Regulators are resource-strapped and pressured to perform. Several now have greater enforcement authority and can impose higher maximum fines and penalties. Plaintiffs’ law firms are seeking new revenue streams, publications need new audiences to stay afloat and advocates are struggling to remain relevant.
European regulators want to activate the provisions in the General Data Protection Regulation (GDPR) for privacy certification arrangements. In the United States, the Federal Trade Commission and a leading consumer advocacy publication have developed privacy labs to review products, mobile apps and websites. Stakeholders can now continually probe companies for privacy vulnerabilities using new bot and AI technologies, as well as relationships with third-party accreditation systems with these capabilities.
“In an ever more digitally connected world, the opportunity to prevent adverse business events involving personal data from occurring is to build automated controls into processes that prevent or detect risk. Software solutions are increasingly able to support this objective, but the talent to design and implement such safeguards is in short supply.”
Companies will face increased exposure on privacy-related matters. Continual, digital scrutiny means that traditional approaches to privacy compliance focused on paper-based documentation of policies and procedures won’t meet the challenges.
Companies counting on Big Tech to be the ongoing focus of regulators and activists will risk increasing fines, penalties, lawsuits and public scrutiny.
Data security and privacy considerations may become important pillars of certain companies’ ESG ratings and drive valuation.
"The Chinese internet industry has collected a tremendous amount of consumer data for AI research and development. Chinese consumers are now becoming more aware of their privacy rights and expect companies to have robust data privacy protections in place in accordance with laws and regulations issued by the Cyberspace Administration of China. The increasing level of concern from Chinese consumers is mirrored by campaigns launched by Chinese authorities to inspect the internet industry and smartphone apps to determine if they excessively collect users' personal information."