2020 was a watershed year for data privacy. It kicked off strong with the implementation of the California Consumer Privacy Act (CCPA) in January. Two months later, the pandemic tested data governance processes in ways previously unimagined.
Consumers are increasingly aware of their rights, and while data privacy regulation has been a source of anxiety in the past, businesses are increasingly used to and even excited for future regulation. These build consumer trust and can even improve data processing efficiency.
The new year will see the continuation of some long-time trends with a few notable additions. Here are my top 4:
1. Long-tail COVID-19 impacts
In the early days of the pandemic, developing contact tracing applications was a major initiative for many governments around the world. Awareness created by GDPR caused global scrutiny on the use of data for these contract tracing apps, however. Pollyanna Sanderson, Privacy Council at the Future of Privacy Forum, has noted that many countries and even U.S. States have opted for a centralized approach that allows individuals to share their GPS location data with a contract tracer. Yet privacy concerns have fueled low adoption rates. GPS location data is also generally not precise enough to measure person-to-person contact. Furthermore, individual state efforts are disjointed and don’t give widespread visibility across state lines.

More decentralized applications that “broadcast rotating, randomized Bluetooth identifiers,” are a more privacy-conscious approach, according to Sanderson. Yet differences between states underscore the need for more comprehensive legislation that can help public-private partnerships and data sharing efforts proceed in a much faster and more clear manner.
In fact, data consortiums that share certain types of data are gaining momentum. Though Apple and Google face antitrust scrutiny, their contract-tracing collaboration in the early days of the pandemic could be a blueprint for future data-sharing efforts. More companies will embrace these consortiums and partnerships in a non-healthcare setting in 2021 to help get a better picture of customer interaction data, and this comes with its own host of privacy concerns.
2. Appetite for comprehensive federal regulation
One interesting development from the November election was that Californians overwhelmingly voted to expand the California Consumer Privacy Act (CCPA). The updated law, called the California Privacy Rights and Enforcement Act (CPRA), is an attempt to move the CCPA even closer to the European Union’s General Data Protection Regulation (GDPR).
