A year ago on this blog, while reflecting on the year in privacy for 2016, I wrapped things up by saying that 2017 would be a busy year for privacy pros. I think it's safe to say that came true.
Top of mind, of course, is the nearly universal effort to ramp up for the EU General Data Protection Regulation. Our "Top 10 Operational Impacts of the GDPR" series has been — BY FAR — the most popular and accessed information in IAPP history. Europe's regulation has also been a boon to the privacy technology industry, too. We kicked off January by releasing our first-ever IAPP Privacy Technology Vendor Report, complete with an analysis of the burgeoning field, interviews with privacy tech CEOs, a directory of vendors, a description of the products offered, and a set of categories to help privacy pros locate solutions to the obstacles faced by an ever-changing, complex risk management and compliance ecosystem.
By Q3 this year, the number of vendors in the report went from 51 to 99, and we'll have many more to add for our next iteration early in 2018. Privacy pros are clearly in need of automated and scalable solutions to help navigate this brave new world of privacy regulation. Data mapping, as well as assessment and consent management tend to be at the top of the list so far. I expect more growth in the next report, though I think the number of new companies entering the space is starting to slow down. We've seen some consolidation in the marketplace as well, and I wouldn't be surprised to see that trend continue next year.
But operationalizing for the GDPR wasn't the only thing that affected the privacy world this year.
Perhaps the two biggest bombshells from 2016 that carried over to this year was the U.K.'s decision to leave the EU and the rise of Donald Trump.
For Brexit, Eduardo Ustaran wrote a thoughtful Privacy Perspectives piece defending the U.K.'s data protection efforts. He pointed out that the U.K. was one of the first nations to implement principles of the Council of Europe Convention 108 when it implemented the Data Protection Act of 1984, not to mention the Data Protection Act of 1998, which, he points out, "was one of the few European laws that managed to meet the deadline for implementation of the 1995 Directive. ... This is all to say that whatever Brexit leads to, the U.K. will never be too far away from the action on the ever-evolving data protection legislative front." This will be a space to watch in 2018.
On the other side of the pond, the rise of Trump has brought with it a new regime of deregulation. This has been felt most viscerally (many would say, triumphantly) in the telecommunications industry, first with the roll back of the Obama-era FCC broadband privacy rules and, more recently, with the roll back of net neutrality. In late March, I wrote about the potential political consequences of such deregulation. It will be interesting to see how the net neutrality roll back will also affect the GOP in the 2018 midterm elections. Consumers are angry about it now, but will it carry over into next year?
The rise of Trump also led to the departure of a couple of influential regulators, perhaps most notably from the FTC. Early in 2017, then-FTC Chairwoman Edith Ramirez departed for private practice. Then, just a few weeks later, FTC Bureau of Consumer Protection Director Jessica Rich followed suit. In two separate Perspectives posts, IAPP VP of Research and Education Omer Tene wrote warmly about each woman's impact and influence on the agency and, by extension, the privacy world.
Outside of Brexit and Trump, the privacy world witnessed two of the biggest, most damaging breaches in digital history. First, the fallout from the massive breach of Equifax was breathtaking in scope. The Equifax breach also prompted more calls from U.S. Congress to establish more rules around the credit monitoring industry. In reaction to the incident, which stemmed in part from some open-sourced software, Amanda O'Keefe wrote about the dangers of OSS and what privacy pros should consider when using it.
Not to be outdone, Uber also shocked the world when it admitted that the personal information of more than 50 million individual riders and 7 million drivers was hacked. To top it off, some in the company knew about it for nearly a year and paid off the hackers to keep the breach under wraps. The incident has some on Capitol Hill calling for a federal breach notification standard, potentially to include criminal liability when a breach is covered up. This came just months after it was revealed that Uber's Greyball program tracked local officials to avoid local regulatory action on its drivers. Let's all remember: "Just because it's legal, doesn't mean it's not stupid."
We're also seeing the normalization of biometric and internet-of-things technology, not to mention the rise of what the Center for Democracy & Technology's Joe Jerome calls "cyborgification." Earlier in the year, I touched upon a criminal case in which a man was implicated for murder based on the data in his pacemaker. As the "internet of bodies" continues to enmesh itself into our lives, we'll surely see more calls for law enforcement access to biometric data, as well as growing concerns about our personal privacy. Biometrics are also affecting the sports world in unexpected ways.
In 2017, facial recognition went mainstream. Apple's big new release this year centered on its iPhone X, which formally introduced a facial recognition authentication system. Ryan Chiavetta wrote about FaceID for Privacy Tech during its release.
And since we're in the holiday season, make sure you check out Chiavetta's humorous take on the "Dummy Christmas CCTV" camera. Enjoy this one for a good laugh.
As we near the end of 2017, one of the remaining developments on the privacy docket is the future of Section 702 of the FISA Amendments Act, which is set to expire Dec. 31. News on this is developing by the hour, and it looks like the provision will be extended for the short term. But the issue was on the mind of April Doss way back in March when she shared her thoughts on Section 702, and why privacy pros should be concerned about it, noting, "as Congress continues its work, it's worth remembering that things that aren't broke don't need fixing."
Let's hope that things look up in 2018.
If you want to comment on this post, you need to login.