28 January marks the Day of Data Privacy. Laws and regulations already grant personal data owners a bit more power over their own data by allowing them to request deletion, restriction or update of and insight into their data. So that’s one step that’s gonna take us… where exactly?
This article was not written as an authority on the topic, but mainly to give food for thought and a small insight of some of the trends in data privacy currently out there.
A lot is moving in the data privacy field after decades of big tech thriving on collecting personal data. It is a constant balancing act: better customer experience and personalized offerings vs. the value of keeping our personal data private.
And it is definitely a hot topic, as awareness has risen, but true understanding of what happens has not. People tend to be lazy in informing themselves about data privacy and information security. When is the last time you actually read a privacy statement instead of just clicking “I accept”? Tried to win something on social media channels, giving your information – they just need the data for the prize, of course! – instead of pausing and at to least think about what happens to your data and if the interest is truly legitimate?
Somehow a lot of people completely forget their forceful statements about the importance of their data being private when given the chance of finding out what kind of fairy they might be, how much percentage of angel they are or what their spirit animal is. Not a single thought about their poor, not so private data anymore… while I’m not quite sure, what the benefit would ever be in knowing what kind of fairy you are, I feel very sure that the importance of data privacy by far overweighs it.
It’s time for you to make peace with one fact: you – or better your data – are a product. The product that fuels a multi-billion dollar industry. Just like the flower child at a wedding, you are giving out gorgeous, valuable data by the handfuls, all the while thinking you’re just shopping, just looking something up or just sharing some memories with your friends on social media. You and your data are valuable and worth protecting.
It’s already quite scary once you start looking into the data privacy topic, but let’s see where the future might lead us.
A Glimpse into the Future of Data Privacy
If you are working in any form of “data collection” or are relying on that data to better target your marketing, you might feel that things are getting more difficult each year. There already are regulations in place like GDPR helping data owners to more power over their data and harsh punishments lurk just around the corner of those, that do not respect these laws, either on purpose or by mistake – yes, the old “but I didn’t know” is not going to spare you some really high fines, even if you “didn’t mean to”.
What was a bit tricky for those, not far along in their digitization, was definitely COVID-19, who forced everybody into being more digital. Mistakes happen when you have to hurry and do not take your time to think things through. So, having been herded along by a (physical) virus, mistakes about as well as awareness for the importance of data privacy and security has increased.
Tasks “more” of a priority since COVID-19
Source: IAPP-FTI Consulting Annual Privacy Governance Report 2020
Four Letters, Huge Impact
GDPR. Just four letters that already have had such a huge impact and caused so much headache! Who would have thought GDPR would shake the compliance ground as it did? For a long time, companies underestimated what the regulation who came into force on 25 May 2018 would mean for them and how complying would be essential. If the public opinion didn’t scare you into compliance, the fines sure did.
Almost four years later and according to a study conducted by IAPP-FTI Consulting only 47% are fully or very compliant. This is quite surprising, considering that fines for GDPR non-compliance can be up to EUR 20 Million or 4% of annual global turnover. Yes, they take whatever amount is higher. Unlike some other regulations, that after some waves let things quiet down, GDPR is still keeping the compliance community super busy with its huge impact. Which brings us to the next point.
Regulation, Regulation, Regulation!
It seems there will be no breather for the data protection community, as more and more regulation is being sparked by GDPR on a global scale. Some examples:
- China: Personal Information Protection Law in 2020 to take effect in 2021 was put on hold.
- Brazil: General Data Protection Law (LGPD) – 10 principles being enforced since 2020.
- India’s (Personal) Data Protection Bill is now likely to be passed by Parliament in its next session, beginning of February 2022, and likely will enter into force in the first half of 2022.
- USA: CDPA (Consumer Data Protection Act) takes effect in 2023.
- Canada: Will undergo more strict privacy regulation (draft reform bill “Consumer Privacy Protection Act”) to replace the existing 20-year-old bill.
By now, you surely can see it coming: we’ll need more people in compliance! Four letters, followed by an avalanche, so to speak.
It’s Gonna Cost Ya
More regulation means higher investment in privacy technology to even have a chance of handling all that work compliance means. But better invest the money in technology and keep your good reputation rather than spending it on fines, as more governing bodies are sure to enforce fines.
The respect a company offers to a person’s personal data is going to be a new factor to be measured by. Meaning: if you respect your customers and employees, you’ll show the same respect to their personal data and protect it. Do not respect it and you’ll risk fines as well as losing customers.
Data-Driven Job Equals Creativity-Driven Job
Professionals depending on personal data (like marketers, sales or developers) to gain data-driven customer insights should be in tears – unless they haven’t understood the problem yet. A very long list of tools relied upon so far will be forced into retirement as regulation continues to increase the protection standards. Some tools might adapt, but as always in changes like these: new ones will emerge. It’s about to get very creative in this field. Or back to basics before the fancy tools? We’ll see.
Data Protection Roles
Compliance departments have already seen an increase in staff due to more regulations in connection with not just data privacy but also general governance topics. But managing, supervising and implementing an increasing data protection regulation will be an impossible task for just a single person. So, while nowadays companies often have “a” person handling data protection, it can be predicted that in the future it is going to be a team. So let’s spell out another trend: the privacy job market will thrive!
