Data Privacy Day 2019: The Next Chapter of Privacy Regulations

Privacy continues to be a priority as GDPR penalties proliferate and new privacy laws emerge.


Today is Data Privacy Day, and it couldn’t come at a more critical time. We may be starting fresh in some ways this January, but last year’s conversation around data privacy has reverberated through New Year and is only going to intensify.

2018 held critical milestones for data privacy and protection on a global scale. In May, we saw the implementation of the General Data Protection Regulation (GDPR) in the European Union (EU) and, since then, regulators have been hard at work holding companies accountable to the new laws. The biggest GDPR penalty so far was dished out just last week when a French regulator fined Google €50 million for not disclosing how consumer data was being collected and used for advertising.

Of course, GDPR hasn’t necessarily gone over smoothly with everyone; a lot of prominent voices in various sectors continue to have concerns about the regulation—concerns that may end up shaping how GDPR evolves over time. For the time being, however, federal data privacy regulation appears to be the majority preference in the region, so GDPR has left the shore and is getting its sea legs.

Naturally, other countries are scrambling to follow suit in their own ways. A lot of eyes are honing in on the United States government, and surely, the conversation is brewing in Washington and around the country. In fact, in the U.S., a majority of consumers feel the federal government should be doing more to protect privacy.

Some are more patient than others as we wait to see if a federal regulation comes to fruition. State regulators in California for one have refused to wait and have taken it into their own hands to conceive a GDPR-like bill aimed to protect the state’s residents. The California Consumer Privacy Act (CCPA), passed in June 2018 and timed to go into effect on January 1, 2020, will give residents basic data privacy and protection rights, such as being able to:

  • See what data is being collected
  • Request the deletion of that data
  • Discover if/what data is being sold to third parties
  • Request to stop the sale of that data to third parties.

It’s worth noting that the CCPA has received a significant amount of pushback, including trepidation about operating in different states with different data laws (perhaps furthering the case for a federal policy). We’re about a year out from the implementation date, and we can expect to see some amendments to the law before that day—although likely not enough to quiet all concerns.

Despite differing opinions on how to get there, however, data privacy appears to a shared objective for most. Here at Interset, it’s a priority for us, too. With the launch of GDPR last year, we fielded many questions on user privacy and how it applies to our own technology. The neat thing about Interset’s threat detection platform is that it was designed from the ground-up to enable privacy. We process a large volume of data, and pseudonymization via secured, one-way hashing of sensitive fields is built into our platform. In addition to privacy by design, Interset’s technology also aligns with other key GDPR provisions, such as consent, right to access, right to be forgotten, and data portability. You can read in detail how we support each of these specific provisions in our blog, Interset and GDPR.

If you have any questions about Interset and how we adhere to privacy regulation or how we can support organizations in meeting privacy requirements, feel free to contact us at securityai@interset.com.

And, if you’re looking to learn more about data privacy laws in your region and get tips on fostering a culture of privacy in your community, be sure to visit staysafeonline.org/data-privacy-day.