Text, email, Slack messages, Instagram DM, video game chats, asking Siri how to get to the dentist: Digital interactions are woven into the fabric of daily life. But this means heaps of information are being shared at all times, and the management of that data is hypercomplex. Over the next year, evolving AI technology, transforming business models, and more users (especially kids) entering the digital landscape will bring forth a host of new challenges and opportunities in the realm of data protection. Here are three key topics that will shape the narrative of data privacy in 2024.
1. Governments Get More Involved In Data Privacy
Personal data is quickly becoming the world’s most valuable commodity, and as such, governments worldwide are intensifying efforts to regulate data handling practices to safeguard individual rights. Notably, the General Data Protection Regulation (GDPR) stands out as a pioneering legislation in Europe, setting a high bar for data privacy standards. In 2023 alone, GDPR violations amounted to fines surpassing $2 billion euros; tech giants such as Meta, TikTok, and X (formerly Twitter) faced hefty penalties, amounting to over $3 billion collectively.
Countries worldwide emulating GDPR principles, with Brazil's General Law for Data Protection, Canada's Digital Charter Implementation Act and Egypt's Law No. 151 aiming to regulate global companies. Even within the United States, the California Consumer Privacy Act (CCPA) signifies a localized effort to fortify data privacy measures.
What’s resulted from this privacy legislation is companies rethinking their business models for the better. TikTok, for example, decided to invest in European servers for local data storage to better comply with regional regulations. Companies like Apple are incorporating features like “Ask App Not to Track” that empower users with greater control over their data, and automotive companies, in response to concerns about location data collection, are reforming their policies. Meta introduced a subscription-based model for ad-free services in Europe, which allows users to avoid ads and tracking for a fee. However, this move has sparked debate, with privacy advocates questioning the commodification of privacy—a fundamental right that transcends monetary value.
2. Protecting Kids In Digital Spaces Is a Major Focus
The pervasive nature of data collection extends to social media platforms, gaming sites, and online services, and kids are seen as easy targets, says Tom Gaffney, cybersecurity expert at F-Secure. According to Javelin Strategy and Research, approximately 1.7 million children fell victim to data breaches in 2022—an alarming statistic that underscores the need for proactive measures.
In response, legislative measures are making progress. On the federal level, in April 2023, a bipartisan group of federal lawmakers introduced the Protecting Kids on Social Media Act, aiming to enhance regulations for social media users under the age of 18. The Protecting Kids on Social Media Act would set the minimum age of social media users to 13. For teens between the ages of 13 and 18, parental consent would be required, and platforms would be banned from using algorithms to recommend content to those young users. Adults would have to create an account for their teens, providing a valid form of ID to become users on a platform, according to the bill. Although this law hasn’t yet been approved, its draft exemplifies growing concerns about children’s data protection.
Furthermore, state lawmakers are championing initiatives like the California Age-Appropriate Design Code Act, advocating for stringent privacy standards tailored to children's needs. States like Maryland, Minnesota, Utah, and Florida are following suit.
3. Expect More AI Regulation—And Governments Using the Tech for Protection
Governments are racing to establish robust AI regulations, aiming to strike a delicate balance between innovation and accountability. For instance, President Joe Biden's executive order on AI sets forth comprehensive guidelines, which directed federal agencies to enlist chief AI officers and laid out eight guiding principles and priorities for how AI systems should be developed and deployed.
Even though the United States inches closer to a Federal Data Privacy and Protection Bill, without set federal legislation, several states will enact AI legislation on their own. (California, in particular, emerges as a trailblazer in privacy legislation.) While state regulation is a good step forward, it could pose challenges for businesses, especially small to medium in size, to adapt to each state’s law and their unique provisions, explains IBM Chief Privacy and Trust Officer Christina Montgomery. “I think we are kind of suffering a little bit from death by a thousand cuts," Montgomery said, “which [will be the] technical implementation requirements that companies are going to have to adopt to address all the nuances in every state privacy bill if it continues to play out the way it's playing out.”
But with all this complexity around AI comes innovation, with leaders exploring how it can be used as a tool to prevent data breaches. Yet According to IBM’s 2023 Cost of a Data Breach, the average time to detect and contain a data breach is 277 days or about nine months. A lot of damage can be done in that amount of time, and AI could be an effective tool in cutting down that time by making data more structured. Organizations can leverage AI to remedy potential data privacy risks by getting AI-driven recommendations, prompts, and trends across data.
Conclusion
Regulation, innovation, and protection weave a tapestry of challenges and opportunities for data in 2024. As governments worldwide intensify efforts to regulate data handling practices, companies are compelled to rethink their business models. The imperative to protect vulnerable demographics, particularly children, gains prominence, driving legislative initiatives and advocacy for stringent privacy standards. Moreover, the burgeoning realm of artificial intelligence ushers in a new frontier of regulation and innovation, with governments racing to establish guidelines while organizations explore AI-driven solutions to mitigate data privacy risks. As we navigate the complexities of data privacy, the imperative remains clear: to safeguard individual rights and foster a digital landscape built on trust, transparency, and innovation.
Sources
The International Association of Privacy Professionals