{"id":42834,"date":"2021-11-10T04:51:31","date_gmt":"2021-11-10T09:51:31","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?post_type=emagazine&p=42834"},"modified":"2023-07-06T04:24:24","modified_gmt":"2023-07-06T08:24:24","slug":"privacy-global-regulations-new","status":"publish","type":"emagazine","link":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/privacy-global-regulations-new\/42834\/","title":{"rendered":"INFOGRAPHIC: How GDPR changed the world, and privacy regulation’s future"},"content":{"rendered":"

One piece of regulation has never before had such global impact as the EU Global Data Protection Regulation (GDPR.) It\u2019s firmly established data privacy in the public mind, giving extensive and unassailable rights and affecting behavior well beyond the EU\u2019s borders.
\n\"\"
\nGDPR legislation was a pioneer that other regions followed<\/a>. The California Consumer Privacy Act (CCPA) came into force in 2020. The more expansive California Privacy Rights Act (CPRA) will replace it in 2023. While there is no federal nationwide data protection law in the US, all fifty states have regulated data safeguarding, disposal and breach disclosure. US data privacy is pointing towards giving consumers more rights.<\/p>\n

Africa and Asia, with few exceptions, have a way to go in privacy regulation. It may be fair to say data protection regulation follows economic and political development. But China has a different focus. Having enacted strong privacy regulation, it\u2019s regaining control of local Big Tech, starting with corporate dismemberment of Alibaba<\/a>. It aims to control the massive amounts of data held by Chinese companies that may list overseas<\/a>.<\/p>\n\t\t\t

\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\t\t\t

Brittany Kaiser's data privacy solution<\/p>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t

Whistleblower's wisdom<\/span><\/h3>\n\t\t\t\t\t\t\t\t\t\t\t<\/header>\n\t\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

After Cambridge Analytica, Brittany Kaiser knows what should happen<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t

\n\t\t\t\t\tRead the interview<\/a>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/article>\n\t\t<\/div>\n\t\n

New consumer expectations of data privacy<\/h2>\n

GDPR and other regulations worldwide have raised awareness of privacy issues.<\/p>\n

Organizations need to focus on disclosure and incident response best practice or risk consumers seeing them as not transparent and losing trust.<\/p>\n<\/blockquote>\n

There\u2019s a gap between what customers want and what businesses <\/a>think <\/em><\/a>customers want<\/a> in their digital experience. Businesses think it\u2019s profiles (for example, offering relevant suggestions,) live help and price-matching. But consumers prioritize rewards, free shipping and data protection.<\/p>\n

Forced innovation is also good innovation<\/h2>\n

Data protection is now front of mind for everyone. Many once saw security regulations as an innovation inhibitor adding friction to the customer experience, but now they\u2019re customer experience\u2019s new best friend.<\/p>\n

With today\u2019s cybercrime landscape, data protection has never had so much focus, driving the need for strong authentication. 3-D Secure<\/a> is a great example. Ecommerce businesses saw the first version of 3-D Secure as an important tool for tackling fraud, but also the main culprit for customers not completing checkout. But the same businesses are finding the latest version, which includes new security features like biometrics, highly attractive for easier authentication across the whole customer experience. 3-D Secure\u2019s latest iteration links with new EU regulation\u2019s authentication requirements.<\/p>\n

Privacy expectations impact on cybercrime<\/h2>\n

The COVID-19 pandemic has sped up changes in digital consumer behavior like never before. Security and fraud risk increased, triggering more stringent regulation.<\/p>\n

But stricter regulation has also seen cybercriminals weaponize data protection against those it\u2019s supposed to protect. <\/p>\n<\/blockquote>\n

Ransomware gangs try to extort money from victims by encrypting their data, but also releasing it if the ransom isn\u2019t paid, adding data privacy insult to injury.<\/p>\n

Nations are stepping up to address ransomware, now the world\u2019s biggest cyberthreat<\/a>. But it\u2019s early days. Attempts to reduce ransomware risk are sometimes surprising with little consensus on how to address it, like US proposals to make ransomware payments tax-deductible<\/a> or, conversely, making paying a ransom illegal<\/a>. Once a profitable niche, cyber insurance now struggles to stay afloat<\/a> with increasing ransomware and skyrocketing demands.<\/p>\n

