Data Privacy in 2022 – What You Need to Know

Data Privacy in 2022 – What You Need to Know

Suppose you’re looking to stay ahead of the curve on data privacy in 2022. In that case, there are certain concepts you need to be aware of, such as regulations across jurisdictions, double-extortion ransomware attacks, cyberattacks, and more. You’ll also learn about PIPEDA and CCPA. Of course, these regulations will continue to evolve as the world continues to move towards a more digital economy. But there are some key things to know today. 

Why is data privacy so crucial in the current climate? 

Data privacy refers to the process and strategies that address how personal data are collected, stored, used, shared, retained, destroyed, and transferred. On the other hand, data protection focuses on protecting data integrity and assets from unauthorized access. Privacy and protection strategies are essential for every organization because they provide individuals with transparency and control over data and its use and protect personal data from unintended access. As a result, your organization could be exposed to consumer complaints, regulatory investigations, fines, and fraud, such as identity theft and phishing. 

 

Regulations in multiple jurisdictions 

The European Commission adopted new standard contractual clauses (SCCs) for data privacy on 4 June 2021. They apply to data transfers within the European Economic Area (EEA) and outside of the EU and take into account the conclusions of the Schrems II report. These regulations take effect on 27 September 2022, but some provisions may be triggered before then. Here are the significant points to keep in mind. 

 

Cyberattacks and double-extortion ransomware attacks 

 

In 2022, cybercriminals will increase their focus on supply chains to exploit vulnerabilities. These attacks often involve compromised systems of third parties, such as car manufacturers. For example, the Kia Motors ransomware attack was carried out by the group DoppelPaymer, which demanded 404 Bitcoins for access to its computers. Kia paid a ransom of PS37,232,250, which was recovered within two weeks. 

 

Global data privacy laws (CCPA, PIPEDA, etc.) 

 

If you run a website, there are some things you should know about PIPEDA in 2022. In order to meet the requirements, your website must be accessible to consumers and be transparent about how it collects and uses their personal information. In addition, it must provide a way to revoke consent. And it must have a clear policy on privacy. The law also requires that entities obtain the consent of their customers before they use their personal information. Finally, they must regularly update their privacy policies to meet the needs of their users. 

A flurry of legislation is shaping up to affect the CCPA and data privacy in the United States in 2022. While most of this activity has been at the state level, one bill is likely to have significant implications for the industry. Utah is currently the only state with comprehensive privacy law. However, several other states are considering similar legislation. The coalition is monitoring the situation to provide a timelier update on any developments. 

 

The Colorado Privacy Act (CPA) is coming to a state near you! Colorado Attorney General Phil Weiser has announced informal public comment and listening sessions on rulemaking. These meetings will be followed by the formal rulemaking process in fall 2022, which will include a notice of rulemaking, draft regulations, at least one public hearing, and continuing opportunities for public comment. Colorado’s privacy laws are designed to protect the privacy of Coloradans. 

 

e-Privacy Regulation 

 

 

With the introduction of the e-Privacy Regulation in Europe, European citizens will have greater control over their personal information. The new Regulation will apply to all forms of electronic communication, including metadata, and would require service providers to obtain the user’s consent before processing this data. The e-Privacy Regulation is a welcome step toward ensuring that individuals’ privacy is protected in the digital age. 

 

Browser restrictions (ITP, ETP, etc.) 

 

First, Apple took the steps with their Safari browser via the implementation of the Intelligent Tracking Prevention. Then came Mozilla with their own version named the Enhanced Tracking Protection. Next, Microsoft followed suit with Edge, and even Google has made specific changes. 

 

What these browser restrictions have done is rendered third-party cookies obsolete. Only Google is yet to phase out but has planned to do so in 2023. In turn, it has hit marketers right where it hurts, as years of marketing campaigns and plans will have to make now do without the unrestricted user data provided by third-party cookies. 

 

What can you do for your MarTech? 

 

Data privacy is about identifying data and determining how it is being used. Classifying data is essential and describing the actions that should be taken with each type of data. Strong security controls are essential for a data privacy strategy. This includes programmatic and organizational controls like policies, training, awareness, incident response plans, and password policies. It also includes technical controls like encryption, anonymization, and multi-factor authentication. 

 

 

MagicPixel understands your business needs modern tools and services for the current climate of the MarTech scenario. Explore how solutions like server-side tagging, ID Link services, and first-party data strategy can help you navigate the new age of the internet.