What we’ve learned in 2022
Often it is hard for us to step back and take a moment to recognize all the changes, advancements, and developments that happened in the past year, especially when it comes to such a fast-growing and eventful sector as data privacy.
Looking back at this year, we have witnessed data breaches caused by inadequate data security processes and multimillion fines caused by non-compliant collection and usage of personal data, resulting in significant financial losses and reputational damages for companies.
If 2022 has taught us anything, it’s that efficient data privacy and cyber security are now fundamental to business success. Privacy laws and regulations make it clear organizations must be able to demonstrate information and data security best practices and effective implementation across all business aspects.
Some of the biggest challenges will be increasing regulatory complexity, the growing risk of data breaches that are becoming more expensive every year, and new strategies and approaches companies will need to adopt.
So how is 2023 going to look like from a privacy point of view?
1. Privacy will become more than meeting regulatory requirements
By now, companies that are looking to conquer the market or remain at the top of their game have realized reactive approach and preparing for yesterday’s regulatory environment is not going to bring them the competitive advantage they are looking to get.
Forward-thinking companies will adopt a privacy-first strategy placing customers’ privacy ahead of the organization’s needs which creates a favorable environment for building trust, improving customer satisfaction, meeting regulatory requirements, and supporting long-term relationships to create a mutually beneficial exchange with customers.
This means creating a privacy culture where all key departments are engaged and play an important part in data protection strategy to avoid:
- business disruption,
- productivity loss,
- revenue loss,
- data breaches,
- and costs of regulatory fines and settlements.
A privacy-first approach will become increasingly popular as it recognizes that privacy is far from being just a regulatory obligation and is essential for industry leaders to move forward and create customer trust. The approach that has already been recognized by Big Four Tech companies.
Earning the trust of users with outstanding data privacy and security measures will allow companies to move forward, research, and innovate. For those companies, privacy will become more than meeting regulatory requirements.
2. AI-improved user experience comes with the cost
Intertwined with data privacy is the impact of unstoppable technological advancement on our lives. Artificial Intelligence (AI) and Machine Learning (ML) set out to improve the quality of goods and services, but they also pose privacy challenges for individuals and businesses.
The more apps we use, the more data we leave behind that is collected by AI tools in order to improve user experience. However, for technology to provide these commodities, privacy is a price to pay.
The currency will be our sensitive data, geo-location, gender, age, medical data, and marital status, with little or no control over what happens to that information once it leaves your devices.
This intense collection of personal data will continue in 2023 and bring a variety of privacy challenges, one of them being high risk to individuals’ rights and freedoms, data exploitation, identification and tracking, and data breach risks.
Challenges of protecting privacy in artificial intelligence represent a serious obstacle to innovation and the development of solutions that can create a lot of value for individuals and society.
In the future, we can expect more companies to look for ways to use personal data while remaining in compliance with regulatory rules.
This progress will surely be accelerated by the EU Artificial Intelligence (AI) Act which might enter into force as early as 2023.
It is the first law on AI by a big regulator, which is currently in the proposal stage and is intended to impose requirements in terms of data collection and data processing.
3. Consent and Preference Management as an essential compliance tool
This is one of the trends that Gartner identified as top trends in privacy through 2024;
“Increased consumer demand for subject rights and raised expectations about transparency will drive the need for a centralized privacy user experience (UX). Forward-thinking organizations understand the advantage of bringing together all aspects of the privacy UX — notices, cookies, consent management and subject rights requests (SRR) handling — into one self-service portal. This approach yields convenience for key constituents, customers, and employees, and generates significant time and cost savings.”
Gartner also predicts that by 2023, 30% of consumer-facing organizations will offer a self-service transparency portal to provide preference and consent management.”
The ability to manage consent, demonstrate transparency and gain trust will become strategically important in the next year since customers, employees, investors, and other stakeholders will give more significance to ethical business practices and data governance.
4. Compliance becomes more complex
Regulations surrounding data protection are quickly emerging all over the world. Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population.
2023 will see new legislation coming into effect. Five new state laws will be enacted in the US, along with the California Privacy Rights Act (CPRA). This means it will become increasingly difficult for businesses that operate on a global scale to navigate multiple data protection requirements and stay compliant.
Companies in highly regulated sectors like financial services, health care, and those operating in multiple markets will face a growing number of data privacy regulations. In the future, this could result in an initiative to harmonize the complex area of privacy regulations.
5. The cost of Data Breaches will continue to grow
In 2022 the cost of a data breach reached an all-time high with a $4.35 million average cost (around €4 million), an increase of 2.6% from the previous year, and the trend continues in 2023.
Acronis End-of-Year Cyberthreats Report finds the average cost of data breaches is expected to surpass $5 million per incident in 2023, or approximately € 4.7 million.
The value of data breaches is in some way affected by the scarcity of resources, funding, and inflation. However, it is more likely that the cost has more to do with the efficiency of the attackers at targeting the right data and the right companies.
As the report states, new threats are constantly emerging, and malicious actors continue to use the same proven methods. The constant feed of ransomware, phishing and unpatched vulnerabilities demonstrates how crucial it is for businesses to reevaluate their security strategies.
6. Balancing privacy and free online services
The year ahead holds many exciting and important developments in the online world. One of the key areas of focus is the tension between online service providers and data protection supervisory authorities.
As more enforcement actions are taken, following the Irish DPC fines, we expect to see increased legal battles over the use of behavioral advertising.
There are several unresolved legal questions surrounding this type of advertising, including the use of personal data for targeting advertisements.
The EDPB recently concluded that Facebook could not rely on contractual necessity to collect and use personal data for targeted advertising.
However, it remains to be seen how data protection authorities will ultimately decide this issue, particularly as online service providers become more transparent in their privacy policies and terms of service.
At the heart of this issue is the question of whether it is in the best interest of individuals to challenge the financial model of the free consumer internet.
7. Privacy will continue to get even more elusive
Although this is not something that will be a sole experience in 2023, it will be a cumulative effect that slowly but steadily is reaching its heights. That is why companies need to take measures to actively protect data, but also to govern personal data they collect in an ethical way.
As the urgency for privacy increases, so do the consequences of violating privacy. Not only are there regulatory fines, but brand image and trust are at risk every time confidentiality gets broken.
To sum up 2023
Privacy is becoming a critical boardroom discussion and a hot topic among not just privacy professionals but investors, employees, and customers.
This brings more opportunities for privacy professionals to gain support for their privacy programs and push their efforts beyond regulatory compliance to create a competitive advantage by integrating their privacy efforts for maximum outcomes.