Privacy was a hot topic in 2013, from Edward Snowden’s disclosures and WikiLeaks, to discussions around the privacy implications of the NSA programs, to the launch of new technologies like Google Glass. The arrival of a new year often prompts predictions – here are a few for 2014 from Harriet Pearson, Partner at Hogan Lovells, as well as a few from UnboundID CEO Steve Shoaff.
1. Watch NIST’s Space!
Harriet: Concerns about cybersecurity risk have never been greater. Almost every organization is taking extra steps to secure its systems and data. Enhanced monitoring and other security measures can create privacy issues, however. In early 2014 the National Institute for Standard and Technology, or NIST, will issue a “privacy methodology” as part of the Cybersecurity Framework mandated by President Obama. I expect the cybersecurity framework—and the accompanying privacy methodology—to be endorsed and adopted by leading companies, and it may form the basis for new regulation.
2. The FTC Forges Ahead.
- FTC Commissioner Julie Brill authored a “Claim Your Name” call to action article on Adage.com in October 2013. She writes, “Data brokers, marketers and other companies that join the big-data stampede while ignoring basic privacy principles do so at their own peril.”
- The FTC held a November 2013 workshop on the “Internet of Things,” saying that the FTC is “interested in the consumer privacy and security issues posed by the growing connectivity of consumer devices.”
- In November 2013, the FTC hired LaTanya Sweeney as Chief Technologist and Andrea Matwyshyn as a Senior Policy Advisor. In Chairwoman Ramirez’s comments on these new posts, she noted that “Technology issues are increasingly central to the FTC’s work” and “insights on the intersection of technology innovation and data privacy and security law will be enormously valuable to the FTC’s efforts to protect consumer privacy while promoting innovation.”
Unless the Wyndham case constrains the authority of the FTC, expect the FTC to continue their expansive enforcement trajectory.
3. Europe Continues to Shape Privacy Debate.
Harriet: It would be enough for the European Union to occupy a prominent space on the global privacy stage if all that were happening on that continent consisted of its work on a proposed General Data Privacy Regulation that includes novel concepts such as the right to be forgotten; imports to Europe the American idea of data breach notification laws; and establishes outsize fines of 2% or more of annual revenue. Europe’s ongoing attention to and concern about US government access to information adds to the complex political and policy debate, and influences how other countries view data privacy and, increasing, trade policy.
4. Companies Will React to the Mounting Privacy Market Pressures.
Steve: With mounting consumer anxiety, impending U.S. and European regulations, and recent advances in technology, companies are finding that implementing privacy controls can be a competitive advantage.
It’s no secret that consumers care about their data privacy. Our research – and that of others – indicates that consumers are very aware that companies use their data, and they want greater control over that usage. Mobilization initiatives like Data Privacy Day continue to grow in popularity and support, and this year saw the launch of the We The Data project. The year 2014 will see the development of regulations clarifying company practices around personal data usage. Many businesses and vendors are not waiting for regulations, though. They’re taking proactive steps to provide transparency, choice, and control, all in order to earn customer trust. Efforts in 2013 like the Microsoft “Your Privacy is our Priority” campaign, and Axciom’s aboutthedata.com show that this trend has been growing – and we expect that growth to continue.
5. Whither the Safe Harbor, Trade, and Privacy?
Harriet: The launch of the Transatlantic Trade and Investment Partnership (T-TIP) in 2013 presented a once-in-a-generation opportunity for European and US trade negotiators to start considering how to use this trade discussion to build a lasting bridge between the U.S. and European data privacy frameworks. In 2014 businesses involved in digital trade – and which isn’t these days? – will be watching to see how the T-TIP process addresses privacy, one way or another, and whether these trade discussions can help shore up the EU-US Privacy Safe Harbor.