During a recent webinar hosted by The Chicago Bar Association, some other panelists and I made some predictions about the future of data privacy.
What is on the horizon?
The TADPF may sound like a combination on drums and cymbals after a comedian’s punchline, but in reality it is not fully baked and just “in principle”. We can either get pre-mad at it and at the fact that an executive order may not be good enough (like noyb.eu’s Max Schrems), or we can focus on making sure that we are compliant with the existing requirements of the Privacy Shield Principles because: (1) they will at least be the basis for a TADPF certification; (2) they will likely be interpreted in view of the enforcement developments we have seen under GDPR and (3) they are already being enforced substantively.Don’t let the long tail of state privacy law compliance intricacy wag the dog of substantive compliance. Compliance with the burgeoning U.S. State privacy laws is hard because they are not exactly the same. But, focus on the key issues like data minimization, disclosure, third-party management and consumer rights.Cookie consent is cookie fatigue. Are we losing the consent trees for the RTB forest? RTB is being investigated; TCF is being revised; “Reject All” buttons are here to stay (and coming to CA), and cookie sweeps are getting strong compliance results.What’s old is new again. BIPA lawsuits are here and they are varied: toothbrushes, clothes fitting, makeup try-on, video insurance claims, ADAS systems, drive through voice recognition and good old biometric