Data Privacy Day is a good time to take stock of what is going on in the world of privacy.
What should you pay attention to on data privacy day?
In November, California voters approved a series of amendments to the CCPA (which hadn’t even been in effect for a full year). The new CPRA doesn’t become enforceable until 2023, but due to its “look back” period of 12 months, most companies will need to be compliant by the end of 2021.
A number of other state legislatures are considering bills similar—but not identical—to the CCPA/CPRA. Local differences in the application of that legislation will make the data privacy landscape more complex than it already is.
The focus of US federal regulatory agencies is also changing with the arrival of the Biden administration. As such companies should expect to see new enforcement priorities and cases at the federal level. Could the new Congress finally enact the federal privacy bill that’s 20 years in the making? Maybe. But after 20+ years of waiting, who really knows anymore. Certainly the conditions for a federal law are more favorable than ever (but that’s been said before).
Internationally, there are new (or changing) privacy rules to comply with in Brazil, South Korea, Japan, and Canada. On the other hand, the EU’s long-awaited ePrivacy Regulation is still in limbo despite years-long rumors that it’s almost ready to be enacted.
A changing technology landscape
There are significant developments on the horizon for the technology landscape. Today, most digital advertisers relies on third-party cookies and mobile advertising identifiers to do business. But changes announced in 2020 by Google with respect to its Chrome browser, and by Apple relative to data collection on iPhones could severely restrict (or even eliminate) the use of those cookies and identifiers by advertising technology companies. As such, there’s been an industry-wide effort in the last 12 months to develop new technologies that can replace the third-party cookie and MAID as cross-publisher identifiers.
But these replacements might not (ultimately) be necessary. Last year, regulators officially announced antitrust investigations into these ostensibly pro-privacy moves by Apple and Google as anti-competitive measures. It’s too early to tell what will happen in this conflict, but the drama will be “must-see TV” in 2021.
Here at Zeta…
We remain focused on operating our services in compliance with existing laws and reducing any privacy-related risks for our clients.
Right now, we’re updating our privacy documentation (as we do at the start of each new year), and continuing to develop enhancements for our rights request page (where people can see, copy, or delete data linked with Zeta cookies). In doing so, we’re tracking the “big picture” without losing our daily focus on the routine aspects of compliance.
It bears mentioning that Zeta was NOT affected by the SolarWinds breach—or any other data breach for that matter—so we have not had to make sudden, drastic changes to our systems as many other companies have.
At Zeta, we see 2021 as a time to expand our data footprint.
We also see it as a time to expand overseas offerings. Accordingly, we will maintain our commitment to privacy compliance in Europe, Brazil, Singapore, South Africa, and more.
As always, we will continue to evolve the automation of our internal privacy-related processes. We will also continue supporting the compliance needs of our clients as they grapple with CPRA, a potential new law in India, and more.
With all of that said, Happy Data Privacy Day from everyone here at Zeta. We look forward to making 2021 the best year yet for our clients!