For those living in the European Union, this is nothing new. The General Protection Data Regulation (GDPR) requires that websites must obtain active consent from users residing in the EU, regardless of where in the world the organization operates from. Consent to cookies must contain clear information about why and how the personal information is used, as well as where the information is stored.
Intelligent Tracking Prevention (ITP)
This is an initiative from Apple to limit the amount of 3rd party tracking on their web browsers by default. This has greater implications for marketers, advertisers, and digital service providers.
App Tracking Transparency
Another initiative from Apple, where iOS users will have the ability to opt-out of in-app data tracking. Apple has announced that this will be available in Spring 2021.
New opportunities
There are opportunities found in offering help to those who need it. These regulations and broader industry changes affect large and small businesses alike, but it is the small businesses that need the most guidance. Large companies can implement automation services software to automate data privacy policy updates, handle privacy requests and consent, etc., but small businesses simply do not have the resources or expertise.
As small businesses inevitably move to more digital business models, they need a centralized data hub that serves as a place to communicate their privacy policy. Mono Solutions offers a white-label website builder that can automate some of the more difficult aspects of running a business, like ensuring that you have a GDPR active opt-in on your website.
This is a constantly developing area, and more legal and technological changes will soon come. Businesses must be able to adapt to these changes and reduce the risk that they will affect profits.