Four years after we first encountered the GDPR, the data privacy regulation that transformed the European market, many businesses today have raised the bar completely in this area and are in need of help to comply with the regulation. there is. It doesn’t matter if your company is a tech giant or a small start-up. No one is immune to data privacy regulations. For example, last year Google was fined his sixth over $100 million. Mehta was no exception, having been forced to pay the second-largest fine in the history of regulation.
Over the past few months, we have witnessed many changes and innovations in data privacy. From the regulation of the Connecticut Data Privacy Act (CTDPA) enacted last May, to Apple’s updated privacy policy, which effectively turned it into the de facto regulator effective last July, these new factors are driving the industry. made a difference. A bill dealing with data privacy protections has led congressional leaders from both parties to draft an agreed version of the bill, introducing the bipartisan American Data Privacy and Protection Act (ADPPA).
All of this is clearly expected to have a severe impact over the next 12 months, not only on US companies, but on all companies doing business in the mainland US, and Israeli companies are no exception.
This situation is a complete game changer. For example, consider an Apple update. Businesses that rely on iOS apps as part of their business and distribution model will likely be deleted if they do not meet the requirements to delete their consumers’ personal data. From the App Store (which can result in immediate loss of revenue).
On the other hand, apps that are compliant with the requirements are likely to replace those that are not, clearly enhancing businesses and apps that were previously lesser-known or lesser-known. Essentially, just learning how to adopt the right behavior in an ever-changing environment can be seen as a huge growth potential.
So what can we expect in 2023? And what do Israeli businesses need to know to avoid potential harm and possibly thrive in the new era of data privacy?
If ADPPA (a federal bill imposing “duty of loyalty” imposing data minimization requirements, the right to refuse targeted advertising, etc.) takes effect, it would establish the United States’ first comprehensive federal data privacy law, allowing states and federal requirements.
Jim Sullivan, partner in Washington, D.C.’s regulatory and government affairs division at Advantage DLA Piper, explained that the law completely changes the rules of the game and takes precedence over U.S. state regulations such as the CCPA. . This clearly affects all companies doing business in the United States.
Further explaining the impact of the law on companies doing business in the United States, Sullivan said: Two years after the law’s enactment, he said, covered entities could also face private lawsuits in federal court from injured consumers seeking damages, injunctions, legal fees, and attorneys’ fees. I have. Whether the law is adopted or not, businesses need to be proactive in preparing for this eventuality. ”
“Today, every company is a technology company, and access to consumer data is essential for business continuity. Combined with developments such as the shift to remote work in the workforce, this poses serious risks to the data protection capabilities of companies that collect and process consumer data,” emphasizes Sullivan.
“Professional advice to prevent, mitigate and address these risks is more essential than ever to ensure continued business operations in this ever-changing environment,” said Jim. argues and adds: Businesses have to deal. Thus, for example, the ADPPA has requirements for compliance with the data minimization principle and special protections for certain types of data, obtaining affirmative and explicit consent before using “covered sensitive data”. imposes several obligations on covered entities, including requirements for data privacy, and requirements for specifying data privacy. and security personnel. It also prohibits discrimination based on characteristics such as race, gender and sexual orientation, and directs “large data owners” to conduct algorithmic impact assessments. ”
In addition to enlisting the help of data privacy experts, there are other recommended approaches to preparing for anticipated regulatory changes. The sooner we adopt these approaches, the sooner we can prevent history from repeating itself, as it did with the GDPR. .
In addition to consulting lawyers and data privacy experts, it is imperative to adapt your entire business to changing conditions from a technical perspective. Of course, understanding the changing market conditions is the first step, and being surrounded by relevant experts has become an essential move, but change is not limited to this. , complying with requirements such as the right to be forgotten, or adapting algorithms so that consumers do not receive a “racist” message. This is where automated technical solutions intervene.
Understand that financial expenditures on data privacy can be prohibitively expensive, especially for startups and young businesses operating in the US market or running apps on iOS is very important. At the same time, managing a company’s overall data privacy settings and manually complying with regulatory requirements can cost a significant amount of money, often leaving these young companies unable to cope with the enormous burden and ultimately You run the risk of being fined heavily.
Written by Gal Ringel, CEO of Mine