Data privacy regulation in 2024: what we’re watching

A number of new privacy regulations were passed in 2023, and some passed earlier came into effect. Even more will do so in 2024, or enforcement will begin. Possibly even more influential, regulatory requirements for large tech companies will have substantial data privacy trickle-down effects on third parties that rely on their platforms and services for audience, data and revenue.

AI will surely become more regulated, and the focus on it has also further heightened consumers’ awareness of access to and use of their data. Some changes that will be coming as a result of the aforementioned regulations and business requirements will also bring welcome improvements to the consumer landscape, with more transparency, competition, innovation and consumer choice.

Let’s look at some of what we can expect in data privacy in 2024.

2024 in data privacy regulations and business

A number of the laws passed in the US in 2023 will come into effect in 2024, substantially increasing the number of US states with data privacy regulations in place, with their associated requirements for businesses that process personal data.

There are several major data privacy regulations around the world that are expected to be finalized in 2024, bringing new protections to even more people, and adding additional protections in places like the European Union (EU).

 Technologies that enable and enhance privacy (privacy-enhancing technologies or PETs) will also likely take center stage, with your website data privacy policy starting to be seen as pillars for building user trust, promoting transparency, and aligning with corporate social responsibilities.

Once regulatory enforcement begins for new laws like the Digital Markets Act, we will likely see rapid and significant changes in the operations of big tech companies, and in smaller companies that rely on those platforms. Data privacy protections are poised to cover more of the world’s population than ever before. Will it be 75% of people by the end of the year, as Gartner has predicted?

Data privacy in the United States

Eight US states passed data privacy legislation in 2023, and laws in five of those states will come into effect in 2024:

Montana Consumer Data Privacy Act (MTCDPA)

Florida Digital Bill of Rights (FDBR)

Texas Data Privacy and Security Act (TDPSA)

Oregon Consumer Privacy Act (OCPA)

Delaware Personal Data Privacy Act (DPDPA)

14 of the 50 US states now have data privacy regulations in place, though in 2023 40 states tabled privacy legislation, many not for the first time. Expect to see even more data privacy laws make it to governors’ desks in 2024.

Progress remains slow to stalled on federal data privacy legislation in the US. However, developments like generative AI and its uses are getting a lot of attention and scrutiny, including on the data privacy front, so it’s possible peripheral topics like that may provide stronger motivation for a broader federal data privacy law in the US.

Data privacy in Canada

Bill C-27 sets out the Digital Charter Implementation Act, 2022, which would bring a new framework for governing personal information access and use in the private sector. The bill is currently before committee and could be passed in 2024. It would bring the Consumer Privacy Protection Act (CPPA) into effect and replace the PIPEDA regulation, which is over 20 years old

The Digital Charter Implementation Act would also include the Personal Information and Data Protection Tribunal Act, which would set up an administrative tribunal to review some decisions from Canada’s Privacy Commissioner, and impose penalties for CPPA violations.

The Act would also help to address the expansion of AI influence and applications with the Artificial Intelligence and Data Act (AIDA), which would help to regulate trade and commerce in AI systems using a risk-based approach. Any new AI regulations or frameworks would need to have a focus on data privacy, especially for consumers.

Data privacy in Australia

Federally, Australia has had the Privacy Act since 1988 (with additional state and territory laws). An overhaul has been expected for some time, though it was most recently amended in 2022. The Privacy Act Review Report with 116 recommendations was released in February 2023, and some high profile data breaches in recent years will likely add more pressure to enhance data privacy and protections for the country’s citizens. Look for greater change in 2024.

ePrivacy Regulation in the EU

 In the European Union, the ePrivacy Directive (ePD) has been in place since 2018, as long as the General Data Protection Regulation (GDPR). But the ePrivacy Regulation (ePR), which would repeal the ePD, has lagged. The EU has since passed other laws with data privacy elements in recent years, including the Digital Markets Act, and the AI Act is likely to be passed in early 2024.

The ePR would establish, among other things, clearer rules on cookie usage, and regulate newer electronic communications services not covered by the ePD, like WhatsApp or Facebook Messenger. However, with a 24-month transition period, if finalized in 2024, it wouldn’t be fully in effect until 2026.

Source : usercentrics.com