The institution of the General Data Privacy Regulation by the European Union on May 25, 2018 was the first major step in establishing a worldwide standard for keeping personal data private for users of IT–and that means just about everybody. It also includes the right to be forgotten, should a user decide to completely vacate the cyber world.
GDPR provides a set of regulations to help protect user privacy and enforce data protection. GDPR also includes reporting requirements for organizations to disclose data breaches within 72 hours, as well as impose harsh penalties for organizations that do not protect user data.
While 2018 was a landmark year overall for containment of data privacy, enterprises in general are slowly coming around to complying with the rules, even though they apply specifically to companies that do business within the boundaries of the EU. Other jurisdictions, such as California, are busy enacting their own follow-on privacy regulations. These are all good rules that protect consumers, despite the red tape for enterprises that goes with it all.
(To see a larger version of the image above, right-click on it and select “View Image.”)
Following are some predictions involving data privacy for 2019.
John Dietz, VP, Concur Labs:
Data privacy will fundamentally change product engineering. In 2018, GDPR fundamentally changed how global technology companies work with user data. In 2019 and beyond, GDPR is now table stakes. Product engineers and developers are looking at how they can deliver both ultimate protection and ultimate personalization. Approaching privacy as a sliding scale vs. a simple model of opt-in or opt-out, opens the door to more possibilities for transparent data collection and machine learning. Concepts such as Data Washing and a privacy dial can allow users and/or their companies to increase or decrease the type of information gathered by filtering different levels of personally identifiable information.
Don Foster, Senior Director of Worldwide Solutions Marketing, Commvault:
Privacy First Becomes a Priority. As government agencies increasingly cite enterprises for non-compliance with the European Union’s GDPR and other strict data privacy regulations, and other governments implement new data privacy regulations, enterprises will increasingly adopt a “Privacy First” approach to data management. However, the challenges these enterprises will face as they seek to integrate data privacy best practices into their existing applications, as well as new mobile, IoT and other applications, will be significant. Enterprises will need AI-powered, automated, outcome-driven data management solutions to address these challenges if they hope to implement strong data privacy policies without sacrificing productivity or agility.
Barbara Cosgrove, Vice President and Chief Privacy Officer at Workday:
Companies slow to move into compliance with GDPR. As of August 2018, about 1/3 of companies were still not compliant with GDPR. In the coming year, GDPR compliance will become a bigger priority for organizations, as they start to identify which companies are prepared to handle and protect their data. Additionally GDPR will spur a global privacy trend that will hold companies accountable for how they use personal data.
Dave Weinstein, VP of Threat Research, Claroty:
Privacy legislation is coming. In the wake of numerous security incidents at Facebook, Google and other Internet giants, not to mention high-profile hearings about the tech sector’s data collection policies and practices, it’s hardly a stretch to anticipate the next Congress to take up privacy legislation early in the new year. In fact, people such as Mark Zuckerberg and Sundar Pichai have conceded that some regulation would be healthy. Security and privacy create strange bedfellows on Capitol Hill, pairing far-left progressives with libertarian conservatives. Lawmakers will likely take their cues from the EU by mimicking many aspects of GDPR. That said, expect Silicon Valley, not Washington, to write the rules on privacy as their lawyers and lobbyists have long anticipated this day coming.
Candace Worley, Chief Technical Strategist at McAfee:
Chief Analytics Officer (CAO) and Chief Data Officers (CDO) will need to supervise AI. There are myriad decisions that must be made when a company extends its use of AI. Implications exist for privacy regulation, but there are also legal, ethical and cultural implications that warrant the creation of a specialized role in 2019 with executive oversight of AI usage. In some cases, AI has demonstrated unfavorable behavior such as racial profiling, unfairly denying individuals loans, and incorrectly identifying basic information about users. CAOs and CDOs will need to supervise AI training to ensure AI decisions avoid harm. Further, AI must be trained to deal with real human dilemmas and prioritize justice, accountability, responsibility, transparency and well-being while also detecting hacking, exploitation and misuse of data.
Calvin French-Owen, CTO of Segment:
Software development and systems will reorient around privacy. Many companies became more privacy-conscious in 2018, but in 2019 they will need to reorient to bake that mindset into the full technology lifecycle. In many ways, technology systems work against privacy requirements – for example, adding to a database is an extremely fast operation but deleting or auditing data is incredibly slow. Since it’s often a monumental effort to add privacy after the fact, technology leaders must rethink workflows, systems, and even how their engineers design systems from day one.
Data center owner/operator Equinix:
Homomorphic encryption will aid data privacy. To contain data privacy breaches and keep control over their data, in 2019 we predict enterprises will focus on new data management techniques such as homomorphic encryption that allows computations to be done on encrypted data without requiring access to the data security key. Homomorphic encryption is a form of encryption that allows computation on ciphertexts, generating an encrypted result which, when decrypted, matches the result of the operations as if they had been performed on the plain text.
Bhaskar Roy, Client Partner and Head of Customer Analytics at Fractal Analytics:
More challenges to data security and privacy are coming. As more countries look at localizing data storage, and defining limits/boundaries of data usage, the ability to drive personalized insights will be challenged. This should ideally lead to organizations looking at innovative ways to drive customer engagement.
Daniel Mintz, Chief Data Evangelist for Looker:
GDPR’s major impact on staffing and resources beyond privacy. GDPR is obviously having a major impact on privacy staffing at companies worldwide, but there is another side effect people may not be thinking of. GDPR imposes a cost of retaining data when before there was basically no cost. When GDPR-mandated data protection officers arrive, they want to get rid of all unnecessary data to avoid additional costs. Unfortunately, they usually find total data chaos where no one is sure which data is actually valuable. The DPO’s first task is often to figure out what data has value and what data doesn’t, but this takes resources. In 2019, we will see companies bringing in additional staff, tools and trainings to untangle the data chaos so they can leverage their valuable data while staying compliant with GDPR.
Josh Feast, CEO and co-founder of Cogito:
The Year of Demystifying AI. In 2019, society will push for the demystification of AI and demand a better understanding of what technology is being built, and greater transparency into how it is being used. In recent years, there has been an apparent shift in mindset across our society when it comes to AI, especially regarding privacy concerns. As a result, technology creators will have to embrace full transparency and responsibility to ensure privacy rights are respected and that the technology is being used in a valuable and ethical way. In the end, this will lead to a clearer division between AI’s purpose, whether it’s AI leveraged to automate simple tasks or used to better augment human’s natural abilities. As transparency increases, people will better understand that AI is not an all-encompassing term for machines that can replicate and act like a complete human, but rather a more explicit set of functionalities that can better automate simple tasks and augment people executing more complex actions. This will result in less fear of a machine takeover and greater acceptance of new innovation.
Bill Magnuson, Co-Founder and CEO at martech startup Braze:
Think quality over quantity: As scrutiny on operators and privacy continues, stockpiling irrelevant data no longer makes sense in the post- GDPR world. Instead, companies must rely on AI to drive deeper customer conversations, where respect is paid to the customer across all touchpoints.
Brian Kuhn, Chief Digital Officer, OVHcloud:
Continued focus on the big three pieces of legislation that hit in 2018. 2018 was a significant year for legislation that impacts data centers and the customer data within. Three pieces in particular are worth keeping an eye on in the coming year:
- Net neutrality: A year later, cloud providers will continue to wrestle with maintaining an open and free Internet for their customers. In 2019, there will be even more emphasis on preserving the freedom of what users want to see, when they want to see it, and how much they’re going to pay for it.
- GDPR: As customer data proliferates and expands its residence to edge devices, data sovereignty will be a huge challenge in 2019. Infrastructure providers must be intentional in instilling proper data regulations across the board to ensure they remain complaint and avoid million-dollar fees. US organizations will continue to struggle with GDPR compliance, due to different standards of compliance in the US and in the EU, and the amount of interpretation required to determine their compliance position.
- CLOUD Act: Data sovereignty will not only affect Europe but will hit close to home on U.S. soil as well. In 2019, as the emphasis on the security of customer data spreads, we’ll see data sovereignty become a global issue that businesses worldwide will have to cope with (e.g. the California Privacy Act).
eWEEK will continue its Predictions 2019 series well into January.