World News – US – Data protection predictions for 2021 – Help Net Security

2020 has presented us with many surprises, but the world of data privacy has turned the tide somewhat Many verticals have suffered losses, uncertainty and shutdowns, but the protection of people and their information continued

After many websites simply blocked access unless you accepted their cookies (now deemed illegal), we received clarification on cookies from the European Data Protection Board ( EDPB) With the end of the Privacy Shield, we have seen the end of a legal basis for cross-border data transfers

Heavy fines for non-compliance with the General Data Protection Regulation (GDPR) have shown organizations that the regulation is far from toothless and that data protection authorities are not easing up just because that there is an ongoing global pandemic

What can we expect in 2021? There is no doubt that the number of data protection cases brought before the courts will continue to increase.This is not necessarily a bad thing: each case brings additional clarity and precedent in many different areas of the world. regulation which, to this day, are subject to interpretation and conjecture

The last time I spoke to the UK Information Commissioner’s office about a technical detail regarding data access requests submitted by a representative, I was told that I was far from the only person to inquire, and this only illustrates part of the ambiguities faced by those responsible for implementing and maintaining compliance

Of course, this is just the GDPR There are many other data protection legislative frameworks to consider We fully expect that 2021 will bring full and comprehensive alignment of privacy regulations into line with the GDPR and eradicate the conflict that exists today, in particular around consent, opt-in software, etc., where the GDPR is very clear but the current Privacy and Electronic Communications Regulation (PECR) is not really

These are found just in Europe, but around the world we are seeing the continued development of data location laws, which organizations are required to adhere to.In the United States, the California Consumer Privacy Act (CCPA ) launched a series of data privacy reforms in many states, with many calls for something similar at the federal level

Subsequent years will see this release, and just like with GDPR, precedent-setting cases are needed to provide more clarity about the rules Will Americans look to replace the broken Privacy Shield framework or will they adopt the standard contractual clauses (CSC) more widely? CCS is a very solid legal basis, provided the clauses are updated to align with GDPR (something else we would expect to see in 2021), and I suspect the US will take this way as the awareness of the importance of trade with the EU is growing

Other notable moves in data protection laws are occurring in Russia with amendments to the Federal Personal Data Law, which takes a closer look at TLS as a protective measure, and in the Philippines, where the Personal Data Protection Act 2021 (PDPA) is being replaced by a new bill (currently a work in progress, but it’s coming up)

One of the biggest events of 2021 will be the UK’s exit from the EU UK GDPR implementation takes form of UK Data Protection Bill 2018 Apart from a few deregulations, it’s GDPR and that’s great… as long as it’s going to have strict local data privacy laws is good, but having enjoyed 47 years (at the time of writing) of free movement within Union, what impact will being outside the EU have on UK businesses?

It is believed and hoped that the UK will get an adequacy decision fairly soon, given that historically local UK laws are aligned with those inside the EU, but there is no guarantee Uncertainty over future appearance of data transfers could lead UK industry to use more SCCs Currently low priority plans to make Binding Corporate Rules (BCRs) easier and more affordable will be sharply put forward as demand increases

One thing is for sure, it will be a fascinating year for data privacy and we’re excited to see clearer definitions, increased certification, precedent-setting case law and all that happens as we continue to navigate in governance and compliance and security

Information privacy, general data protection regulation, security, law