
Despite the Cambridge Analytica scandal, the Edward Snowden leaks and revelations from Facebook whistleblower Frances Haugen, companies continue to hoover up our personal data, and for the most part we let them do so willingly.
But the mood on data gathering is starting to change. Governments around the world are increasingly legislating to rein in the tech giants. So could 2022 be the year that online privacy is taken seriously?
at UK law firm decoded.legal says numerous governments will push new internet legislation in 2022, but he warns that many of them treat privacy as something “capable of being cast aside when inconvenient” for national security and that internet companies won’t give up their business models easily.
Advertisement
“We will see continued government pushes against encryption and online anonymity, with more proposals to deploy scanning agents on people’s phones,” he says. “Surveillance capitalism will continue to flourish unabated, and massive centralised platforms will be ever more firmly entrenched.”
The European Union is the world leader when it comes to tech regulation. Its General Data Protection Regulation (GDPR) came into force in 2018 with new rules on how personal data could be collected and used, and it has an upcoming Digital Services Act (DSA) that will demand transparency from online companies on how their algorithms work and how they target advertising towards citizens.
In the US, Democrats are pushing for an update to the 1998 Children’s Online Privacy Protection Act (COPPA) that would until they are 15 – up from 12 currently. Law-makers there are also pushing for a new single federal law safeguarding citizens data to end the patchwork of state regulations, which reports suggest are often for technology firms, and another piece of proposed US legislation would with the teeth to levy fines of up to $43,792 per individual affected by data misuse.
at US law firm Aaron Sanders says there is a great deal of legislative activity in the US on privacy right now, but that most of it is happening on the state level – for example, the California Consumer Privacy Act came into effect on 1 January 2020 and gives residents the right to know what data is being collected on them and veto its sale. She is doubtful that attempts to create federal laws will succeed in the short term.
“Whether or not [state] laws will have a great deal of effect in terms of creating meaningful privacy and data protection for consumers is an open question. They have certainly created compliance headaches for companies, but even California’s law, which was the first, has not produced enough case law or fines yet to judge whether it’s having its desired effect,” she says.
China is also moving to curb tech firms. While the state has arguably developed online surveillance to a fine art, it doesn’t want online companies to do the same. Its new Personal Information Protection Law (PIPL) came into effect in August and. Companies will have to obtain explicit consent before collecting information.
at the Electronic Frontier Foundation says that if she could write her own privacy legislation, it would replicate that requirement for consent from Chinese legislation. A company wouldn’t be able to harvest data “just because you turned up on their website”, she says.
Whether people will actually be clamouring for these new regulations is another matter. Aaron-Stelluto says there is often a fatalistic attitude to data privacy, thanks to a steady stream of stories about leaks and hacks. “If you assume that all your information is already on the dark web it’s hard to be terribly concerned about further misuse,” she says.