Privacy megatrend: Rise of privacy enforcement

Privacy enforcement stakeholders will use automated technologies to bolster their powers.

Why will it happen?

Regulators are resource-strapped and pressured to perform. Several now have greater enforcement authority and can impose higher maximum fines and penalties. Plaintiffs’ law firms are seeking new revenue streams, publications need new audiences to stay afloat and advocates are struggling to remain relevant. 

European regulators want to activate the provisions in the General Data Protection Regulation (GDPR) for privacy certification arrangements. In the United States, the Federal Trade Commission and a leading consumer advocacy publication have developed privacy labs to review products, mobile apps and websites. Stakeholders can now continually probe companies for privacy vulnerabilities using new bot and AI technologies, as well as relationships with third-party accreditation systems with these capabilities.

“In an ever more digitally connected world, the opportunity to prevent adverse business events involving personal data from occurring is to build automated controls into processes that prevent or detect risk. Software solutions are increasingly able to support this objective, but the talent to design and implement such safeguards is in short supply.”

Michael CampbellPwC UK Privacy Leader

What’s driving the pace of this trend?

  • Data-intensive technology innovation.
  • Heightened government need for revenue.
  • Heightened law firm, publication, advocate needs for revenue and relevance.
  • Sharing and collaboration rising among regulators. 
  • Increasing regulator investigative and enforcement powers.
  • Successful class-action lawsuits.
  • Community sentiment.

How will it impact business? 

Companies will face increased exposure on privacy-related matters. Continual, digital scrutiny means that traditional approaches to privacy compliance focused on paper-based documentation of policies and procedures won’t meet the challenges.

Companies counting on Big Tech to be the ongoing focus of regulators and activists will risk increasing fines, penalties, lawsuits and public scrutiny.

Data security and privacy considerations may become important pillars of certain companies’ ESG ratings and drive valuation.

What should CEOs do?

  • Direct the CIO, CTO, CDO, CPO and CISO to build privacy-ready default settings into the design of digital code for the company’s operations.
  • Ask the chief audit executive to incorporate these automated and forensic technologies into the third line of defense to proactively identify weaknesses to external scrutiny.
  • Direct business heads to sponsor routine testing of their information-incident response processes and reporting of results to leadership.

"The Chinese internet industry has collected a tremendous amount of consumer data for AI research and development. Chinese consumers are now becoming more aware of their privacy rights and expect companies to have robust data privacy protections in place in accordance with laws and regulations issued by the Cyberspace Administration of China. The increasing level of concern from Chinese consumers is mirrored by campaigns launched by Chinese authorities to inspect the internet industry and smartphone apps to determine if they excessively collect users' personal information."

Kenneth WongPwC China/Hong Kong Cybersecurity and Privacy Leader

Here are your seven privacy megatrends

Contact us

Jay Cline

Jay Cline

US Privacy Leader, Principal, PwC US

Mir Kashifuddin

Mir Kashifuddin

Data Risk & Privacy Leader, PwC US

Joseph Nocera

Joseph Nocera

Cyber, Risk and Regulatory Marketing Lead Partner, PwC US

Sean Joyce

Sean Joyce

Global Cybersecurity & Privacy Leader, PwC US; Cyber, Risk & Regulatory Leader, PwC US

Follow us