Regulation focused on privacy is heating up. Between 2018-2022, only five states passed comprehensive privacy laws–while in 2023 alone, seven additional states joined them. Noteworthy legislations from last year include Florida’s Digital Bill of Rights, California’s DELETE Act, and Washington’s My Health My Data Act, all of which underscore the accelerating pace of privacy evolution.
Similar developments indicate this year will see even more updates. So far, we’ve seen New Jersey become the 13th state to pass a comprehensive state privacy law via Senate Bill 332, as well as a historic FTC enforcement action against data broker Outlogic (formerly known as X-Mode Social)… and we’re only a month in.
As more states pass not just comprehensive privacy laws, but narrow legislation that focuses on children’s privacy, data brokers, and hopefully, the emerging trend of privacy-for-profit, the pressure to find solutions that support compliance, while saving resources in an unsettled market, is only going to grow.
Here are the top trends I expect to see in 2024:
Increased regulatory focus on data brokers
Data brokers were a mainstay in 2023 headlines. The California DELETE Act drew significant attention after passing in October. It introduced fresh registration and disclosure requirements for data brokers and established a “one-stop-shop,” where individuals could order the hundreds of state registered data brokers to delete their personal data with a single request.
The FTC’s settlement with Outlogic at the start of this year is another clear signal of heightened regulatory focus. Industry experts have mixed views on the settlement, but the macro message is clear: regulators have set their sights on data brokers.
Privacy-for-profit
Meta’s subscription-based service in the EU is a pressing and high-profile example that exemplifies the growing trend of privacy-for-profit. In short, paying users enjoy greater privacy protections and an ad-free version of Facebook, while those who don’t will be tracked, profiled, and served targeted ads.
Privacy rights groups have rallied against the plan, arguing the subscription fee is excessive and out of proportion to the amount of ad revenue derived from each user. These groups also argue that if this strategy goes unchallenged, it could cause a domino effect. Apps and online services everywhere could begin to put a dollar amount against user privacy, limiting to paying customers what should be a fundamental right for all.
The rise of privacy-enhancing technologies
Even as tech giants and data brokers attempt to erode digital privacy at a startling pace, it’s not all doom and gloom. As a direct response to these developments, a counter-movement has emerged: the rise of increasingly powerful privacy-enhancing technologies (PET). Three key technologies to watch are:
- Differential Privacy: A system for publicly sharing information by describing the patterns of groups within a dataset, while withholding information about the individuals in the dataset. This technique adds random noise to the data to ensure individual privacy isn’t compromised, allowing maximum data accuracy with minimum risk of identification.
- Decoupling: An idea that gained more traction in 2023, decoupling refers to splitting information between its purposes, allowing cloud services to access only what they need to complete a specific task.
- Secure Multi-Party Computation: This is a cryptographic method where a given function is computed in a distributed manner. Despite multiple parties being involved, the inputs from each participant remain private. This assures that while aggregate data can be analyzed, individual data remains confidential.
Data privacy moves quickly and evolves constantly, which makes it a fascinating space to build for. There is always something new to consider and a fresh challenge to solve. We have 13 state privacy laws on the books and several more in the hopper. I expect 2024 to be a year that companies start searching for solutions that more effectively support compliance.