More and more is happening in the data privacy industry with each passing year. 2023 will feature both predictable and unpredictable events, and we’re here to take a shot at guessing what’s most likely to come to fruition over the next 12 months.

#1. Privacy makes progress in the U.S. despite no federal law passing

This past summer, the U.S. House of Representatives pushed the American Data Protection and Privacy Act (ADPPA) out of a committee with bipartisan support, progressing to a place the issue has never been on a federal level. However, Speaker of the House Nancy Pelosi declined to call the bill to the floor for a vote over concerns from California lawmakers that it did not carry the overall weight of protection present in the CPRA. 

The good news on a federal level? The US and EU announced a draft decision on data flows late last year, paving the way for compliant data transfers even with the U.S. lacking a federal law.

Even with that agreement in place though, a federal law seems unlikely. Republican-led state congresses like Florida and Oklahoma are trying to carve out more business-friendly protections in their own proposed state regulations and have neglected to include multiple aspects of the CPRA, making it unlikely the current Congress will be able to find a middle ground over the next 12 months. 

While Florida and Oklahoma’s bills have stalled, we will most certainly see more states pass their own regulations this year after the progress made in Washington’s draft regulations paved the way as a model for Connecticut and Utah’s laws. 

On the federal level, although the ADPPA has little chance of passing, momentum is surging for more oversight within fintech. Expect the FTC and other agencies to push hard on this as they try to catch up with technological advancements and protect consumers in the wake of various crypto scandals. 

#2. More fines and more accountability

On both sides of the Atlantic, regulators have been more liable to go after non-compliant organizations as time has gone on. With enforcement starting to match the regulation as written, companies need to be more careful than ever with consumer data. 

California issued its first major fine last summer over CCPA violations to cosmetics giant Sephora, and Europe has already brought fines against Meta this year over its legal basis for running behavioral ads. Given the ramp-up and gradual consensus European data protection agencies have settled on, the GDPR will almost assuredly see more enforcement than ever. 

In America, when the CPRA becomes enforceable on July 1 and supplants the CCPA, California is likely to go after slam-dunk cases, which is why CPRA fines have been categorized as negligent versus willful violations. In fact, given the language and precedents being set, willful and reckless data privacy violations may even lead to individual executives being held liable as early as this year.

#3. Employee Privacy gains widespread attention

The paradox of data privacy within the U.S. right now is that the CPRA is leading the way in terms of progressivism. Still, it simultaneously stands in the way of a federal law due to it going so far beyond what other states have put on the table. 

Perhaps the most significant sticking point introduced in the CPRA is the inclusion of employee privacy rights, which will force a major rethinking of how businesses approach aspects of HR. Although other states will likely not include these provisions in their own regulations, the introduction of these rights will change how American businesses handle employee data, which could eventually lead to it becoming a norm enshrined in future legislation. 

We’ll need to wait and see what happens once the CPRA becomes enforceable on July 1, 2023, but with its new enforcement body, the California Privacy Protection Agency, gross violations of employee data will be met with vigor (particularly given the removal of the CCPA’s grace period to fix violations).

#4. Privacy-enhancing tech takes off, fueling massive innovation

Companies need to comply with more regulations than ever before as data streams grow larger and larger, but compliance is becoming a necessary cornerstone of corporate culture not because of laws, but rather where society is at the moment. 

Topics like the safekeeping of children’s data, the suddenly urgent nature of privacy surrounding reproductive health, and the mainstream explosion of AI thanks to ChatGPT and Nightcafe’s runaway success have spooked many into taking action. 

There has already been a groundswell of demand for better, more intuitive data privacy technology over the past several years, but expect more money to be poured into the sector as the public and business worlds alike prepare for a more privacy-oriented internet. 

For legacy solutions and Excel spreadsheets, this could mean a complete overhaul is necessary to survive, and for current innovators like MineOS, solutions will need to remain nimble, easy-to-use, and on track with regulations and AI-related developments. 

To see how we’ve built innovation into our platform’s DNA to get companies ahead of the data privacy curve, book a demo.