Eric Hoffer said, “The only way to predict the future is to have the power to shape the future.” But this strongly relates to data privacy, as the government, corporations, and consumers continue to mold this evolving privacy landscape.

Here we predict some critical developments that will affect data privacy in 2023.

Prediction: 2023 won’t be the year for a US Federal Law.

There will likely be a ramp-up in enforcement action in the US, as Sephora put CCPA to the test with a $1.2 million settlement for violating the “do not sell” provision. In addition, many US states are adopting data privacy laws, with some going into effect in 2023, such as CPRA (CCPA amendment) and Virginia (VCDPA), which will only pressure government officials and regulatory agencies towards a federal law.

As the discussions on the American Data and Privacy Protection Act (ADPA) continue, it doesn’t appear that we’ll see a final version passed through Congress in 2023.

Prediction: The Global Data Privacy Ecosystem will keep heating up.

Australia’s second-largest telecom company, Optus, had such a significant data breach that it prompted lawmakers to introduce legislation.

Southeast Asia is a region that is getting some traction, as Indonesia passed the Personal Data Protection Bill and India is revamping its Digital Personal Data Protection Bill.

While Argentina is potentially reforming Personal Data Protection Law, passed in 2000, Canada has also introduced new federal privacy and AI legislation very similar to the EU Data Act in the EU.

Data privacy activity is going on worldwide as policymakers are racing against time to protect their citizens’ data.

Prediction: Data transfers should get easier between the US and the EU/UK.

President Joe Biden signed a new executive order on a framework for data transfers that enhance safeguards of EU personal data to the US. The expectation is that this agreement would limit government access to data. But for companies moving data between the US and EU, there is more legal certainty around data transfers. In 2023, this agreement could make a significant impact, but it depends on the limitations and whether governments will genuinely adhere to these data practices.

Prediction: The new UK Data Protection law won’t make a difference.

The UK will forge ahead and reform the UK data protection law. The only thing in question is the adequacy of protection to the EU. U.K. government officials claim the reforms will closely model the basic principles of GDPR. If so, a new UK law will have little impact on those that have established a single data privacy approach across Europe. 2023 should be the year the UK catches up with the EU

Prediction: There will be even more Newsworthy Fines.

In 2022, there were plenty of newsworthy fines, which expect to increase in 2023 as organizations continue to adapt to new and existing privacy regulations.

Below are some of the Top Fines for 2022

  1. Instagram Meta Platforms Inc. – Ireland | €405.000.000
  2. Epic Games – US | $275,000,000
  3. Twitter – US | $150,000,000
  4. Clearview Al Inc. – Italy | €20.000.000
  5. Clearview Al Inc. – Greece | €20.000.000
  6. Clearview Al Inc. – France | €20.000.000
  7. Meta Platforms Ireland Limited – Ireland | €17.000.000

Some of these fines are staggering, and when you combine the top fines, it almost reaches a billion ($US). Now the only question I have about these fines is, what happens to the money?

Prediction: Surveillance technology/facial recognition (AI Apps) will be a highlight for privacy regulators.

The rapid expansion of facial recognition technologies (FRT) has been a significant issue in data privacy, with several disadvantages of using the technology to identify individuals without proper consent.

FRT has even prompted the European Union to draft an Artificial Intelligence Act to restrict the use of FRT in specific business use cases. Even within the United States, many laws have been passed to help regulate FRT.

FTR is expected to grow as increased investments, such as Smart Cities, adopt the technology. However, in 2023 expect more of the same as privacy concerns will require regulators to consider stricter rules to balance its benefits and potential damage.

Prediction: AI will continue its proliferation into data privacy.

As AI expands across all industries, it will forever shape our world in the years to come, for better or worse. In addition, AI has increased in many areas of everyday life, so it needs to be under a microscope.

The challenge in 2023 and beyond will be how governments and companies go about the ethical use of AI. At the same time, regulators must find a balance between protecting the rights of consumers and encouraging the development of new technologies.


There are many other considerations that privacy professionals must account for as we leave 2022 behind, but it’s all about adapting to the landscape’s unpredictable nature. With a better understanding of these constant shifts and preparing for upcoming data privacy changes, teams can meet their goals and set expectations.

Here at BigID, we’ll keep a close eye on these 2023 developments as we help organizations weather the data privacy storm.

In the meantime – see BigID in action, and schedule a demo to speak with our privacy experts.