Experts speculate on how the data privacy regulatory environment will shape out in the coming year and beyond, following a slew of global developments, including new data protection measures signed into law by both China and Saudi Arabia.
Most countries like India, Canada, Vietnam, South Korea, and a slew of other nations are considering new data privacy legislation. Meanwhile, recent modifications to Japan’s Act on the Protection of Personal Information will take effect early next year, while Australia is revising its privacy legislation from 1988. In the United States, more than 25 state-level data privacy laws are stuck in committees at various levels.
Despite the momentum, data privacy measures and modifications in the United States and overseas are notoriously difficult to enact and sign into law. In the absence of comprehensive, consent-based data privacy legislation on a national level, tech corporations like Apple and Google are increasingly establishing consumer data privacy ground rules, while advertising industry associations are establishing their own self-regulating norms.
It’s quite improbable that federal legislation will be passed in the next year or two. We’ll be halfway through Biden’s first term next year, with midterm elections on the horizon. Biden’s first focus will most likely be passing his trademark legislation, Build Back Better, in addition to bringing us out of the epidemic and solving supply chain and inflation challenges. Even though numerous laws have been submitted, hearings held, and public interest in privacy, we remain pessimistic that enough political resources will be allocated to privacy before Build Back Better is approved.
We need to wait for how the political situation will change after 2002. Privacy legislation might be passed before 2024 if we see Democrats in power. If they lose one [or both], I believe we will be in a legislative stalemate until 2024. The potential here is that both parties, consumer activists, and industry all want comprehensive privacy legislation to pass; everyone wants this to happen. The question is how and what shape it will take, as well as working out the stumbling blocks, such as the extent of preemption and the existence of a private right of action, which will impede the process.
The constant growth of data privacy legislation will eventually need an increase in the number of personnel working on compliance. Without a team or at least one assistance, a single data protection officer or other function will be incapable of administering, overseeing, and enforcing data protection requirements manually.
The need for data security, privacy, and compliance is rapidly increasing, which means more opportunities for those that support compliance.
In the coming year, we could expect a slew of new privacy and data protection rules. The level of complexity will arise. Non-compliant firms’ risks will skyrocket. Both the number of nations having comprehensive laws and the complexity and divergence of those laws are expected to rise, according to the trend lines. India will almost certainly approve a data protection law in the first half of 2022. The more pressing question – may be the most pressing – is when the United States can muster the political will to pass national privacy legislation.