To print this article, all you need to do is be registered or log in to

In honor of Data Privacy Week and as we kick off 2023, many of us are wondering what this year’s hot topics and trends will be in the privacy and cybersecurity industry. How will the new Privacy Shield in the EU and UK affect data regulation? How will state privacy laws contribute to the uncertainty of regulatory efforts? Will California’s privacy law update cause a domino effect among other states? Will we see more regulation of the privacy rights of minors? What will companies need to do to keep up with the ever-changing requirements of their cybersecurity programs? Keep reading for insight into how Goodwin’s Data, Privacy and Protection team is thinking about these issues and more.

Lore Leitner: “In 2023, we should hopefully see the replacement of the Privacy Shield arrive, which will significantly reduce the compliance burden on both sides of the Atlantic. Apart from that, there is an increase in data regulation on the horizon, in the EU and the UK, but also globally. To further challenge matters, we will see a surge in technologies such as AI and the Metaverse, which are difficult to regulate and monitor. When it comes to GDPR, I expect we’ll start to see more coordinated enforcement and a further increase in fines.”

Boris Segalis: “My prediction is that the space will continue to be unpredictable, demanding resources from companies to stay abreast of developments and adjust their practices. This is not an ideal situation for companies, and this lack of certainty in the privacy space is a persistent problem. State privacy laws will contribute significantly to this uncertainty, as they write regulations that are difficult to understand or implement – this is a typical problem. of legislation at the state level. On the cyber side – as Jud and Kaylee will no doubt notice – there’s a ton of regulatory effort to strengthen cyber incident reporting requirements that will certainly require companies to disclose more and lead to more law enforcement and litigation.”

Omer Tene: “In 2023, expect to see a flurry of enforcement action under California’s updated privacy law. Last summer, the California Attorney General fired a shot at the arc of ad tech players, including publishers and advertisers The stakes get higher as California’s privacy law update arrives other states, including Colorado, Virginia, and Connecticut, are accelerating enforcement of their new privacy laws, and litigation will continue under Illinois’ biometric privacy law, which provides a right of action is also the year that AI regulation, including a focus on algorithmic bias and discrimination, will become a major issue for businesses across a wide range of industries, including technology and software. science es of life, finance and education.”

Jackie Klosek: “2023 will see regulators, lawmakers and litigants continue to focus on the privacy rights of minors. 2022 has seen strong messaging from the FTC on children’s privacy rights, significant investigations into social media companies for activities involving children and the introduction of a number of bills relating to children’s privacy as well as the passage of the transformative California Age Appropriate Design Code Act. “Coming year, we will see these trends continue, while we will also witness the virtual explosion of technological solutions to help protect the privacy interests of minors.”

Jud Welle: In 2023, more and more organizations will recognize that their current multi-factor authentication solutions are insufficient to keep cyber threat actors away from their systems, leading to greater adoption of new authentication technologies. Companies seeking cyber insurance or contracts with sophisticated commercial and government customers will need to meet higher standards for the maturity of their information security programs.”

Kaylee Bankston: “I anticipate there will be a thorough review of enterprise cybersecurity programs in 2023, including with respect to cyber risk management and governance. Along with this, enterprises can likely expect a continued trend towards more prescriptive legal requirements for their cybersecurity programs – including technical controls – whether those requirements are imposed by specific legislation or actually established by regulatory enforcement action or litigation.”

To learn more about Goodwin’s Data, Privacy and Cybersecurity team, visit our website.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Colorado Privacy Act Revised Rules

Davis+Gilbert LLP

The Colorado Attorney General’s Office released proposed revised rules (Revised Rules) governing the Colorado Privacy Act (CPA) late last year.

Source link

Leave A Reply