2023 has barely started and the year is already off with a bang in the data privacy landscape, as Meta gets fined over $400 million for illegal online advertising practices by the Irish Data Privacy Authority (DPA), weeks after its French counterpart (the CNIL) struck Microsoft with a fine of its own for dropping cookies illegally on devices of users of its search engine Bing, and Apple for not collecting french users consent before depositing and/or writing identifiers used for advertising purposes on their terminals.
In the United States, things are picking up too: Sephora was hit with a historic settlement in California last year, two new regulations have come into effect since the year started (in Virginia and California), and four new laws are tabled for the coming legislative session.
In the midst of all this, what can you expect in 2023? As Didomi's Chief Privacy Officer, I've gathered three of the top trends you should watch closely in the upcoming year.
- Data Privacy is about to take over the United States
- European businesses should brace for increased DPA activity and major fines
- The US-EU transcontinental framework will make the news - again
- Get ready for 2023 and brace yourself for another major year in privacy
Data Privacy is about to take over the United States
After a small wave of activity in 2018 with California’s Consumer Privacy Act (CCPA), we’ve seen the topic of data privacy steadily grow in the U.S. over the past few years. As two new regulations come into effect this month and the country braces for more, organizations operating in North America should get ready for a tidal wave of enforcement and privacy-related activity in 2023.
Indeed, what took over 40 years in Europe is susceptible to happen in the United States in a few years. From various states enacting their own consumer data privacy regulations to talks of a potential federal law, and as the Federal Trade Commission (FTC) becomes increasingly concerned with the topic, 2023 will be a critical year for data privacy in the U.S.
While we don’t exactly know what the year will be made of, we can already foresee some of the most pressing topics of 2023:
Data Subject Access Requests (DSAR) and how businesses address privacy requests from their customers. Organizations should get ready to face fines as well as negative reputational damages from consumers.
As more and more states introduce data privacy laws, we might see progress and continued interest in the federal data privacy law project, the American Data Privacy and Protection Act (ADPPA). Not only that, but 2023 will see the creation of the first US enforcement agency, and a potential successor to the Privacy Shields (more on that later in the article).
Finally, new regulations are rapidly coming into force in the coming months (Connecticut's CTDPA, Utah's UCPA, and Colorado's CPA). As businesses brace for another wave of consumer data privacy law, they should expect more to come, since other regulations are tabled to be discussed this year, including in Michigan, Ohio, and Pennsylvania.
These will all be key topics to watch out for in North America in 2023.
European businesses should brace for increased DPA activity and major fines
On the other side of the pond, things might seem a bit quieter. After data privacy took the continent by storm in 2018/2019 with the advent of the General Data Protection Regulation (GDPR) and an initial wave of fines and enforcement, organizations might think the regulatory landscape will be smooth sailing going forward.
Indeed, as historic fines have been handled last year, smaller businesses and organizations have been led to believe that Data Protection Agencies (DPA) are solely focused on the biggest companies.
This couldn’t be further from the truth.
We have strong reasons to believe that 2023 will be a heavy year for enforcement as DPAs across Europe have been investigating, and data privacy activists are becoming increasingly better at reporting infractions - which DPAs are required to address.
As a direct result of this increased enforcement activity will be an even more complex European data privacy landscape: More decisions will lead to more complexity, due to various interpretations of the laws, and new questions trickling down from these decisions.
Thankfully, we will work twice harder to ensure that our customers and partners will be able to weather that storm thanks to our expertise and flagship Consent Management Platform (CMP), which is already favored by leading companies across Europe, from Mediahuis to Société Générale, Banana Moon or Rakuten.
The US-EU trans-Atlantic data privacy framework will make the news - again
Finally, the third biggest topic you can expect to hear from in 2023 will be a new iteration of the Privacy Shields, the former transatlantic framework between the U.S. and the European Union.
We’ve discussed it before on the blog, and have covered the saga surrounding Google Analytics in 2022 extensively. The upcoming framework will undoubtedly be another topic of interest for the world of data privacy in the upcoming months.
While it will help everyone get a clear understanding of how to conduct compliant data transfer between the E.U. and the U.S., it is likely that it will get challenged by Max Schremms, and that data transfers between the United States and the European Union will continue to be a big topic in 2023.
Learn more about the trans-Atlantic data privacy framework in our recent article about it.
Get ready for 2023 and brace yourself for another major year in privacy
As anyone involved in the data privacy industry knows, no one can predict what will happen ahead of time. But starting the year with these 3 big axes in mind (and the resources you need) will give you a big step up over organizations that treat data privacy as an afterthought.
Want to discuss your data privacy challenges with us? Reach out to one of our experts: