As we mark Data Privacy Day, it’s clear that the landscape is rapidly evolving. 2023 brought a whirlwind of developments, from the rise of AI-powered threats to intensifying regulatory scrutiny. But what’s in store for privacy in 2024? We reached out to privacy experts from across the globe to get their insights and predictions.
General Trends in Data Privacy in 2024: A Global Overview
Deborah Tastiel, a solicitor qualified in England and Wales, observed a critical shift in corporate attitudes towards data protection. “In 2023, companies in the UK took a critical look at their data protection practices, leading to substantial restructuring and enhanced transparency,” she noted. This focus on internal assessments, Tastiel believes, reflects a growing recognition of the importance of robust data governance.
Across the globe, Benjamin Di Marco, a Cyber and Technology Risk Specialist in Australia, identified a similar trend. He pointed to a heightened awareness of the consequences of privacy breaches, leading to “public criticism regarding the overcollection of historical sensitive client information and failures to adopt proper processes for de-identification and removal of data no longer needed by organizations.” This, he predicts, will be further amplified by Australia’s incoming privacy reforms, which propose stricter data security obligations and enhanced protections for vulnerable individuals.
Lessons Learned: Navigating Privacy Challenges
One of the most significant lessons learned in 2023, according to Tastiel, was the paramount importance of prioritizing children’s safety online. She highlighted the ICO‘s focus on this issue, including the introduction of new guidelines and a hefty fine imposed on TikTok for unlawful processing of children’s data. This, coupled with the UK’s Online Safety Act, underscores the growing global concern about protecting young people in the digital realm.
In the US, Judy Selby, a Partner at Kennedy’s, identified a surge in cyber insurance claims arising from website tracking activities. These claims, she noted, raise unique legal issues and highlight the need for underwriters to carefully assess potential exposures during the underwriting process. This trend, Selby expects, will continue to shape the cyber insurance landscape in the coming year.
The Future of Data Privacy Regulation: Insights and Predictions
Privacy litigation
Selby explained, “The cyber insurance industry really came alive in 2023 to non-breach privacy claims arising from website tracking activities. These claims raise litigation issues that can be quite different from those in typical data breach class action matters.” Indeed, other industry reports have suggested that class action lawsuits and regulatory investigations will intensify, particularly in the US and EU, focusing on areas like adtech and data breaches.
AI and privacy regulation
Looking ahead, Violet Sullivan, AVP and Cyber Solutions Team Leader at Crum & Forster, sees AI regulation as a critical next step. “As we embrace AI and the Internet of Things, understanding the data flow in these devices becomes crucial,” she emphasized. Sullivan believes that robust privacy regulations will serve as essential guardrails, preventing data exploitation and ensuring responsible use of emerging technologies.
Building on this, Tastiel added, “The ICO’s updates to AI guidance and its challenge of a First-tier Tribunal decision regarding Clearview demonstrate a proactive stance in addressing new technologies. However, this marks just the beginning.”
On this issue, industry trends suggest that the EU is set to take the lead on tackling this increasing concern, following the EU AI Act and NIS2 Directive. “The EU Collective Redress Directive will pave the way for new types of class actions in the EU, and supplement the already robust enforcement activity of EU data protection supervisory authorities on cookies/adtech, cybersecurity/data breach, and cross-border data transfers,” noted Di Marco. However, continued development of new regulations can also be expected across APAC and LATAM, with new legislation being passed in Vietnam and India. Indonesia is also set to enforce new regulation in October 2024.
As we navigate this dynamic landscape, one thing is clear: collaboration and proactive approaches will be key for privacy in 2024. By sharing best practices, embracing innovation responsibly, and adapting to evolving regulations, we can build a more resilience cyber insurance sector in the coming year.