We recap 2023 in data privacy, including the biggest trends, major Mine news, and a product roundup
View in browser

Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

 

2023 has just days left until it becomes a thing of the past, which means it's retrospective time! 

 

To answer the question posed in the email subject line: yes, 2023 was a year privacy professionals will remember vividly, and mostly for the good.

 

Regulations passed? ✅

 

8 U.S. states passed comprehensive data privacy laws, with another 2 passing strong consumer health data laws. Now over 130 million Americans have data rights, with momentum surging for more gains in 2024.

 

In the EU, the Digital Markets Act and Digital Services Act passed and became partially applicable, which should make regulating Big Tech an easier proposition going forward. 

 

Elsewhere globally, India and Vietnam each passed data privacy laws, expanding the industry in the APAC region. 

 

Strong enforcement? ✅

 

The EU did most of the heavy lifting here, putting forth the strongest year of GDPR enforcement in the law's existence so far. 

 

GDPR fines set records for both the monetary amount as well as the quantity of fines issued:

 

🔻 438 GDPR fines 
🔻 €2.054 Billion/$2.248 Billion in fines 

 

Memorable narratives? ✅

 

We might be burying the lede by not starting with this, but 2023 will of course be remembered for the rise of AI and all the corresponding talk of AI governance and an increased emphasis on data privacy. 

 

There's way too much to cover here, but the EU saw fit to put an exclamation on the topic for 2023 by agreeing on an official framework for the upcoming AI Act, the world's first comprehensive AI legislation.

 

The law's text and technical details have not yet been revealed and still have to be hammered out over the course of the next few months, but having an agreement in place will likely impact how AI is discussed in the first half of 2024.

 

Our initial takeaways from the announcement? The tiered approach works well, as different risk levels should carry different regulatory obligations rather than painting AI broadly with a single brush. 

 

As the law will apply to EU citizens, much of the world is going to have to react and comply or lose out on the European market, which should create a similar type of global adoption that we saw when the GDPR went into effect in 2018. 

 

There are still plenty of questions to answer when the full text comes out and many are upset with the regulation—with some claiming it will slow innovation and others worried it has not outright banned technology that could be used for state surveillance—but getting any kind of law on the books makes sure that the unchecked  AI hysteria that dominated most of 2023 will not leak into 2024. 

 

Regulation might not be ahead of AI, but it could conceivably keep pace with it, something that unfortunately cannot be said about data privacy regulation, considering regulators have spent much of the past decade playing catch-up.

 

For that, the 2023 narrative of AI and AI governance ends on a high note. 

Mine News 🎉

Mine is closing out 2023 with some fantastic news: we've raised $30M in our B Round! 

 

Check out some coverage of the milestone:

  • Press Release
  • Tech Crunch's interview with CEO Gal Ringel
  • Venture Beat's coverage of the announcement

 

Image $30M Series B

Product Spotlight 🔦

It has been a busy year for the MineOS product and engineering teams!

 

To capture all the hard work they've put into the platform and how it has evolved over the past 12 months, check out Our 2023 Product Roundup!

 

One of the biggest product updates from the last month is our brand new Vendor Risk profile.

 

Understanding and manager risk is so critical to data governance that we've doubled down on how front & center we display risk within the platform.

 

Now every system you select within your Data Inventory comes equipped with a dedicated Risk section, including its own cybersecurity rating.

 

Not only does this update help identify risk faster, but the new section evaluates the severity of these risks and provides tailored mitigation strategies. 

 

New Risk Vendor Section

Regulation Focus 🔬

California Delete Act SB362 Sec. 3, 1798.99.82.

"A data broker shall  ... provide the following information [when completing mandatory registration with the CPPA]:

 

(A) The name of the data broker and its primary physical, email, and internet website addresses.
(B) The metrics compiled pursuant to paragraphs (1) and (2) of subdivision (a) of Section 1798.99.85.
(C) Whether the data broker collects the personal information of minors.
(D) Whether the data broker collects consumers’ precise geolocation.
(E) Whether the data broker collects consumers’ reproductive health care data.
(F) Beginning January 1, 2029, whether the data broker has undergone an audit as described [herein]."

 

Despite 13 states now having comprehensive data privacy laws on the books, only three of those—California, Oregon, and Texas—have data broker registry laws. 

 

California, as the first state to pass data privacy regulation, had these registration requirements before any other state. However, the initial information data brokers needed to provide the California Privacy Protection Agency was extremely limited, only having to provide contact details. 

 

With the passing of the Delete Act, not only is there a path for a consumer-friendly one-stop-shop to exercise data rights in the future, but there will be significantly more oversight of data brokers going forward.

 

They will now have to submit the laundry list of information listed above annually (including several other requirements such as how they enable data rights and how the organization may be regulated by typically preempted federal laws), which should help focus enforcement resources towards companies that have a higher risk profile. 

 

With fines for failing to register now doubled, California is putting its weight behind the Delete Act so it can more properly understand the scope of data brokers within the state. It's a smart approach and one other states hopefully begin to adopt over time.

founders trio

Founder's Corner 🎙️

CEO Gal Ringel on the road ahead for Mine post-B Round:

 

"Our pragmatic approach, combined with an emphasis on ease of use, has resonated deeply with our customers. Thanks to this funding and the unparalleled expertise of our board and team, we're poised to deliver even more seamless and satisfying Data Privacy, Governance, and soon AI Risk Governance that our customers will love and cherish.

 

We have great momentum in the market and cannot wait to continue innovating. At Mine, we’re striving to be the Single Source of Data Truth within the organization. Come join us on the journey, and we promise you the ride will be worth it."

Webinars & Events 📅

In a few weeks CEO Gal Ringel will take part in a star-studded live event with some of the best in the privacy business: Nia Castelly, Luiza Jarovsky, and Odia Kagan.

 

Join the event on January 8 at 6 PM GMT/1 PM EST to hear the best analysis around on What to Expect in Privacy in 2024!

 

Register here!

 

Jan 8 Priv Whisperer Event

Talk about

data privacy

with us:

press@mineos.ai 

flybook

How did you like this month's issue?

Let us know
footer

SayMine Technologies Ltd., 94 Igal Alon st., Alon 1, Tel Aviv, Israel, 6789155

Unsubscribe Manage preferences