2024 has been a surprisingly quiet year in data privacy, but with an intense focus on AI, expect 2025 and beyond to set new standards for data compliance
View in browser

Data Privacy Happenings ๐Ÿ“ฐ

Hello from MineOS's monthly newsletter, The Privacy Mindset! ๐Ÿ‘‹

 

2023 was quite the year for data privacy; regulation surged globally, GDPR fines and violations both hit record highs, and society realized quickly how much trouble AI could pose to both data privacy and protection. This year, while not quite over yet, has seen the industry take a collective breath to recooperate, hopefully with the intention of a leap forward in 2025.

 

GDPR fines are considerably down compared to 2023, the US again failed to pass a federal comprehensive data privacy law, and despite amendments and progress to data privacy laws in countries like India and Israel, no major new global economy has seen legislation passed 3/4s of the way into the year. 

 

The reason for this respite? Artificial Intelligence.

 

If 2022 shocked the world with where the state of AI currently stands, 2023 brought corresponding concerns and 2024 has had those concerns acted upon. 

 

The EU passed the world's first comprehensive AI legislation, the EU AI Act, the US has similarly gotten caught up in AI hype and hysteria, and much of the rest of the world awaits how much progress American tech giants will make in the AI race. 

 

Is more AI regulation coming? Absolutely.

 

Will regulators start to crack down on the worst data privacy and security sins of AI development? Almost definitely (if nothing more than to send a message to all developers).

 

But the biggest bet is that data privacy and compliance is going to evolve to take on an even bigger role in organizations as it takes responsibility for AI initiatives. 

 

We have already seen Chief Privacy Officers bearing the majority of the burden of AI governance, and with the high overlap in challenges between privacy and safe AI development, that trend is a surety to continue.

 

What does that mean for 2025 and beyond? Buckle up, it's going to be a crazy next few years.

Product Spotlight ๐Ÿ”ฆ

MineOS revamped the platform's Assessment capabilities this summer, introducing a variety of customization features that will allow organizations to tweak their DPIAs, TIAs,  and other reporting requirements more closely to their unique compliance infrastructure. 

 

The combination of a new and improved assessment builder combined with MineOS's radar feature truly elevates privacy programs out of the days of spreadsheets and manual reporting.

 

By linking assessments directly to a live data inventory, we open up new possibilities for enhancing compliance and risk management as data sources, data subjects, transfer mechanisms, and business purposes update automatically. This connection's dynamic nature means assessments are more accurate and fluid, providing a clearer picture of your data environmentโ€™s gaps.

 

Regulation Focus ๐Ÿ”ฌ

California AB 3048 1798.136(a)(1)

"Unless otherwise prohibited by federal law, a business shall not develop or maintain a browser/operating system that does not include a setting that enables a consumer to send an opt-out preference signal to businesses with which the consumer interacts through the browser/[OS]."

 

We won't bury the lede here: this law was passed by California's legislature last month, but vetoed by Governor Gavin Newsom this week.

 

In a sense, that may be cheating a bit, but what the law would have done and the somewhat surprising nature of the veto reveal quite a bit about the current data privacy landscape in America.

 

AB 3048 was part of a rush of privacy and AI-focused bills California passed in the final days of its 2024 session, and stood out as perhaps the most influential in the bunch.

 

Given how common universal opt-out methods are becoming in data regulations, ordering operating systems and internet browsers to automatically include opt-out signals seemed like a logical and useful way to guarantee that a data right people have actually went to use. 

 

Instead, Governor Newsom wrote in his veto, "I am concerned, however, about placing a mandate on operating system (OS) developers at this time ... To ensure the ongoing usability of mobile devices, it's best if design questions are first addressed by developers, rather than by regulators."

 

The problem, however, is that developers have been slow to embrace privacy by design principles until regulators or the wider public twist their arm into doing so.

 

Data privacy in American badly needs a public awareness campaign, and this bill would have been a quick and painless way of alerting many people of their data rights. Instead, it lies on the ash heap of theory as a big missed opportunity.  

Founder's Corner ๐ŸŽ™๏ธ

CEO & Co-Founder Gal Ringel

 

Q: What is one takeaway from your time at IAPP PSR24?

 

A: Many organizations still don't have modern data mapping solutions in place. Between all those who attended the session and the people I've spoken with at PSR24, the desire to create comprehensive, continuous data maps is there, but leadership needs to be shown technology can deliver that and the resulting ROI.

Webinars & Events ๐Ÿ“…

MineOS is following up IAPP PSR24 with another big event: RISK London on October 9-10!

 

As the premier GRC conference in the UK and a free event, it's can't-miss for our European friends.

 

๐Ÿ“… Register here: https://www.tickettailor.com/events/grcworldforums/1109182/r/mine

 

Talk with us

How did you like this month's issue?

Let us know
footer

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences