Data Privacy Day: assessing the state of the privacy nation in 2019

data breach

Data Privacy Day, is always a good opportunity to reflect on the state of the ‘data privacy nation’ as we head into a new year.

The origins of this annual event are particularly relevant to examine at this juncture since the date for Data Privacy Day was originally chosen to commemorate the 1981 signing of the first ever legally binding international treaty dealing with privacy and data protection: EU Convention 108.

Today, nearly 40 years later, the global privacy landscape is still being shaped by the EU, thanks to the General Data Protection Regulation (GDPR). This long-awaited regulation – which came into effect on 25th May last year – is sure to play a major role in the evolution of data privacy in 2019. In fact, it has a significant effect on the three major privacy trends that I expect to see play out in the year ahead.

Trend 1: Data privacy is now top of mind for consumers

Post-GDPR, and in the wake of the Cambridge Analytica scandal, we are seeing real signs that consumers are starting to pay more attention to data privacy and protection. In the months following GDPR coming into effect, regulators recorded huge spikes in the number of complaints received.

For instance, the UK’s Information Commissioner’s Office reported a 260% increase in the number of complaints in the three months after GDPR coming into effect. In France, the equivalent regulator – the CNIL – saw a rise of 64%. More recently, the CNIL has also made headlines by issuing the first major fine for a breach of GDPR earlier this month. The regulator issued a fine of €50 million ($57m) after finding that Google’s onboarding and set-up process for new Android devices was in breach of GDPR.

With Amazon, Apple, Netflix and Spotify (and Google again) also accused of failing to comply with GDPR in a separate case, we are seeing clear signs that issues around privacy have now become ‘top of mind’ for consumers and that they are starting to take advantage of the new rights awarded to them by GDPR.

Trend 2: The ‘GDPR ripple effect’ extends far beyond Europe

We are also seeing evidence that GDPR is having a big impact outside of the EU. More than 10 countries are currently working on new or improved privacy regulations, including Argentina, Brazil, India and Australia, as part of a rising tide of data regulations globally.

In the US, there has also been a noticeable “GDPR shift”, with many businesses rewriting their privacy notices and – in some cases – improving their approach to data transparency and controls. Beyond these voluntary measures, regulations are also being strengthened at the state level – particularly in California, Colorado, Virginia, Washington and Illinois – and discussions are ongoing at a federal level.

While the specifics of these international policies will vary from market to market, it is highly likely that many of them will be closely based on the EU’s framework, and will therefore follow the spirit of the GDPR, which clearly outlines the importance of privacy as a human right.

Trend 3: Good business is now synonymous with good privacy practices

Finally, it has been encouraging to see signs in recent months that businesses are starting to feel the benefits of good privacy practices, and vice versa, as the reputational impacts start to affect customer retention and companies’ bottom lines.

One high profile example has been the success of DuckDuckGo, the alternative search engine. This is a business that has defined itself from the very beginning as ‘pro privacy’, with its website promising users that they can ‘seamlessly take control of your personal information online, without any tradeoffs’. DuckDuckGo has seen growing demand for its privacy-first services, with the company recently reporting a growth rate of over 50% and $10m in new funding.

As customers start to pay more attention to issues around data privacy, they are also likely to start expressing their dissatisfaction with those companies that fail to live up to expectations. This means not only exercising their rights as enshrined in law, but also taking their custom (and attention) elsewhere when they feel that a company has misused their personal data.

Increasingly, ‘giving customers what they want’ is no longer all about offering convenience and value – it is now also critical that brands can earn – and retain – their customers’ trust. If they haven’t already, businesses should see Data Privacy Day as an opportunity to start leaning in to privacy and consent, not just for compliance, but for real business benefits.


By Eve Maler, VP of Innovation & Emerging Technology, ForgeRock.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.