Over the past 15 years, several events have reshaped how we think about data — what it means from a business perspective and what rights individuals have regarding how their personal information is used. Data security governance undoubtedly will play a large role in the future; however, conversations are still in relatively early stages. 

In 2016, when European regulators created the General Data Protection Regulation (GDPR) as a legislative framework that clearly mandates rules and fines, a fundamental shift occurred that elevated privacy to a board-level discussion. This resulted in CEOs taking part in the conversation while empowering the C-suite to make more decisions. 

Next, the data culture quickly evolved from one of implicit trust (where organizations freely used data without much restriction) to limiting risk (controlling data access based on regulations and customer feedback). While the data protection industry in Europe has made great strides since GDPR came into existence, we still have a long way to go because, for decades, technology solutions were built without privacy in mind. 

In the United States, the picture is quite different, as the lack of federal regulatory legislation leaves privacy concerns to battle for attention with other business priorities. Let's dig deeper into what the future of data privacy looks like across the pond. 

Beyond Cookies: Delving Beneath the Data Veneer

Marketplaces built around selling data need to pivot, because the future is about protecting individual data rights and that change goes far beyond a website pop-up asking to approve the use of cookies. Historically, data brokers have cashed in on users' data, which precipitated state laws in Vermont and California that aim to protect consumers by identifying the brokers and determining how they use the information. 

Tech giants like Apple and Google have also increased privacy protections with app-tracking transparency and plans to phase out third-party cookies. These titans of industry are pioneering an important movement that other companies need to follow. There's hope that legislation may spark further change, especially with privacy receiving bipartisan support.

If the American Data Privacy and Protection Act (ADPPA) takes effect in the United States, the biggest win would be a common standard for how to handle data. States like California have already established stricter standards for data privacy through the California Consumer Privacy Act (CCPA). Compliance requirements and hefty fines would be important accelerators in protecting consumer data. 

Privacy Needs Security 

A comprehensive data security strategy is essential and a prerequisite to an overall privacy-centric posture for data-driven organizations. It's imperative to implement scalable, fine-grained access controls so policies can keep the data safe in the first place.

As the pendulum shifts toward implementing broader and complete data security strategies, companies need to adjust. The work of chief information security officers (CISOs), chief data officers (CDOs), and chief information officers (CIOs) alongside their actions is more critical than ever, because they are responsible for implementing tools and processes that help align companies toward their privacy-related goals. The increased focus on a complete data security strategy applies to data-driven organizations of any size. 

A Cisco study cites that 92% of organizations claim privacy to be integral to their culture, but it comes with a technical challenge. Oftentimes, CISOs and CIOs are confronted with data spread across their organization and they need to gain visibility into all their siloed, heterogeneous data to understand who controls, maintains, processes, and accesses which parts of the data. 

This challenge is exacerbated by the need to modernize with cloud-native technologies so companies have a better understanding of how data is used and that it is used in accordance with privacy guidelines, principles, and any governing legislation. 

A Look into the Future

None of this happened by accident. Consumers didn't like data collection practices and they spoke up. Legislators heard from their constituents and started creating regulations like the ADPPA. Companies started serving consumers differently and taking data privacy seriously.

Consumer awareness of how data is collected and used is becoming mainstream. According to HubSpot's "2022 State of U.S. Consumer Trends Report," 80% of consumers consider data privacy a human right and believe individuals should have complete control over how companies use their data. As a result of these growing trends, more businesses should leverage privacy as a differentiator. 

There is still a gap between companies' intent to satisfy data privacy concerns and the action that protects that information. As consumers become better educated about how their data is used, and legislation inches closer to reality, it becomes even more critical. Making the right investments in data security provides visibility, access control, and insights into your data while ensuring compliance, and can help make all the difference.