Top Five Data Privacy Trends in 2024
How will the data privacy sector evolve in 2024?
As new privacy laws emerge and enforcement activities increase, this sector is clearly on the rise. Here are our five top trends for 2024:
1. Data Privacy & Artificial Intelligence – New Risks and New Opportunities
The emergence of generative artificial intelligence (AI) has raised complex questions about how governments and organizations can adapt to its opportunities and challenges. Many organizagions have access to vast amounts of data and may be interested in leveraging artificial intelligence to extract additional value or efficiency.
In the legislative sphere, a political agreement was reached between the European Parliament and Council on December 8, 2023 regarding the European Union Artificial Intelligence Act (“EU AI Act”). As the first regulation focusing on artificial intelligence in the world, this legislation will govern the sale and use of artificial intelligence across the European Union. Each member state must comply with the same standards for artificial intelligence systems under this law.
According to the AI Act, AI systems will be regulated according to the level of risk they pose to individuals’ health, safety, and fundamental rights. There are four levels of risk: unacceptable, high, limited, and minimal.
Privacy professionals are likely to see this as an opportunity and expand their knowledge and skills into the AI sector. New privacy tech solutions will address this AI act as well, and offer AI governance solutions.
2. Regulatory Changes – New Privacy Laws
Privacy regulations spread around the world as more countries passed comprehensive privacy laws in 2023. This trend continues in 2024 as the regulatory landscape becomes more crowded, especially in the US, with other states following California’s lead by enacting similar or slightly watered-down versions.
More than six new privacy laws will go into effect in the US in 2024 alone, including the Montana Consumer Data Privacy Act, the Texas Data Privacy and Security Act, Nevada SB370, the Colorado Privacy Act, Florida’s Digital Bill of Rights, and Oregon’s legislation.
Moreover, Gartner estimates that 75% of the global population will be covered by privacy regulations by 2024.¹
3. Rising in PrivacyTech And Budgets
As technology advances, privacy concerns are not only becoming increasingly prevalent, but also providing solutions. Privacy-enhancing technologies (PETs) are becoming increasingly popular as valuable tools for protecting personal data. Data analysis and processing can be accomplished while preserving individual privacy thanks to techniques such as federated learning, homomorphic encryption, automated risk assessments and differential privacy. PETs will play a crucial role in organizations’ efforts to balance data utility and privacy.
Gartner expects to see over 40% of privacy compliance technology using AI-powered privacy technology, resulting in an increase in spending on compliance tools of around $8 billion. The result can be reduced administrative burdens and manual workloads, as well as a repair of customer trust.¹
In addition, Gartner predicts that by 2025, 60% of large organizations will use at least one PEC technique in analytics, business intelligence and/or cloud computing.
4. Rising Demand For Privacy Professionals And Privacy Engineers
In 2024, there will be a shortage of people who can apply complex privacy requirements to business problems.
In addition to STEM-trained staff, organizations will need lawyers who are conversant in technology as well as engineers who are familiar with philosophy and ethics.
Several privacy certification programs provide professionals with these skills, but no existing training can help them develop the expertise that comes from mastering on-the-job skills for 10,000 hours. As the demand for these advanced skills increases, the pool of multidisciplinary talent will become increasingly limited.²
It is expected that next year’s demand for technical and legal/compliance roles will increase as privacy staff shortages persist, according to ISACA. Compared to legal/compliance roles, technical privacy roles remain slightly or significantly understaffed, with 53 percent of respondents indicating they are somewhat or significantly understaffed. There are also unfilled privacy positions in many enterprises (34 percent say this is the case for technical privacy roles and 27 percent say it is for legal/compliance roles), according to the survey. Furthermore, technical privacy roles (69 percent) are more likely to be in demand next year than legal/compliance roles (62 percent).³
5. Enforcement. Enforcement. Enforcement.
The total amount of privacy fines in 2023 significantly exceeded that of 2022. The combined total of all GDPR fines issued in 2022 was approximately €1.64 billion, whereas in 2023, a single fine, imposed on Meta (Facebook) totaled over €1.2 billion. It was nearly the same amount of fines issued in 2022 as this single fine.
Over the course of 2023, supervisory authorities across Europe issued a total of EUR more than €2.1 billion in GDPR fines, bringing the total GDPR fines during its five-year existence to more than €4 billion.
Despite the fact that many of the fines handed out have been aimed at big-tech companies and larger corporations, many smaller companies have been fined as well, and if enforcement mechanisms and processes continue to be improved, these fines will only increase. In 2024, we expect to see even more enforcement activities, and crucial ones, based on the overall growth in enforcement and fine amounts.
This ties in with the proposed GDPR Enforcement Procedural Regulation, which simplifies cross-border enforcement by streamlining the collaboration between SAs in GDPR enforcement cases.
In the US, By 2024, other state laws will begin to be enforced, especially the CPPA and its enforcement of the CPRA, which becomes effective on March 29.
In response to consumer awareness of their rights and market expectations of data privacy, we expect to see a rise in enforcement of data protection authorities and enforcement bodies.
Noa is a certified CIPM, CIPP/E, and a Fellow of Information Privacy (FIP) from the IAPP. Her background consists of marketing, project management, operations, and law. She is the co-founder and COO of hoggo, which builds transparency around data privacy practices.