What are the predictions for privacy in 2021? It’s going to get a lot more public.

New laws for data privacy and online protection are coming. Canada and many other jurisdictions worldwide will give their citizens more legal rights making privacy protection more and more a matter for the courts.

New rules for data privacy and online protection are coming, as Apple, Google, and many other big tech companies give us more information about how they handle our personal identifying information, making privacy protection more and more a matter of a competitive marketplace.

Here in Canada, there may also be a new privacy sheriff in town to protect our data privacy – at least, a tougher sheriff armed with a newly loaded six-shooter.

The potential risks to our data privacy are many: from AI to blockchain, from adtech to consumer tech, from 5G and IoT to pretty much anything called “smart”.  And while personal data privacy and online data security are different and difficult beasts to tame, they are interrelated. There’s application security to think about (how smartphone apps and computer programs interact with personal data), but also network security (B2B and B2C communications), physical security (server farms, connected machines, and internet peerage locations) and operational security (enterprise self-protection and risk management for crucial data and related assets).

Whether you are shopping, dating, voting, looking for work, moving to a new country, getting health care advice, or pretty much any other human endeavour, data privacy needs its day of reckoning.

Data Privacy Day 2021

Today is the first day of the new year – the new privacy year, that is. For the past several years, January 28 has been recognized worldwide as Data Privacy Day.

To celebrate, recent surveys have sought out various consumer opinions on privacy, with not surprising findings:

92 % of consumers are concerned about online privacy;
89 % avoid companies that do not protect their privacy; and
87 % said a federal law should cover data privacy.

So for this coming year, data privacy professionals used their annual Day to put in place two specific themes:

For individuals, the message is “Own Your Privacy.” For businesses, it’s “Respect Privacy.”

Own It

It’s been said that the single biggest risk to our privacy online is us.

There are too many examples of our not owning responsibility for our own privacy: the times we give more information about ourselves than we should, for the sake of coolness or convenience. The times we don’t read the privacy policy or terms of use, for the sake of speed and access. All those bad, reused or default passwords we use, for heaven’s sake!

We need to step up our game.

The vast majority of Canadians are at least somewhat concerned about misuse of their online information or attempts to steal their identity. Some – not as many – will adjust settings to limit the personal information they shared via their digital device.

In 2021, the survey says, more of us will take more active and informed steps to clean up our digital footprints and gain control of our online profile.

There’s help for that, too: apps will have greater transparency in 2021 about the data they collect; privacy policies will become more readable; consent must be more informed. And bad passwords may disappear, as multi-factor authentication and passwordless access techniques become more accepted and understood.

As much as the individual user can do – or cannot do – to protect his or her data privacy these days, in 2021 at least, Canadians will have another possible step they can take.

The new privacy laws proposed for Canada will allow for private legal action by individuals who can claim damages for personal loss or injury in the case of negligent or illegal activity by an organization collecting or handling their data.
By the way, those organizations could face much heftier fines for data law contravention than ever before in Canada – like $10,000,000.

Respect It

Those potential penalties are another good reason why businesses and organizations around the world are being urged this Data Privacy Day to respect the data they gather, and to respect the people they gather that data from.

While it has long been noted that privacy is a competitive marketplace advantage for companies that “do the right thing”, the law will now add some extra, uhh, encouragement to that already existing motivation.

And while the battle rages and the privacy shouting match continues between and among tech giants, it is clear that some of those companies do see the day of data security reckoning is at hand, and those that are making concerted efforts to respect customer rights and value our data privacy while still operating a profitable business are being commended – and welcomed into a growing choir.

Apple’s privacy nutrition labels for apps on its store is one such effort towards data transparency and accountability (although, not surprisingly, some are resisting or not complying). In its next ( beta) update, the company’s App Tracking Transparency protocol will also require apps to get the user’s permission before tracking their data across apps or websites owned by other companies.

Google says it has some similar plans in mind for the Android store, but it also says its iPhone apps like Maps and YouTube will stop using one adtech tool from Apple that allows for personalized ads, avoiding a new Apple warning that informs consumers their browsing is being tracked. The adtech wars will continue in 2021, but data privacy should be the eventual winner.

Legislate It

New data privacy laws are coming. They promise.

Here in Canada, one can only hope the motivation and momentum for privacy reform remain strong. The current minority government has its hands full. While the House of Commons is back to a sitting schedule for 2021, the Minister who first tabled ideas about changing and modernizing the country’s Digital Charter and federal privacy laws (aka Bill C-11), Navdeep Bains at Innovation Science and Economic Development, has been replaced in a cabinet shuffle.

(Bains tabled what is called the Digital Charter Implementation Act, which, if passed, replaces the existing Personal Information Protection and Electronic Documents Act (“PIPEDA”) with two new acts: the Consumer Privacy Protection Act (“CPPA”) and the Personal Information and Data Protection Tribunal Act (“PIPTD”).

The acts do have some serious muscle, long called for by privacy advocates and the country’s Privacy Commissioner.  As mentioned, organizations in Canada that violate the new consumer privacy and protection laws could face administrative monetary penalties of up to the greater of $10,000,000 and three per cent of the organization’s gross global revenue. That’s the sheriff’s new six-shooter.

Individuals as well, through private action and quite possible class action suits as well, will be able to seek damages for personal loss or injury caused by the actions of an organization that has been convicted of an offence under the new privacy laws.

Those laws, if passed as written, will also require organizations to be more transparent and accountable with our data. They will have to provide certain specific information to an individual at or before the time of data collection, such as:

the purpose, use, and disclosure of the collection;
any reasonably foreseeable consequences of the collection;
the type of information involved and data collected; and
the name or types of any third parties with whom the information may be shared.

But Canada is not the only jurisdiction proposing new privacy laws, as mentioned. So that means more acronyms, sorry.

Back in 2018, the trend towards new privacy protections began in earnest in California, with the passage of the California Consumer Privacy Act (CCPA). Late last year, voters there also passed the California Privacy Rights Act, one of the strictest data privacy laws in the U.S. It is based on comprehensive data protection laws in Europe, collectively known as the EU General Data Protection Regulation, or GDPR.

Inspired by such legal actions and precedents, new data protection laws will be passed in Brazil, India, South Africa and more in the coming year or so.  The idea of a federal law in the U.S is growing, but in the meantime, states like California now and soon Virginia, Oklahoma, and others have or will pass state legislation protecting people’s data. There are also dedicated laws in the U.S to protect children online, such as the Children’s Online Privacy Protection Act (COPPA).

All in all, the coming year (or two, depending) will see new privacy regulations in place to protect the personal data of as many as 65 per cent of people across the world. It was just 10 per cent in 2020.

That means privacy protection is becoming more commonplace. Privacy is more public.

The incredible increases in online activity due to our work-at-home, study-at-home, and stay-at-home practices during the coronavirus pandemic have only exacerbated a need that has existed for many years.

As people’s awareness of, and concerns about, online privacy and data protection become more and more of a social driver, as governments continue to take legislative action to protect their citizens’ privacy rights in response, 2021 will see the emergence of a new privacy-centric culture around the world.

Data trust and ethics will be the new currencies as public protection and privacy regulation become the guiding values for digital decision-making in 2021.

That’s the prediction, at any rate. Will we make it come true?

# # #

-30-