This guest post was written by iubenda.
Foreword: In our quest to create a more independent web that is friendly to website visitors, we sometimes come across organizations that align with our values. iubenda is one of them. Navigating privacy is difficult for organizations that have their experience elsewhere. iubenda aims to support these businesses by providing attorney software solutions to make websites compliant. It takes away the burden and ensures organizations are ready for the future.
In this article, we take a helicopter view and reflect on data privacy's past, present, and future.
The importance of data privacy is skyrocketing. More than 120 countries have data privacy legislation in place or are writing new regulations. The growing number of laws around the globe demonstrate that legislators, authorities, and governments recognize the importance of data privacy. Additional legislation brings new privacy rights and the pressing need for business owners to comply with the ever-changing privacy landscape.
But have you ever wondered when and how Data Privacy came to be?
Let's take a look at and break down some key historical moments that have shaped the way we understand data privacy today.
Let's dive in!
Data Privacy: The Past
👉 1991 marks the year the internet went public, and just four years later, in 1994, the internet provided the first e-commerce purchase. A Philadelphia resident used his credit card to purchase a Sting CD. The transaction was encrypted using the PGP (Pretty Good Privacy) program.
That very same year, Netscape Communications Corporation (an American independent computer services company) created the first browser cookie. The browser cookie served the same goal in 1994 as today: allowing businesses to recognize users, track their online activities, and create consumer profiles. Netscape first established the cookie to detect users who had previously visited specific websites. However, different from today, by default, cookies were accepted, and users were not informed that they existed.
👉 One year later, in 1995 Amazon and eBay were launched. Shortly after, the European Union passed a Data Protection directive limiting the processing of personal data in response to privacy concerns raised by websites that began collecting user data.
👉 Let's jump forward to 2001; following 9/11, the United States began creating technology that would allow the government to collect, analyze, and store local and worldwide data on a local level. Six weeks after 9/11, the Patriot Act legalizes the National Security Agency's monitoring powers.
According to reports in the New York Times from 2005, this decision authorizes the NSA to monitor,
"the international telephone calls and international e-mail messages of hundreds, perhaps thousands, of people inside the United States."
👉 2003 marks the year the first major social network (MySpace) was born, and it was shortly followed by the launch of Facebook in 2004.
👉 2004 was also the year when CalOppa came into force. It was the first US state law to make privacy policies mandatory. It was later amended in 2013 to regulate the tracking of users.
🚀 Not sure which laws might apply to you? Take our free 1-min quiz to find out!
Meanwhile, with the growing threat of cyber assaults and the surge in popularity of online shopping, the Payment Card Industry Security Standards Council (PCI) was created to ensure that businesses comply with the security requirements required for secure online shopping.
Later that same year, the PCI Security Standards Council released the first unified security standard backed by five major credit card companies (including Visa and MasterCard).
💡 This was the first security standard that required all merchants and website owners that processed more than 20,000 card transactions per year to comply with the rules to process payments online.
With new launches on Facebook, Google street view, email marketing, and the birth of Instagram, the years from 2007 to 2018 were filled with advances in technologies and global connections; however, with that came hackers, fraud, and lawsuits.
Data Privacy: The Present
The start of a new era! Just four years ago in 2018:
- The EU's General Data Protection Regulation (GDPR) takes effect. This regulation lays forth the rules for collecting, analyzing, transferring, and storing customer data. Businesses that come into contact with EU individuals' data in any way must comply with the regulations or face harsh penalties.
- California created the Consumer Privacy Act of California (CCPA), following the EU's lead. The CCPA, like GDPR, governs how businesses collect, keep, and transmit consumer data from California residents.
- Cambridge Analytica, a British political consulting firm, gathered data from millions of Facebook user accounts and exploited it for political advertising. Consumers then pushed for stricter laws regarding online data privacy, and Facebook received a lot of criticism due to these controversies.
Jumping forward a couple of years to 2020:
- The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. California individuals' data rights are defined under the CCPA, which gives them access to their data and controls how it is gathered, sold, and disclosed.
- In the case of Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (known as the Schrems II case), the European Court of Justice made a significant judgment, finding that the EU-US Privacy Shield did not provide necessary protections for data transfers between the US and Europe; it was declared invalid immediately.
- Many countries such as Canada, Australia, and the United States began reviewing their existing data privacy regulations in 2020 and 2021, following the GDPR.
And in 2021:
- The European Commission approved two new sets of Standard Contractual Clauses (SCCs) that comply with GDPR and the Schrems II judgment. One SCC is for controllers and processors and the other is for personal data transfers to third countries.
💡 Businesses can use the new SCCs as a template to comply with data protection regulations.
- Apple introduced iOS14.5 and 15, which included new privacy features.
- Google announces it will put an end to 3rd party cookies in the near future
Data Privacy: The Future
Since its beginnings, regulators have struggled to keep up with the Internet's growing capabilities. Everyone from advertising to hackers has been collecting, storing, sharing, and selling personal data without much regulation.
However, as we can see from recent years, a change is already taking place.
💡 Did you know that by the end of 2022, over 1 million businesses will have appointed a privacy officer (or a data protection officer)?
With more regulations being put in place and more companies placing importance on protecting users' privacy, we can assume that we are moving towards a safer internet for all.
While this sounds great for the average internet user, businesses are met with constantly changing regulations that they must keep up with, and consumers are becoming more and more privacy-conscious. This means that more businesses are considering privacy from the very beginning -- so-called "privacy by design" -- including how they gather data.
Of course, using data isn't wrong in and of itself; it's just important to do so properly, making careful choices about the tools you use.
Simple Analytics is one tool we found particularly interesting because it has a privacy-first approach. The tool itself is cookieless by design and collects no personal data. This means getting the best of both worlds: giving you the insights you need while respecting users' privacy, thus keeping everyone happy!
The world is growing more conscious of privacy every day, with governments implementing new guidelines and regulations at lightning speed. To keep up, businesses must adopt a privacy-by-design approach - considering privacy from the onset. Organizations who fail to keep up with the current and ever-changing regulations risk negative consequences, not only in terms of legal issues and potential penalties but also in terms of business, as users increasingly drop companies they do not trust.
Sound complicated? It doesn't have to be. Click here to see how we can help you to meet your legal requirements in just 5 minutes.