When it comes to consumer privacy and data protection trends, we’re witnessing a tsunami.
European Union enforcement of the General Data Protection Regulation (GDPR) in May 2018 was the earthquake that marked the confluence of two market forces: consumer demand and legislation. Now, that force has turned into a wave that’s headlining boardroom agendas around the globe.
On the legislation side, the California Consumer Privacy Act (CCPA) went into effect on January 1, 2020. In Brazil, the LGPD is slated to start in August of 2020. These two significant pieces of legislation amplify the momentum created by GDPR.
On the consumer demand side, the issue of data privacy has continued to challenge businesses. In the U.S, 73 percent of consumers say they’re more concerned about their online privacy than they were a few years ago, and within the EU, one in five consumers believe that businesses do not care about their privacy.
Given the overwhelming importance of this issue to businesses, and the pace with which it’s evolving, it’s critical that businesses stay abreast of regulations – and consumer expectations.
3 Consumer privacy and data protection trends for 2020
Following are three predictions for where consumer privacy and data protection trends are heading.
1. The consumer data privacy regulation charge will pick up even more speed
While many companies focus on enacted laws, there’s another story at work: all of the laws in the legislative pipeline.
In 2019 alone, legislation related to the privacy of consumer data, including bills related to online privacy, collection of consumers’ biometric data, data broker regulation, and other miscellaneous consumer privacy issues were introduced or filed in at least 25 U.S. states and Puerto Rico. Most of the bills introduced have failed or are expected to fail.
In 2020, we predict this trend will turn around, especially in the U.S. As CCPA becomes more set in stone through lawsuits and legal refinements, other states will gain a blueprint to pursue their own consumer data privacy regulations. More of these efforts will succeed, and consumer data privacy regulations will be enacted by more states.
What does this mean for businesses? Simply put: a piecemeal strategy of addressing regulations one-by-one isn’t sustainable.
Instead, companies in the vanguard will develop and apply a data privacy strategy with the flexibility to adapt to new regulations with speed and accuracy. This will provide a clear market advantage compared to competitors who don’t address this new environment successfully and expose themselves to regulatory risk and brand reputation damage as a result.
2. Solutions for personal data control will spark new levels of innovation
One of the core concepts of consumer data privacy regulations is that customers should be able to control both the personal data they share with organizations and how organizations use that data. This concept is based on consumer demand; simply put, they don’t trust organizations with their personally identifiable information (PII).
Currently, the onus to provide customers with personal data control sits with organizations. The regulations detail what control should exist, and it’s the organization’s responsibility to execute the actions when requested by customers.
In the not-too-distant future, we predict innovations will shift the paradigm so customers will be able to act, not just request.
In fact, one market leader is already showing the way. Apple recently announced that its apps won’t store each customer’s real email address, but rather a unique email address that is generated by Apple on their behalf. Emails will be sent to this proxy address, which Apple will then automatically redirect to the customer’s personal email address.
The same basic process is possible with phone communications, home delivery, and with the transfer of funds through a middleman clearing service.
Each email address, phone number, physical address, and piece of payment information is unique per customer and per organization. So, a customer can easily revoke the unique proxy given to company X and, from that moment on, company X will no longer have access to the customer’s PII.
In this way, customers don’t need to trust organizations to delete their data or to stop communicating with them. They can simply disconnect from any organization whenever they choose.
3. Chief Data Officers(CDO) will gain influence and buying power
Tracing its roots back to the early 2000s, the Chief Data Officer is a relatively new role in the C-Suite. Now, research shows more than 67% of large organizations have a CDO. Why? One big reason: the amount of data generated around the globe.
IDC predicts that the collective sum of the world’s data will grow from 33 zettabytes in 2018 to a 175ZB by 2025, for a compounded annual growth rate of 61 percent. And while there may be a wealth of data available to an organization, not all data is created equally. Large organizations lose almost $10 million per year due to poor data quality.
Beyond the traditional role of the CIO and the IT department – who own the technical roles related to data storage and security – businesses are tasking the CDO to be the forward-looking data champion who sets strategy, leads integrations, maximizes utility, and ensures governance. In recent years, these responsibilities have increased in significance as businesses have tapped into powerful AI/ML and customer data platform capabilities.
The role is also distinct from the Chief Digital Officer. In this CDO vs CDO comparison, the “digital” title focuses more on an enterprise’s digital transformation efforts. On the other hand, the “data” title tends to provide more on-going strategy guidance concerning the enterprise’s data use.
In the upcoming months and years, we predict the CDO role will grow even more prominent. With the onset of a more fluid data privacy landscape, as demonstrated by GDPR enforcement and the imminent CCPA roll-out, CDOs are being asked to take more of a role in risk and compliance management.
For example, they can work with Data Privacy Officers (a GDPR-required security leadership role) to ensure timely, successful audit responses. In addition, they can lead their organization’s efforts to find solutions to address consumer data protection trends and data privacy regulatory requirements.