- EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.
- Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.
- Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking and targeting approaches.
- COVID-19 Data Sharing. Entities involved in the COVID-19 response ecosystem will continue to have reporting, data sharing, and management requirements that vary based on jurisdiction.
- Access Requests. Businesses will make operational updates relating to employee and B2B data collection, geolocation, cross-contextual behavioral advertising and sharing to ensure compliance with the 12-month “look-back” requirement for access requests.
- State Privacy Legislation. Other states will join California and pass their own privacy laws, further complicating compliance for companies.
- FTC Investigations. With the Biden administration in place, there will be an increase in privacy-related regulatory investigations.
- Health Data Compliance. Further complications in health data compliance between state and federal law.
- Record Retention Policies. There will be increased focus on the appropriate retention periods and consumer notice of retention periods in the EU, and by 2023 in California under the CPRA.
- Privilege in Breach Investigations. There will be more litigation and guidance on steps to trigger and not inadvertently waive privilege in relation to third party forensic investigations.