With robust regulatory enforcement of data privacy policies underway, with Meta and Sephora among those facing fines, other organizations may be working to comply with emerging data privacy laws at the international, national, and state level.
The trouble is, nuances of differences among regulations could lead to a hodgepodge of fines and other punitive actions for practices that might be acceptable in other jurisdictions.
A collection of stakeholders and experts in data privacy shared some of their perspectives for Data Privacy Week 2023 regarding compliance with evolving regulations and governance within organizations.
See also: Data Privacy and Protection in the Age of Cloud
How data privacy regulations impact companies that leverage data in order to make money can be boiled down to consent, says Mark Ailsworth, vice president of partnerships with Opaque Systems. “Consent really is a legal construct as is expressed in GDPR [the EU General Data Protection Regulation] and a lot of privacy policies in a lot of companies that do business in the EU and certainly companies that advertise to EU audiences,” he says. In terms of data privacy, Ailsworth says consent goes beyond approving all cookies when visiting websites.
There can be layers to consent, he says, such as allowing digital behavior on the site to be tracked and linked to other digital actions for a set interval of time. “What consumers don’t really understand is the persistence of their consent on checking that box lives on,” Ailsworth says.
That initial consent can last for 90 days or longer, he says. “There’s a full-on marketplace that has really blossomed around the fact that consumers are clueless when it comes to understanding what consent is all about.”
The introduction and enforcement of GDPR have brought to light that many companies, Ailsworth says, have no idea how they should consent, and what their rights and privileges are to hold and transfer data.
Read the rest of this article on InformationWeek.