Lawmakers Finally Took Data Privacy Seriously — 2019 Regulatory Roundup

clicks | 15 days ago | comments: discuss | tags: cryptocurrency

Article preview (bot search)

(Original link:

Data privacy has long been seen as one of the major non-monetary usages of blockchain technology. Many governments and corporations are already running recordkeeping systems based on distributed ledgers to securely store internal data. Tech enthusiasts believe that blockchain has the potential to revolutionize personal data and identity management for private citizens as well, yet these hopes remain largely aspirational so far. One of the reasons for that is regulatory uncertainty: Lawmakers around the globe are having a hard time catching up with data security challenges that the sprawling online economy poses. Sponsored Links In 2019, the regulators accelerated their efforts to reinforce and standardize data security policies amid the growing realization of the economic value of data in several key jurisdictions. The field of privacy-enhancing technology continued to bear new solutions that will shape the industry as the new decade kicks off. Contents 4 New frontiers GDPR effect Virtually all observers agree that the European Union’s General Data Protection Regulation coming into effect has been a major influence on the global privacy landscape this past year. Although the process formally began in 2018, it was last year that saw the bulk of compliance and enforcement effort pick up real steam. British Airways and Marriott became the first corporations to face multi-million fines under the statute’s provisions. The legislation’s global aftermath included many other jurisdictions seeking to attain a GDPR-compliant status to enable cross-border data exchange. Dean Steinbeck, General Counsel at cryptocurrency project Horizen, told Cointelegraph: “As expected, many non-EU countries are following the EU’s lead and implementing rules similar to GDPR in their jurisdictions. For example, Argentina, Australia and Brazil have all moved to implement data privacy laws that closely resemble GDPR.” Over in the U.S., legislators have been fiercely debating matters of data usage as well. A November hearing on the issue held by the Congressional Task Force on Financial Technologies revealed that neither Democratic nor Republican members were content with the state of the nation’s laws governing financial data practices. It appears, however, that federal-level regulation is unlikely to come along before the takeaways from the California experiment are in. The Golden State moved to become the first to adopt its own regulatory framework, the California’s Consumer Privacy Act (CCPA), which Steinbeck calls the most comprehensive data privacy law in the U.S to date. The law came into effect at the start of 2020, with CCPA-related notices pouring into compliance officers’ inboxes immediately. Several state legislatures — Massachusetts, New York and New Jersey among them — have already moved or announced plans to consider their own privacy regulations. This has sparked concerns that data privacy landscape in the United States can soon become a patchwork of disparate laws, each one posing its own compliance requirements, said Yarno Vanto, a partner in the Privacy & Cybersecurity Group of the law firm Crowell & Moring. Vanto doesn’t believe in adoption of a unified federal regulation as early as in 2020, as it will take time for California’s groundbreaking regulation to become operational before it can yield lessons for federal regulators to heed. He noted that CCPA seems to be off to a rather rocky start, too: “A federal personal information protection bill is unlikely in 2020. The California State Attorney General did not finalize the implementing regulations relating to CCPA by the end of 2019 year, leaving companies seeking to comply with CCPA with some uncomfortable choices during the spring of 2020, particularly as the Attorney General has communicated that while enforcement will not begin until mid-2020, activities that have taken place during the first half of 2020 could also be subject to enforcement action.” GDPR has also set a model in terms of the severity of fines. By instituting a hefty price for allowing data breaches and mishandling user data, regulators signal that they treat privacy seriously. For their part, corporations realize that the alternative to massive compliance costs is a comparably sized penalty charge. Michael Loewy, co-founder of privacy-focused protocol Tide, told Cointelegraph: “The CCPA carries fines of $2,500 – $7,500 per record / breach which means embracing privacy is now mission critical for businesses in California specifically and more generally in the U.S. The projected CCPA compliance costs of $55B reflects this. We’re seeing enterprise businesses going through privacy-open-heart-surgery, investing heavily to reduce the liability of handling sensitive consumer data.” Cryptography on the rise As stakeholders come to attach increased significance to data security, various subfields of cryptography — blockchain being just one of the technologies that make use of it — are seeing explosive grow...