Tools & Services
Be it a compliance tool for the management of data privacy or even DPaaS – Data-Protection-as-a-Service – many more companies are sure to jump on the revenue train that data protection is going to drive into the future. The DPaaS services alone are expected to grow into a $18.96 billion market by 2026, according to Infopulse.
One of the major trends we are sure to see come into a wide-spread reality is the incorporation of data privacy with information security. And this is going to need a high degree of automation or the volume and thus the workload is going to be impossible to handle. Imagine having to be compliant not just with GDPR, but also let’s say Swiss and US regulation on the topic. Same, same, but different equals a sheer unsurmountable volume of work. Thus opening the field for tools that allow for multi-standard compliance. The winners of this development will be tools offering all-in-one solutions.
Defeat the Nemeses, Increase Efficiency
When public awareness will lead to more requests by people wanting to get insights into what of their data is stored, things will get hairy. The more fragmented the information is in the information architecture, the harder it is to get a) all of the information and b) in a timely fashion. This makes silos, dispersed data and lack of automation the nemeses to defeat.
A people-centered approach to data management will makes things easier. Placing personal data at the center of all compliance processes dramatically simplifies answering data subject access requests, data mapping and the management of data retention policies. An important step is of course to tie consent back to the user. Because it significantly cuts workloads and time-to-fulfil, things will definitely trend in this direction, with some solutions even utilizing AI for significant data mapping activities.
Connecting Personal Data Privacy, Cyber Security, AI and Blockchain
On 25 March 2021, a very exciting study was published about how distributed ledger technology might provide novel opportunities in user data protection through decentralized identity and other privacy mechanisms. Throw a little cyber security and AI into the mix and if you’re already excited, read the full study by Stanton Heister and Kristi Yuthas. If not, skip to the next topic.
The fight against disinformation is already on and will increase as more and more people gain digital literacy. It may well be the single most important quality of a digital citizen. It is your personal information – the insights you allow through your social media, online shopping, etc. – that makes you a target for disinformation. And if our very own information is weaponized against us, we answer with outrage and aggression. And rightly so!
The trend in this topic seams to go towards more data accountability, which can be reached by pushing policies and practices where companies/entities have to put technical and organizational measures into place and transparently communicate what they do with the data collected.
Your Data, Your Choice
It is indeed a very curious intersection, where personal data, privacy, security and money meet, isn’t it? As regulation is increasing, awareness is growing, data revenue is still being generated and conversations are trying to define the nature of data/ownership, paths are still being defined and the privacy landscape being shaped. Personal data should be owned by exactly one person: the person it belongs to. That person should always have the right to own, transfer, delete or even monetize it. Because others already are monetizing your data.
How Much for Your Data?
Supplying personal data to advertisers is a very lucrative business for services like
Another place you’ll find a price tag attached to your data is the dark web. Here’s some insight of current prices in USD:
How to Protect Your Personal Data
We have picked a few tips for you to protect your personal data, uphold digital privacy and also information security. While the list is surely not complete, it will give you good overall ideas that shall help you protect yourself and your data.
Brush up on real knowledge of cyber security, not what you think to know. As an easy start, you can read the take aways of the cyber security awareness Lunch & Learn or the workshop we had last year. And if you can’t fully explain what “social engineering” means, no more social media or anything digital for you until you’ve caught up.
Start reading those Privacy Policies before agreeing to them.
Read cookie policies, too, while you’re at it, even if you have to click through those pesky small tabs and look through a sea of third parties. And yes, put them all on “no/off/decline”, even if it feels you’re going to be at it for 10 minutes. It’ll be worth it.
Check the privacy policies of your social media and other channels regularly. Do use the settings to narrow down what you share with whom. In this case, sharing is not-self-caring. Socialpilot has compiled a good overview what to look for.
Make use of your right to be forgotten, limit the collected data or gain insight on what is being collected, especially with companies you do not trust (anymore). But also, be aware that a request to view “all data” in some cases will have you face a volume that’ll make you reconsider if you really want to know. Use common sense.
Use a password manager, because you just cannot use the same password in several tools! Or at least have a password strategy and change them all on a regular basis. And no, your phone’s contact list does not qualify as password manager.
Be suspicious. Don’t let yourself be scared into actions like clicking links and giving out personal information “or else”. And take it from us: Microsoft will NEVER call you, your bank knows better than to ask for any personal data by email and no matter what the emergency is, if they are who they say they are, you can always call back by googling your e.g. bank’s switchboard and getting connected.
Do not click on links to information providers you’ve never heard that post unbelievable headlines (“you won’t believe what…”). Google them first and see if some warning pops up or remind yourself that you’ll still have a happy life without ever knowing what the article said. And you wouldn’t believe it anyway 😉.
Remember: you do not need to know what kind of fairy you are or what your spirit animal is. If you do take those tests, your fairy is the one that got the wings clipped and your spirit animal is definitely a cat – the one that curiosity killed. See? No need to take those tests…
Before doing what posts tell you to (share, like, copy to your profile, etc.), remember the song “if you’re careless and you know it clap your hands…”. At least you’ll have fun with the singing because over short or long, you won’t have fun with those posts.
Please remember, that “stay safe” applies as much to your “data health” as it does in your physical life.
On that note: STAY SAFE!