Compliance struggles and more legislation -- privacy and data predictions for 2020
With the California Consumer Privacy Act (CCPA) set to come into force in January, privacy and how companies use data is set to be one of the big themes of 2020. What do some of the industry’s leading figures think this will mean?
Peter Reinhardt, CEO and co-founder of Segment believes, "Though the GDPR roll-out should have given American companies a good taste of what was to come, it's still likely that most will do the bare minimum to comply with the CCPA until the US government starts enforcing it in 2020.
"When it does, and companies begin to see that the bill has real teeth, we'll see a mad dash for companies to become compliant. In the rush, many companies will trip over their shoelaces and make inevitable mistakes, just as we saw with the GDPR."
Blake Hall, CEO and founder of ID.me thinks the California legislation will pave the way for the rest of the US, "Passed in June 2018 and set to go live in 2020, the landmark California Consumer Privacy Act (CCPA) will likely expand across the country as the federal government will work to pass legislation for the country to have one, unified set of rules. The CCPA will heavily inform this national privacy framework ensuring that all states have the same data security compliance requirements for organizations. Additionally, many companies will proactively choose to implement CCPA nationally, which is already starting to happen with companies like Microsoft, for example.
"Comparable to Europe's GDPR, these laws could have major repercussions on US companies that don’t adhere to new data privacy standards. This January, the new data law will go into effect, severely impacting tech giants and major US businesses through changes of privacy regulations. However, these laws will empower Americans to protect their identity data and have more control over what information companies can have."
Sanjay Gupta, VP and GM of corporate development at Mitek echoes this view, "Other states, including New York and Washington, made attempts to pass similar laws in 2019, and while their efforts weren’t ultimately successful, support for similar laws continues to grow. We can expect these states and others to try again with more success in 2020, as voters express greater interest in controlling the privacy of their data."
Rich Chetwynd, product manager at OneLogin thinks that, "In 2020, there will be a scramble to get in line with privacy regulation. In the last few years, many US companies sat back and watched as GDPR and other regulations were implemented but now they are seeing their friends get fined and privacy is raising eyebrows at the board level. OneLogin predicts board members will be held more responsible for breaches and other issues and it will scare the rest of the enterprise into making privacy a top-level priority."
Patrick O'Keefe, Vice President of Development Engineering at Quest Software, thinks further legislation could be on the way. "The development of new technologies has put organizations in a position where they are now more vulnerable to large scale data breaches. The smallest mistake can leave data vulnerable, and people are beginning to demand that companies take more responsibility to keep their data safe. I anticipate more conversation next year around how organizations are using customer data and what can be done to keep customer data private and secure. For example, while Facebook currently has privacy settings, nobody understands how Facebook actually uses their data. This will be one of the next things to be addressed by legislation."
Gary Barnett, CEO of Semafone says, "The European Union's General Data Protection Regulation (GDPR) will have a ripple effect and consumers in other countries will expect their government to update existing and antiquated privacy laws. As such, there will be an increase in legislation and potentially new senate bills implemented that can jail CEOs for violations."
But more regulation could be bad for business according to the team at ARM Insight, "Public perception of data breaches and use of personal data will cause reactionary legislation to pass. These overly restrictive covenants will stall business growth, and will cause companies in those markets to be disadvantaged to global competitors who have access to less restricted data."
The way consumers share data could be changing too according to Charmagne Jacobs, VP and head of global marketing and partnerships at Adslot, "With more power shifting to consumers and ever-growing concerns about privacy, marketers are creating opportunities across the ecosystem by turning their attention not just to first-party data, but zero-party data. Whereas first-party data is 'passively' collected consumer data from websites, apps, social platforms, etc, zero-party data is proactively and willingly shared by the consumer. Examples include purchase desires and preferences through interactive experiences like subscriptions, surveys and loyalty programs, etc. It's completely opt-in, so we can, therefore, presume a high level of quality, transparency and accuracy. And, as regulators and browser companies continue to tighten up on privacy, zero-party data will be more important for automated ad buys. It has the potential to unlock deeper consumer profiling and targeting. Per Forrester, zero-party data would help marketers “build direct relationships with consumers and improve their product recommendations, services and offers."
Adam Kujawa, director of Malwarebytes Labs thinks the use of biometrics will raise additional privacy issues, "What will happen to this private healthcare information? Consumers are unaware that their health tracking devices could fall into the hands of someone who could use the data for unauthorized purposes. What's more, the increased use of biometric data for authentication also calls for stronger regulations for data privacy, as consumers could be subject to bias. Additionally, there are also fears about how biometric data could be used and who will have access to data such as law enforcement, immigration enforcement, or repressive foreign governments."