Dear privacy pros,
As is customary at the end of every year, I would like to spend some time taking stock of key privacy developments in 2018 and engage in a little bit of crystal ball gazing before we dive into the APAC Digest this week.
Some of my hardworking colleagues at the IAPP’s U.S. office have presumably had to skip office parties to dedicate time to reviewing the top IAPP resources, Privacy Advisor stories, Privacy Perspectives posts, and web conferences. These are well worth checking out, and, as expected, much of the focus is on the implementation of the EU General Data Protection Regulation, the release of India’s draft privacy law, and the passage of California’s Consumer Privacy Act and Brazil’s national privacy law. Major security incidents and data breaches have continued to hog the headlines, starting with Facebook-Cambridge Analytica and continuing with Uber, Starwood/Marriott, British Airways and Cathay Pacific. Closer to home, we have incidents related to Aadhaar in India, SingHealth in Singapore, Comelec in the Philippines, Lowyat.net in Malaysia, and Vietnam Airlines (and the list goes on and on).
I would wager my last dollar that there will be a continued focus on data breaches in 2019 and beyond. With unabated growth in huge data repositories containing more and more sensitive personal data (e.g., databases held by governments and companies in health care, air or land transport, and hospitality, just to name a few examples from this year’s breaches), hackers after the pot of gold will inevitably grow in numbers and sophistication, and we will likely see more state actors getting into the act. In this regard, I think it is likely that privacy authorities around the world will continue to work on enhancing the regulatory regime around data breach prevention and notification, as well as step up on enforcement.
We are also likely to see increased regulatory scrutiny on major tech companies that have acquired extensive market power in their respective spheres and are able to collect huge amounts of personal data from consumers around the world. Revelations such as the recent New York Times exposé that Facebook had entered into data-sharing agreements with some of its biggest business partners, like Microsoft, Yahoo, Amazon, Netflix and Spotify, to give them broader access to personal data than previously disclosed are likely to strengthen the regulator’s hand. I suspect more authorities will start thinking seriously about the intersection between personal data and market concentration.
Besides the endpoints, the battle over data is also likely to be played out over who gets to control the networks through which data runs. Conspiracy theories abound over the impetus for the recent arrest of Meng Wanzhou, the daughter of Huawei’s founder and the company’s CFO, in Vancouver, and the tit-for-tat arrests of prominent Canadians in China. In my view, one of the more credible theories is that this is really a proxy battle over the development of hardware and standards for the nascent 5G technology. The development of any significant new technology for the transfer of personal data (e.g., using blockchain technology) will likely experience similar friction.
Against the backdrop of such a complex, multifaceted environment for personal data protection, stakeholders in the privacy industry will need to continually upgrade or retool their skill sets and stay abreast of the latest developments. I foresee that privacy regulators in various jurisdictions will push for increasing professionalization of the privacy industry. Companies will be required to not only employ data protection officers, but also ensure that they are adequately trained in new areas, such as data ethics and data innovation.
All in all, it looks like another exciting year ahead for the IAPP and privacy professionals around the world.
May you get some time to rest and recharge with your family and loved ones this year end before the madness begins in the new year.
If you want to comment on this post, you need to login.