Nearly a year ago to the day, I described 2015 as a historic year for privacy. It ended on a high as Europe passed what may be the most significant privacy legislation on earth, capping a year that included the invalidation of Safe Harbor, the Anthem, Ashley Madison, and OPM breaches, and the naming of a new European Data Protection Supervisor.
In contrast, by year's end, 2016 has felt transitional; a pivot between accomplishment and the unknown. Which isn't to sound pessimistic at all. True, Brexit and the U.S. president-elect has many feeling nervous and grasping at uncertainty. But, from the privacy pro's perspective, preparing for the General Data Protection Regulation has clearly been THE issue of the year. If the first post-GDPR phase focused on finding out what was written into the regulation, the second phase now focuses on operationalizing the GDPR. What does the GDPR-in-action mean for your company? That focus will clearly continue into 2017, and you can rest assured that the IAPP will be here with the most up-to-date content to help you make that happen.
Optimistically, this focus on the GDPR has given rise to what seems to be a whole new market of startups aimed at providing privacy pros with technological solutions to compliance obstacles. Privacy Tech featured a number of articles on really smart and innovative companies providing data mapping and visualization solutions, vendor-risk management dashboards, consent management and privacy assessment programs, and new approaches to fighting data breaches, among many others. We're excited about the potential of this market and the solutions these companies may provide for those of you engaged in day-to-day privacy operations. Stay tuned for more insight in this area.
And who could forget the Privacy Shield? It almost seems like a lifetime ago that the U.S. Commerce Department and European Commission were busily hammering out a new transatlantic data transfer regime. In January, I remember hanging on every word of DoC Assistant Secretary Ted Dean and European Commission Head of Unit for DG Justice Bruno Gencarelli during a panel session at CPDP in Brussels. This was the same place I witnessed ODNI General Counsel Robert Litt defend U.S. surveillance practices to a room full of Europeans concerned about bulk surveillance. Was there really going to be a new deal? There was definitely electricity, and concern, in the air.
Privacy Shield, a comic-book name, complete with a comic-book logo, was the center of attention for much of the first half of the year - at least for those in the U.S. and Brussels.
Not long after, while back in the States, I remember getting up at the crack of dawn to tune into the joint announcement of the new arrangement. Privacy Shield, a comic-book name, complete with a comic-book logo, was the center of attention for much of the first half of the year - at least for those in the U.S. and Brussels. In what many of us in the U.S. thought was a policy miracle, the United States Congress - the place were partisanship kills policy - passed the Judicial Redress Act to help make Shield a reality. And though it is a reality, for now, the future of it, as well as that of model clauses, is still up in the air and will continue to play out in 2017.
It can sometimes feel like the whole world is up in the air. We were all shocked about the terrorist attacks in Paris and San Bernardino in 2015, and then later in Brussels early this year. Just weeks after the announcement of Shield, a U.S. federal judge rekindled the crypto debates from the 1990s in what became known as "Apple vs. FBI." The judge controversially ordered Apple to provide technical assistance to the FBI in order to unlock the iPhone of one of the San Bernardino shooters. In a bold, public letter, Apple CEO Tim Cook proclaimed the company would not provide such assistance because it would undermine the privacy of its customers and the security protections from years of engineering. Not to be outdone, the FBI retorted that Apple was using its business model and marketing strategy to subvert U.S. law. And though the final showdown was averted when the FBI decided to hire a third party to create the needed software, the encryption issue looms with an incoming Trump administration.
The internet is continually growing at odds with national boundaries and it appears this trend will only continue in the coming year.
Similarly, Microsoft took on the DoJ in the Ireland email case, while WhatsApp faced shut downs in Brazil for not turning over user data for law enforcement purposes. Russia implemented a data localization law, eventually deciding that LinkedIn would no longer be allowed to do business within its borders for not storing Russian users' data on servers within the nation. The internet is continually growing at odds with national boundaries and it appears this trend will only continue in the coming year. The old days of the Wild, Wild Westian, open internet may be coming to an end.
The convergence of the digital and physical worlds definitely came to light this year, as well. Perhaps one of the best demonstrations of this convergence was the immense popularity of Pokemon Go. In just one weekend over the summer, the augmented reality game took much of the world by storm, and, with it, issues around the collection and sharing of location data with third parties. Users unwittingly started trespassing on private property and forgetting the context of their physical presence in sacred places, such as the Holocaust Museum and Arlington National Cemetery. Though the popularity of the game has simmered down with a cooler fall and colder winter, look for new iterations of augmented and virtual reality in 2017. Things are just getting started here and privacy pros will play a huge role.
New dangers inherent in the digital world certainly manifested themselves when domain name service provider Dyn was taken down for nearly a day. That meant users in most of the Eastern Seaboard and other parts of the U.S. were without access to websites like Twitter, CNN and many others. The culprit? Zombified internet-of-things devices. That's right, malware created to automatically take control of webcams, DVRs and other devices built with virtually no security in mind, for the sole purpose of enacting massive distributed denial of service attacks. We had warned that IoT security was going to be a problem years back, and in late 2016, that problem reared its ugly head, more than once. And if we're not careful, we could witness 9/11-sized consequences of poor privacy and security that could affect critical infrastructure such as dams, electrical grids, hospitals, and financial institutions.
It became clear, in 2016, that cyber warfare is not just some far-fetched idea from a William Gibson novel. It's now found on the front page of the New York Times.
The role hacked data played in 2016 will also go in the history books. Whether or not the hacks of the Democratic National Committee and subsequent leaks ultimately affected the outcome of the U.S. presidential election, they did play a role. It became clear, in 2016, that cyber warfare is not just some far-fetched idea from a William Gibson novel. It's now found on the front page of the New York Times.
The year also featured two huge political surprises: Brexit in the UK and a president-elect Trump in the U.S. What each will mean for privacy pros still remains to be seen. The Court of Justice of European Union just this week potentially put a kink in Brexit plans and the U.K.'s controversial "Snooper's Charter." On the other side of the Atlantic, what a Trump presidency will mean for technology companies, regulation, and the encryption debate is still a gaping mystery, but if we're to make any predictions based on past comments from the president-elect, the cozy relationship tech companies have felt with Washington will change.
If 2015 was historic, and 2016 transitional, hopefully 2017 will bring back some clarity. Regardless, with the ramping up for GDPR and the continued growth of technology and innovation, privacy pros will play a huge role in the world of 2017 and far beyond. I'll look forward to helping you navigate this new world on Privacy Perspectives, Privacy Tech, and our daily and weekly regional newsletters. In the meantime, be safe and rest well, 2017 is going to be busy.
If you want to comment on this post, you need to login.