The Future of Data Privacy Regulation

Our relationship with data in technology has evolved dramatically over the past 20 years, from the rise of cloud computing and artificial intelligence to machine learning and big data in recent years. As the systems have become more complex and the lines around ownership more blurred, the explosion in data collection — not just the volume, but also the variety and velocity of data — has led to some major security and privacy concerns.

While we’ve made decent headway with the data privacy regulations that exist today, we shouldn’t be surprised if consumers demand more. As we head into a new decade, 2020 will be the year that data privacy regulation finally takes off and the government begins to put stakes in the ground for a national privacy framework.

Here are the top five trends we see bubbling up in data privacy regulation next year:

1. CCPA Sets the Standard

After CCPA (the California Consumer Privacy Act) goes into effect on January 1, 2020, consumers in other states will expect the same rights as consumers in California have been given with the regulation. In this way, the CCPA will define expectations for consumers across the country, and other states will be forced to follow suit. Microsoft’s recent announcement that it will honor CCPA privacy rights throughout the United States could be just the spark the industry needs.

2. Businesses Lash Back

The stringent rules of CCPA and steep fines for lack of compliance have already spurred a backlash, and that backlash will only gain momentum in 2020. Not only is the up-front investment required to achieve and maintain CCPA compliance significant, but also the prospect of complying with CCPA and other state-led regulations (which likely will have different rules) is potentially financially impossible for smaller businesses. Fifty-one of the nation’s top CEOs have already written an open letter to Congress urging them to enact federal privacy regulations to respond to this issue, but the challenge is making sure the regulation isn’t watered down to the point where it doesn’t have the “teeth” consumers expect.

3. States and Feds Get Serious

We expect to see a real move toward data privacy regulation in 2020, both in state-led regulations and, as mentioned above, in a push for an all-encompassing federal data privacy bill. In fact, we might even see one of the 2020 presidential candidates make privacy a part of their platform. The effort will be a boon for businesses attempting to comply with the many different regulations, and it’s already underway thanks to bills introduced in the U.S. Senate by Ron Wyden (D-OR) and Anna Eshoo (D-CA) and Zoe Lofgren (D-CA). While passage of the bill will be a multi-year effort, 2020 will be the year it gains a foothold as a national issue.

4. Brands Expect Built-In Privacy

Gartner proposed that by 2022, half of our planet’s population will have its personal data protected under local privacy regulations in line with the GDPR, up from 10 percent today. In 2020, consumer brands will begin to expect that the technology solutions they implement will be designed with regulatory-compliant privacy functionality built in from the ground up. This means that the tech companies that prioritize privacy will gain a significant competitive advantage.

5. Technology Providers Prioritize Privacy Functionality

Consumer-facing businesses will demand that their software vendors include privacy built into their products. As a result, we’ll see a move by software providers to market the privacy features included in their software.

All in all, 2020 looks to be a watershed year for both data privacy regulations and technology solutions that help businesses gain and maintain compliance. After years of disparate and disconnected efforts to improve the privacy of consumer data, the industry has come to a tipping point and the need for a unified, national privacy framework can no longer be ignored. CCPA will lead the way.