As we step into the future, the evolution of technology continues to reshape our lives. Amidst this transformation, data privacy has become a focal point, with individuals and organizations emphasizing the importance of safeguarding personal information. The data privacy landscape is dynamic and will continue to evolve, but as we look ahead to 2024, several trends are poised to shape the narrative.
1. Generative AI Breaches & Fines
The rampant use of generative AI (GenAI) will get highly complicated for application developers if they don’t use the technology safely and responsibly; it could lead to data breaches and fines.
Forrester 2024 Predictions for Cybersecurity, Risk, And Privacy suggest that insecure AI-generated code will be responsible for at least 3 data breaches due to security flaws in the code generated or vulnerabilities in AI-suggested dependencies.
2. Increased Fines & Consumer Awareness
To no surprise, with data privacy and protection laws expanding globally, we should fully expect an increase in fines in 2024.
Below are the most notable fines in 2023:
- In May 2023, a record-breaking fine of €1.2 billion ($1.3 billion) was handed to the tech giant Meta by the Irish Data Protection Commission (DPC) for the transfer of data between the EU and the US without adequate data protection.
- As recently as September (2023), TikTok received a €345 million ($370 million) fine by the Irish DPC specifically for violating children’s data privacy under the GDPR.
- In January 2023, Ireland’s (DPC) issued a €390 million ($425 million) fine in connection to Facebook and Instagram related to their terms of services and forced “consent”.
- In June 2023, the National Commission on Informatics and Liberty (CNIL) levied a fine of €40 million ($43 million) against CRITEO for failing to obtain consent, provide clear information, and enable user rights.
These are just some of the notable fines that, when combined, exceeded €2 billion ($2.2 billion). Organizations should take data privacy and protection seriously before we hit a trillion.
3. Children’s Online Safety Will be in the Spotlight
According to Bloomberg Law, state lawmakers are reestablishing efforts to replicate the California Age-Appropriate Design Code Act, which articulates privacy standards and site design requirements for children under 18.
Maryland and Minnesota will bring back legislation similar to California in 2024, while states like Florida and Utah focus on child safety specifically for social media. Either way, expect more children’s online safety bills when 2024 legislation gets underway.
4. Explosion of Unstructured Data
80% to 90% of data generated is unstructured, which is already a mind-boggling amount of unstructured data. Well, buckle your seats. Generative AI (GenAI) is creating an explosion of unstructured data, and its volume will keep increasing in 2024.
Historically, analyzing unstructured data has been quite challenging, but with GenAI & Large Language Models (LLM) introducing new levels of risk, classifying, managing, and securing unstructured data to ensure GenAI doesn’t have access to confidential, personal, regulated, or sensitive data is critical.
With the help of AI and machine learning, organizations can benefit from using technologies that can search through massive quantities of unstructured data to gain visibility and secure the data. If unstructured data isn’t already on your mind, it definitely will be in 2024.
5. Continued AI Proliferation & Legislation
The US recently signed an AI Executive Order to address the safe, secure, and trustworthy development and use of AI. The US isn’t the first country to enact an AI Privacy Law, as we’ve seen different AI approaches globally, such as in the EU, Brazil, Canada, and China currently drafting regulations.
2024 will see an increase in AI legislation proliferate worldwide as countries adapt to using AI safely and ethically. In 2024, regulators, when drafting legislation, will have to find the balance between protecting the rights of consumers and encouraging the development of new AI technologies.
In the process of writing these predictions, the U.S. Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC), in collaboration with 21 other global agencies, released Guidelines for Secure AI System Development.
6. Still No US Federal Legislation in 2024
Even though the US inches closer to a Federal Data Privacy and Protection Bill, I don’t foresee that happening in 2024. While the US took steps to address AI with some substantial requirements, the consensus is that Congress needs to pass privacy legislation that aligns with the AI EO.
Since there is no federal legislation, several states will enact AI legislation. California continues to lead the charge regarding privacy legislation with an ambitious AI order.
With Montana, Oregon, and Texas set to go into effect, and a slew of other states pending legislation, the call for a US Privacy bill will only get louder and louder.
7. Assessment of the Automotive Industries Data Privacy Practices
As it relates to data privacy, the industry that will be under the most scrutiny in 2024 will be the automotive industry. A recent Mozilla Foundation published article, It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy, highlights how car manufacturers capture consumers’ every move through trackers, cameras, microphones, and sensors. That makes cars a privacy nightmare you would only find on Elm Street!
The crux of the issue is that car manufacturers collect too much personal information and share and sell data, and drivers need more control over their privacy rights. With recent incidents at Tesla and Toyota, data protection authorities and consumers will be monitoring the automotive industry’s privacy and security practices with more scrutiny.
8. Increase in Data Sovereignty Awareness
Awareness of data sovereignty will be at the forefront as data localization has been challenging for several multinational companies. The expansion of data localization is due to several emerging privacy laws that require organizations to control the data in the country in which it resides.
In 2024, organizations will prioritize data sovereignty, which helps build trust, increase brand reputation, maintain compliance with local and international regulations, minimize risk, and, most importantly, avoid those highly hefty fines.
9. Empowering Consumers with Centralized Privacy UX
The tide continues to turn in favor of individuals as awareness about data privacy grows. Consumers demand greater control over their data, pushing for transparent data practices and asserting their rights to own and manage personal information.
In 2024, organizations will respond by providing more data accountability privacy-enhancing technology (PET) for data management and more apparent consent mechanisms. A significant benefit of data accountability PETs is the consistent ability to provide data subjects ultimate control over when and how their data is being used.
10. Leveraging AI to Mitigate Privacy Risk
According to IBM’s 2023 Cost of a Data Breach, the average time to detect and contain a data breach is 277 days, about nine months!
That’s a considerable amount of time. Can you imagine how much data hackers got away with in that many days?
In 2024, we expect privacy risks to continue to grow, and AI risks will only get more complex. But with complexity comes an opportunity to also innovate. Organizations can leverage AI to remedy potential data privacy risks by getting AI-driven recommendations, prompts, and trends across data. AI can quickly analyze large datasets, detect patterns, and adapt to emerging regulations, making it a valuable tool for effectively identifying and mitigating privacy risks.
The data privacy landscape in 2024 promises a continued evolution toward a more privacy-centric and ethical approach. Data privacy trends, from regulatory developments to technological innovations, indicate a collective commitment to fostering a digital environment that respects and protects individuals’ rights. As individuals become more empowered and organizations prioritize responsible data practices, the future promises a more secure, transparent, and privacy-aware digital era.
BigID provides an automated and holistic privacy management platform that addresses new and emerging data privacy and protection regulations to proactively address risk, achieve compliance, protect data rights, and eliminate data leakages.
Want to see BigID in action? Schedule a one-on-one with our privacy experts today.