With how young the data privacy industry is, virtually every year tops the previous as the most eventful one yet, but do not let that diminish the impact of the past 12 months. That caveat aside, 2023 really was an extremely eventful year for data privacy and governance. 

This year was set up to be noteworthy regardless of AI innovations, as reports indicated Meta had secretly put aside $3 billion to pay regulatory fines in 2023, a litany of new privacy laws were entering into force in the United States, and the compliance sector was growing steadily. All that turned out to be true, but took a backseat to the star of 2023: Artificial Intelligence.

A New Focus for Data Privacy

ChatGPT burst onto the scene in November 2022 and most of the professional community remained awestruck by its capabilities throughout 2023. While not without its kinks and linguistic patterns, its emergence has kickstarted a new wave of AI investment, setting society up for what appears to be a breakthrough in the technology. 

That has in turn led to a newfound sense of urgency for data privacy and data governance, crucial elements of ensuring any upcoming AI technologies are safe to use. 

The European Union has already stepped into that mix, passing a framework for the world’s first comprehensive AI regulation, the AI Act. While the United States is not close to passing a Congressional law that does the same, the White House did issue an executive order in the Fall on the use and development of AI. 

You know AI is serious business when governments are attempting to regulate it within the very year it took the spotlight. 

The regulatory discussion around AI is already fierce and complex, and that’s having only seen what Large Language Models (LLM) like ChatGPT can do. As we progress into more powerful generative AI, data governance will need to have scaled proportionally to the technology to prevent (for lack of a better word) dystopian outcomes. 

That puts the impetus on developing better data governance tech as well as on passing laws with teeth. On the former, some companies are up to the task, so monitor them closely.

Besides the narrative dominance of AI in the data privacy industry in 2023, the quantity of regulations grew, enforcement levied more fines than ever, and the public’s privacy concerns–thanks to AI, among other things–grew from whispers to talking points. 

New Regulations Passed in 2023

The EU saw the Digital Markets Act enter in partial effect and also passed the Digital Services Act, two laws that will combine to make regulating Big Tech an easier proposition going forward. These, combined with the AI Act, which saw the European Parliament negotiate fiercely from late Summer to December, mark 2023 as one of the most active years for European legislation since the GDPR passed in 2016.

Other regions continue to put more focus on data privacy and digital markets as well, with India and Vietnam each passing comprehensive data protection laws. They are just two of many APAC nations to pass regulation in the past half-decade, helping to truly take data protection initiatives global.

Of course, the headliner for regulations in 2023 was the United States, which finally has begun to make up ground on Europe in the matter. Eight U.S. states passed comprehensive data privacy laws this year, bringing the total up to 13 states now. Another two, Washington and Nevada, passed strong consumer health data laws, and Connecticut, one of the 13 states with comprehensive regulation, amended theirs to include stronger health data protections. 

Previously passed laws also came online, with Virginia, Connecticut, Colorado, and Utah’s respective laws all entering into force this year. 

The U.S. had a lot of road to cover–and still does–but 2023 by sheer volume of legislation was a massive success, with over 130 million Americans now having data rights and coverage.

The Legacy of 2023 in Data Privacy

Whereas America shined with passing laws, Europe shined with enforcing them, marking a historic year in GDPR fines by both the quantity (438) and the total value ($2.248 Billion). 

This collection of success of new laws, existing laws, and future data governance initiatives has made 2023 a year privacy professionals shall not soon forget. 

We’ll need to see how much ground AI covers in 2024, but when we look back, 2023 could very likely go down as the year that the data privacy industry went from a second thought to a priority for companies. 

Well, as long as AI does not eat itself.