Today is International Privacy Day and I would like to take this opportunity to reflect on 2018 and share our privacy thoughts and plans for 2019.
This past year was a busy one for a multitude of organisations around the world on privacy matters. Teams such as Procurement, IT, HR and many others have been involved in the efforts of implementing the EU General Data Protection Regulation (GDPR). And while many of these teams may have breathed a sigh of relief when GDPR came into effect on the 25th of May last year, the fun has just begun.
GDPR has shown that privacy is a team sport: Privacy officers on their own cannot make an organization compliant. They need the support of other departments. That’s why at Blackboard, we created an internal network of “data privacy champions” to help spearhead the privacy programme that we rolled out last year. Equally important, as I noted in my blog post last year, was the implementation of the privacy by design approach which allows us to embed privacy in products, processes and projects from the very beginning (see our Happy Privacy Day message from last year). This helps us ensure not only that we are compliant and minimize the privacy impact for individuals but also that we can help our clients to do the same. To this end, and to provide more information for our clients, we have updated and (translated) our Privacy Statement and our Privacy Center and have also created a Data Privacy and Security group on Blackboard Community.
2018 was also the year when privacy went “mainstream”. CEOs of big tech companies gave keynote speeches at data protection conferences that previously were the exclusive domain of privacy geeks, and some CEOs had to defend themselves publicly, sometimes in front of congressional committees.
Will 2019 be another big year for privacy? I personally think so. While GDPR enforcement will be one of the themes this year (it started with a bang: On 21stJanuary, the French CNIL’s announced a EUR 50 million fine for Google), for many organizations the privacy focus will shift from the EU to the US and other countries. For example, the Californian Consumer Privacy Act (CCPA), which will become effective 1st January 2020, will give individuals rights similar to those granted by the GDPR and take them further, requiring organizations to review and update their practices. In Brazil, the new and comprehensive General Data Protection Law will equally require implementation activities. And while these bills have crossed the finish line, let’s also not forget the many other efforts that legislators around the world are making to create laws to protect privacy, including the discussions on a federal consumer privacy law in the United States.
Regulations and laws won’t be the only topics about data protection: technological advancements in areas such as artificial intelligence and blockchain will continue to raise privacy and wider ethical issues. Gartner, for instance, has included digital ethics and privacy in its list of top 10 strategic technology trends that organizations need to explore in 2019.
With all these changes coming up, we are not resting on our laurels. We will continue to strengthen our privacy programme and controls to provide better support to our clients. For example, we are currently working on enhancing our standard privacy contract and data processing agreement language based on the feedback from institutions and organizations around the world. We will also focus on providing more proactive information to our clients, further bolstering our privacy program and assessing how our privacy processes and governance can help address and mitigate broader ethical questions.
This will be an exciting privacy year, and if you are interested in the topic and would like to hear more about our thoughts and plans for 2019, keep an eye out for our upcoming webinar.
In the meantime… Happy Privacy Day!