As 2022 winds to an end, it’s a good time to stop and look back on the past year. Where data privacy was concerned, 2022 was a doozy. Massive companies fell victim to data breaches, leaks and weaknesses were exposed, and hackers seemed to multiply by the day.
At the same time, new laws were being presented, approved, and enacted to protect data privacy. Around the world, there was a general feeling of unrest where online security was concerned. The very tools we relied upon so heavily during the pandemic were revealing their dark side.
Feeling scared yet? Don’t be. 2022 was also a year of great awakening when it came to data privacy. Businesses were finally being held accountable for practices that compromised their end users’ privacy, and the playing field began to level out for companies of all sizes.
Small to medium-sized business finally had their chance to successfully compete. Best of all, consumers were getting the data privacy they needed and deserved.
With that in mind, let’s take a look back at the highs – and the lows – of 2022.
Top Data Privacy Stories of 2022
Meta, the parent company of Facebook, did not have a good year. The Irish Data Protection Commission penalized them 3 times since the beginning of 2022 under the General Data Protection Regulation (GDPR) for various infractions. They have racked up a total of nearly $700M in fines. This doesn’t even include the fact that their reputation is now severely tarnished. As more laws are enacted in 2023, and lawmakers around the globe continue to crack down on data privacy, Meta will have to make some serious changes if they want to stay in the game.
SHEIN, an online clothing retailer, was fined $1.9M U.S. after failure to disclose a data breach. This “fast fashion” company was hit hard by the fine. After all, even though they are a massive business, $1.9M is nothing to sneeze at, and the infamously short attention span of their customers had buyers quickly moving in other directions once their data was threatened.
WhatsApp, the wildly popular communications app, was hit hard in 2022. While no fines have yet been levied, they most certainly will. The data breach affected approximately 487 million WhatsApp users. It will be very difficult for the company regain trust and loyalty after such an incident.
Twitter did escape the great data privacy revolution of 2022, either. It announced a data breach in July that affected millions of users. Much like WhatsApp, no fines have yet been levied, but experts expect them to be high. An investigation is currently ongoing. This is bad news for the company as it is already struggling with other issues of user trust, unrelated to data privacy concerns.
The Pandemic rises, everything goes online, and da sites have seen massive growth! Seeing that massive surge of users Grindr turned out to be the backdoor for users’ data. Wall-street reports that they’ve been selling their user’s data, which results in a $7 million fine.
The era of fines continued when Sephora was sanctioned for $1.2 Million for selling customer data. Sephora was found guilty under CCPA and held reason for selling customer data to the third party without their customer's consent.
One of the most popular social apps, Snapchat, has been fined $35 Million for violating users' privacy! Specifically, Snapchat violates the Illinois Biometric information privacy Act (BIPA) for collecting users' facial recognition data.
This is just a small sample of organizations and companies that were hit by privacy breaches and fines in 2022. Many more, across industries, were similarly affected.
Top Data Privacy Laws of 2022
As you know, data privacy was top of mind for lawmakers in 2022. Not only were new bills drafted, but there were also several that were amended and signed. Let’s take a look at the top laws of 2022 from around the world.
General Data Protection Regulation (GDPR) This law was actually signed in 2018, but it’s worth a mention considering how big of a role the GDPR played in 2022 (e.g., the Meta fines). It’s widely regarded as the standard for data privacy laws, and others are following in its footsteps.
California Consumer Privacy Act (CCPA) Also enacted in 2018, the CCPA is the gold standard for privacy laws in the United States. It follows closely in the footsteps of the GDPR. Considered very strict, it was first enforced in August when it fined beauty company Sephora $1.2M.
California Privacy Rights Act (CPRA) The CPRA is another California law that essentially expands the scope of the CCPA. It narrows down the definitions of personal information, and gives end users the right to delete their information, or opt-out of the sale of that personal information.
Virginia Consumer Data Protection Act (VCDPA) Set to be signed in on January 1, 2023, the VCDPA was a hot topic in 2022. Businesses started to prepare for its enactment – because it’s not playing around when it comes to data privacy. Virginia consumers will have additional protections that they didn’t have before, and companies with end users in Virginia will have additional responsibilities when it comes to handling consumer data.
Colorado Privacy Act (CPA) Similar to the CCPA and VCDPA, the CPA gives consumers protection and privacy when it comes to the use of their data by businesses. This was discussed quite a bit in 2022 – although not as robustly as the CPRA and VCDPA. However, don’t let this one sneak up on you! It’s just as strict as the other laws and will be enforced thusly.
Utah Consumer Privacy Act (UCPA) The UCPA follows in the footsteps of the CPA, VCDPA, and CPRA. It borrows heavily from the guidelines set out in the GDPRA. While it was signed and approved in 2022, it will not be enforced until 2023. However, that doesn’t mean businesses shouldn’t already be prepared or in compliance. Given the similarities of UCPA to the other laws, it won’t take long to get ready. These laws were the most talked about in 2022, but they are not the only ones. Other states are quickly following in their footsteps, and many, many more privacy laws are expected to be drafted and signed in 2023.
Top Data Privacy Trends in 2022
Aside from news stories and laws, there were a number of data privacy trends that emerged in 2022. These include
Children’s data Lawmakers began cracking down on how children’s data is being handled.
Exemptions In the past, there were some exemptions for businesses under the law. This included size, scope, type and so on. As 2022 progressed however, those exemptions began to fall away.
Right to delete Consumers want to know that if their information is somewhere it shouldn’t be, that they have the right to delete that information and it can no longer be used in any capacity.
Do not sell my data Even before the step of deletion, consumers should have the right to opt-out of their data being sold entirely. This all comes down to transparency and keeping customers informed insights and choices.
As you can see, 2022 was a big year for data privacy – and that’s just a small glimpse. As we head into 2023, it’s important to keep all of these things in mind, and how they may impact your business in the future. Being prepared is key to keeping your business and your users safe.
If you’d like more information about how you can stay in compliance with current and changing laws, you can talk to one of our privacy experts. They’ll give you a simple explanation of data privacy and show you how you can get compliant in just about 30 minutes.