Top News from IAPP Global Privacy Summit 2024

 

We’re excited to share insights gathered at the International Association of Privacy Professionals (IAPP) Global Privacy Summit this April 3-4 in DC. We loved speaking with so many of you at this extremely productive conference where we exchanged ideas and discussed challenges and solutions. In this post, we’ll address legal developments and concepts that might be most relevant to your business and your website compliance efforts, whether you attended GPS or are catching up from afar.

 

State of the Industry

We’ve often quoted Gartner’s prediction that 75% of the world’s population would be covered by some type of privacy regulation by 2024. Well, we’ve blown that prediction out of the water. According to J. Trevor Hughes, CEO of IAPP,  79% of the current world population is now covered by privacy regulations. And, it’s only April. Compliance with privacy regulations is only getting more complex, even for U.S.-based traffic. We’ll dive into that later.

An interesting concept mentioned by Anu Bradford, the Henry L. Moses Professor of Law and International Organizations at Columbia Law School, was that of separate “Digital Empires” embodied by different countries/regions. The U.S. champions technology, while China is the master of infrastructure, and Europe leads the legislative empire. We’ve seen this play out as governments from these empires attempt to regulate companies from the other countries.

Meanwhile, Europe’s championing of individual privacy seems to be leading the charge of public sentiment. As Kabir Barday, CEO of OneTrust, mentioned, “Privacy has evolved from a regulatory-driven function to a consumer trust imperative.” We think that’s right on the money. The greatest benefit of getting your website privacy compliance right is earning and keeping your customers’ trust. While fines for non-compliance of data privacy laws are a concern for many businesses, their overall financial impact to an organization is often easily dwarfed by the brand impact that a business can suffer when they find themselves in the headlines for the wrong reasons.

 

A Surprise U.S. Federal Regulation Announcement

American attempts to reach a consensus on federal privacy legislation have failed before, but a new draft of a bipartisan, bicameral federal privacy bill was just released earlier this month. The American Privacy Rights Act attempts to address concerns from states like California with stricter privacy regulations and proposes to pre-empt state laws. There remains the question of how states on the other side of the spectrum, such as those who have considered enacting a privacy law and then rejected the notion, would respond to the bill. For more details about the American Privacy Rights Act, you can read the press release from the committee chairs or follow IAPP’s analysis

 

Speaking of California

Back in January,  the California Privacy Protection Agency (CPPA) ended its 30-day cure period, which previously provided businesses a month to cure any violations before being fined. The California Attorney General Rob Bonta said, “the kid gloves are coming off, my office will not hesitate to protect consumers,” about the end of the right to cure. During the Global Privacy Summit, the CCPA released its first enforcement advisory, encouraging voluntary compliance with a foundational principle of the CCPA, data minimization. This relates to when consumers make a request to a business, and the business asks for excessive personal information in response. The CCPA considers these advisories as educational guidelines to help businesses understand how to comply. But, vigorous enforcement of the laws is a priority as they are getting ready to hire a chief auditor and investigators reporting to that position, according to California Privacy Protection Agency executive director, Ashkan Soltani.

 

ObservePoint Audits & Observations

Until a federal privacy law becomes reality, we are still dealing with an ever-increasing patchwork of state privacy regulations in the United States, not to mention all the other country- and region-specific privacy laws throughout the rest of the world. Setting up your website in compliance with the strictest jurisdiction in which you do business is a recommended first step, but global enterprises often have much more complicated requirements with their multiple lines of business. 

Our conversations at the booth at IAPP seemed to indicate that most enterprise-level legal professionals have moved beyond awareness and into prioritizing privacy compliance for their organizations’ websites, a marked change from last year when website privacy compliance was much lower on their list of concerns. That was really encouraging to witness, but of course, we had to check on the data.

When we audited our existing customers, we found that 55% now have a consent management or privacy platform on their site, up from 35% last year. Great work, guys! Here are the most popular CMPs from our Audit:

  • 37% OneTrust
  • 6% TrustArc
  • 12% Mix of other brands

But, there’s still 45% of businesses without a CMP or similar tool to assist in receiving and administering user consent preferences. If you don’t yet have one at your organization, let’s work on closing that gap, and then give us a call to make sure your implementation is sound and that consent preferences are being honored.

 

To see the most advanced and in-depth scanning technology for your company’s websites in action, get in on a Free Trial now.

 

Related Posts

Sports Organization Establishes Reporting & Analytics Reliability

A professional organization with a massive tech stack and an impending site migration used ObservePoint to get legacy tech under control and establish automatic Audits for ongoing checks on site health and cleanliness.
Read More

A Guide to Continuously Monitoring Your Consent Management

We’ve taken highlights from an IAPP webinar with OneTrust and ObservePoint to give you a framework for organizing consent management validation: how often you should audit, what to look for, and how to remediate issues.
Read More

How to Remediate Issues Found in ObservePoint

Steps to take when your ObservePoint Audit finds common issues with your website.
Read More

Beyond Setup: Key Steps to Continuous Compliance in Consent Management

Learn why "set it and forget it" is a risky approach and how continuous monitoring can safeguard your compliance efforts.
Read More

ObservePoint and AI: Using AI to help you innovate with ObservePoint

In this episode, we cover how generative AI solutions like ChatGPT and Google Gemini can be combined with ObservePoint to unlock powerful, new insights with minimal effort or technical knowledge.
Read More

How to Interpret an Audit Report

In this episode, we go through an Audit report and show you what we look for on each page, where we see most customers have “ah ha!” moments, and answer any questions you might have along the way.
Read More

Sports Organization Establishes Reporting & Analytics Reliability

A professional organization with a massive tech stack and an impending site migration used ObservePoint to get legacy tech under control and establish automatic Audits for ongoing checks on site health and cleanliness.
Read More

A Guide to Continuously Monitoring Your Consent Management

We’ve taken highlights from an IAPP webinar with OneTrust and ObservePoint to give you a framework for organizing consent management validation: how often you should audit, what to look for, and how to remediate issues.
Read More

How to Remediate Issues Found in ObservePoint

Steps to take when your ObservePoint Audit finds common issues with your website.
Read More

Beyond Setup: Key Steps to Continuous Compliance in Consent Management

Learn why "set it and forget it" is a risky approach and how continuous monitoring can safeguard your compliance efforts.
Read More

ObservePoint and AI: Using AI to help you innovate with ObservePoint

In this episode, we cover how generative AI solutions like ChatGPT and Google Gemini can be combined with ObservePoint to unlock powerful, new insights with minimal effort or technical knowledge.
Read More

How to Interpret an Audit Report

In this episode, we go through an Audit report and show you what we look for on each page, where we see most customers have “ah ha!” moments, and answer any questions you might have along the way.
Read More