Data Privacy Predictions for 2022

ModSquad’s Vice President, Privacy and Legal Affairs, Stephen Kline offers insights into the latest happenings in online privacy heading into Data Privacy Day.

Last month, we offered ModSquad’s 2022 Digital Predictions, our preview into what we’re anticipating in the year ahead. Now, with Data Privacy Day on January 28 (which the National Cybersecurity Alliance is promoting as Data Privacy Week), we’re expanding our forecast to discuss what we see on the horizon.

Data privacy regulation is an ever important issue (we thought long and hard about its associated challenges when building our remote work app, Cubeless). That’s not just the case for ModSquad and its clients, but consumers and regulators in the United States and globally. Here are our predictions on what to expect online in 2022.

Consumer Demand for Practical Privacy

Consumers will continue to seek out practical privacy applications in 2022 as they take back more control of their personal information.

DuckDuckGo is one of the great examples of this trend. It’s a search engine that offers a mobile browser app and a desktop extension, both aimed at allowing consumers to browse the Internet without others leveraging your personal data. DuckDuckGo promises to keep your searches private, anonymous, and offers built-in tracker blocking, so the sites you visit have a harder time collecting information about you. The service does not track individual consumers, unlike some other search engines, which sell targeted advertisements based on individual user profiles. Consumers flocked to DuckDuckGo last year, powering record growth of 46 percent, averaging more than 100 million searches a day. The service has a user base of 27 million Americans, or 9% of the U.S. population. That certainly speaks to consumer interest in maintaining privacy.

Privacy Legislation & Regulation

Federal: The United States Congress will likely not pass a comprehensive privacy law in 2022.

Both senators and representatives of both major political parties support privacy legislation. Nonetheless, interest groups across the spectrum remain entrenched. Generally speaking, business groups would prefer that the Federal Trade Commission or state attorneys general address legal violations rather than allowing consumers to file class action lawsuits (which are typically more expensive to litigate). On the other hand, privacy advocates seek to expand the scope of privacy laws to address larger issues such as bias, discrimination, and equality. 

State: Due to Congress’ expected failure to pass comprehensive privacy legislation, the focus for privacy legislation will remain at the state level.

Companies subject to obligations under the California Privacy Rights Act, the Virginia Consumer Data Protection Act, and the Colorado Privacy Act in 2022 will focus on implementing the obligations under these three laws by 2023. Other states, such as Illinois and Washington, are expected to pass additional privacy legislation.

FTC rulemaking: The Federal Trade Commission, the federal government’s consumer protection regulator, will incorporate privacy concerns into substantive antitrust analysis under FTC Chair Lina Khan.

Additionally, the FTC may consider additional rulemaking to address abuses stemming from surveillance based business models. The FTC is specifically considering whether rulemaking in this area would be effective in curbing lax security practices, limiting intrusive surveillance, and ensuring that algorithmic decision making does not result in unlawful discrimination. 

International privacy regulations: Per statistics from the United Nations, 128 out of 194 countries have legislation to ensure data protection. In the European Union, regulatory authorities including financial and antitrust regulators will consider enforcement actions around privacy. This is due to the widely perceived view that there is a lack of General Data Protection Regulation (GDPR) enforcement.

Regulating Privacy in the Metaverse

As the Metaverse continues to grow, federal, state, and international consumer protection regulators will continue regulating the immersive worlds as they expand the use of new technologies to create and collect increasingly broad categories of personal information.

The Metaverse is, and will continue to be, built by a collection of individuals and organizations, rather than one entity. The term “metaverse” was coined in Neal Stephenson’s 1992 science fiction novel Snow Crash. In the story, humans use programmable avatars to interact with each other and software agents in a three-dimensional virtual space that serves as an alternative to the real world.

In the 30 years since Snow Crash, a number of online networks have attempted to create versions of Stephenson’s concept, including online games and social communities. Even ModSquad’s original name, Metaverse Mod Squad, was inspired by the boom in virtual worlds. Future Metaverse technology, including virtual reality headsets, will be able to collect and share more data about our activities for profiling, advertising, or employee and government use than they’ve had before. Both the Electronic Frontier Foundation and the Extended Reality Safety Initiative have sounded the alarm on the privacy threats.

With data privacy at the forefront for state, federal, and international regulators, we’re looking forward to what unfolds regarding data privacy in 2022. Want more insights from the best and brightest in the industry? We’d love to chat. Contact us today.