Emerging trends in data regulation and oversight<\/h2>\n

Data protection and privacy regulations are now part of life. We also see several emerging trends. For example, increased data protection and privacy oversight; in the three years since GDPR, nearly half of UK businesses have been reported to the Information Commissioner\u2019s Office over breaches<\/a>. With longstanding data breach disclosure laws in the US, a new bill could force businesses to report breaches faster<\/a>. India has long deliberated its Personal Data Protection Bill (PDP.)<\/a><\/p>\n

We\u2019re also seeing financial and security regulations aligning. Financial services regulations now include extensive obligations overlapping with security. Penalties are no longer the sole domain of national data protection authorities but could come from any regulator. UK\u2019s Financial Conduct Authority fined Tesco Bank 16.4 million pounds sterling<\/a> for failing to protect customers\u2019 accounts and not doing enough to prevent financial crime.<\/p>\n

And we see increased desire to control Big Tech. The most notable example started in China with Alibaba in 2019. New Chinese data protection regulation<\/a> has more scope for oversight, as we saw with the crackdown on ride-hailing service Didi<\/a> and others.<\/p>\n

China perhaps sees its companies listed overseas as a national security risk because foreign governments could scrutinize the massive amounts of data they hold. But there are other risks: Several shareholders sued Didi since their share price fell after regulatory crackdown<\/a>.<\/p>\n

It\u2019s not just China wanting to rein in Big Tech and their data \u2013 security concerns led to Germany\u2019s data protection commissioner telling government organizations to shut down their Facebook pages<\/a>. UK\u2019s draft Online Safety Bill proposes a new Big Tech oversight body<\/a> to help tackle illegal and harmful online content.<\/p>\n

Another trend is increasing regulatory oversight of start-ups, especially in fintech. Stock trading app Robinhood must pay 30 million US dollars to the New York State regulatory body for cybersecurity and anti-money laundering failures<\/a>. The Swedish financial regulator is investigating buy-now-pay-later firm Klarna for data privacy breaches<\/a>.<\/p>\n

Coming soon: The data regulation to prepare for<\/h2>\n

Data regulation laws are often challenged. In Europe in 2020, the Schrems II judgment invalidated Privacy Shield, the data-sharing mechanism<\/a> between the EU and the US. Austrian activist Max Schrems scored a major win as his case questioning Facebook\u2019s legal basis to collect data<\/a> was referred to the EU Court of Justice.<\/p>\n

Trump\u2019s US attempt to ban TikTok and WeChat<\/a> shows this isn\u2019t confined to the EU. India\u2019s Reserve Bank banned Mastercard from issuing new credit and debit cards<\/a> for not keeping to local data storage rules.<\/p>\n

Three years since GDPR came into force, regulators aren\u2019t standing still. In April 2021, the EU Commission published a draft proposal to regulate artificial intelligence<\/a> in line with GDPR. With increased automation globally, this is one area to watch.<\/p>\n","protected":false},"excerpt":{"rendered":"

Three years since GDPR, there\u2019s much to learn from what\u2019s happened since. We can also predict what\u2019s next in privacy regulation.<\/p>\n","protected":false},"author":2690,"featured_media":42835,"template":"","coauthors":[4251],"class_list":{"0":"post-42834","1":"emagazine","2":"type-emagazine","3":"status-publish","4":"has-post-thumbnail","6":"emagazine-category-data-and-privacy","7":"emagazine-category-digital-transformation","8":"emagazine-category-opinions","9":"emagazine-tag-gdpr","10":"emagazine-tag-predictions","11":"emagazine-tag-regulation"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/secure-futures-magazine\/privacy-global-regulations-new\/42834\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/secure-futures-magazine\/privacy-global-regulations-new\/25678\/"}],"acf":[],"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine\/42834","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/emagazine"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/emagazine"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/42835"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=42834"}],"wp:term":[{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/coauthors?post=42834"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}