New Privacy Regulations and Their Impacts in 2024

In 2023, a significant number of new privacy regulations were introduced, with several set to come into effect this year. Even more regulations are expected to be enforced or implemented in 2024. Notably, regulatory requirements for major tech companies will have substantial trickle-down effects on third-party entities that rely on these platforms for audience engagement, data management, and revenue generation.

The regulation of artificial intelligence (AI) is also set to increase, heightening consumer awareness about data access and usage. These upcoming changes, driven by new regulations and business requirements, are expected to enhance the consumer landscape through improved transparency, competition, innovation, and choice.

EU & UK

ePrivacy Regulation in the EU

The EU's ePrivacy Regulation (ePR), set to replace the ePrivacy Directive (ePD), is expected to establish clearer rules on cookie usage and regulate newer electronic communications services. If finalised in 2024, the ePR will fully come into effect by 2026.

Regulation of Artificial Intelligence (AI)

The EU's AI Act, anticipated in early 2024, will introduce new rules and guidelines for AI development and application. This legislation is expected to influence similar laws globally, much like the GDPR. In the US, President Biden's executive order on safer AI from October 2023 will also impact AI regulation developments.

North America

Data Privacy in the United States

In 2023, eight US states passed data privacy laws, with five set to take effect in 2024:

• Montana Consumer Data Privacy Act (MTCDPA)
• Florida Digital Bill of Rights (FDBR)
• Texas Data Privacy and Security Act (TDPSA)
• Oregon Consumer Privacy Act (OCPA)
• Delaware Personal Data Privacy Act (DPDPA)

These additions will bring the total number of states with active data privacy regulations to 14. Many more states introduced privacy legislation in 2023, suggesting that additional states may enact such laws in 2024. Although federal data privacy legislation remains stalled, the scrutiny surrounding generative AI and its implications could drive momentum for broader federal laws.

Data Privacy in Canada

Bill C-27, the Digital Charter Implementation Act, is under committee review and could be passed in 2024. This bill includes the Consumer Privacy Protection Act (CPPA) to replace the outdated PIPEDA regulation. It also introduces the Personal Information and Data Protection Tribunal Act, which would review Privacy Commissioner decisions and impose penalties for CPPA violations. Additionally, the Artificial Intelligence and Data Act (AIDA) aims to regulate AI systems with a focus on data privacy.

Data Privacy in Australia

Australia's Privacy Act, first enacted in 1988, underwent its most recent amendment in 2022. The Privacy Act Review Report, released in February 2023, contains 116 recommendations to enhance data privacy protections. High-profile data breaches have increased pressure for stronger privacy laws, likely leading to significant changes in 2024.

For the big companies

Digital Services Act Package

The Digital Services Act (DSA) and Digital Markets Act (DMA) will begin enforcement in early 2024. These laws require compliance from large tech companies and will affect third-party customers and partners, particularly in the EU. This could drive substantial changes in privacy compliance and business operations, including the adoption of consent management platforms (CMP).

Embracing Data Privacy

The keyword for data privacy in 2024 is acceleration. The initiatives started in 2023 will continue to influence legislation, business practices, technology, and consumer expectations. Companies are increasingly recognising the importance of data privacy for business integrity, brand reputation, and revenue protection. Compliance with multiple regulations is becoming the norm, and while challenging, it is manageable. Usercentrics offers solutions designed to scale with company growth and evolving regulations, helping businesses navigate the complexities of data privacy.

Key Takeaways & Wrap Up

In this article, we explored the evolving landscape of data privacy regulations:

• In 2024, new privacy laws will be enforced in the EU, UK, US, Canada, and Australia, highlighting the increasing importance of data protection worldwide.
• The EU’s AI Act and other global initiatives signal heightened scrutiny and regulation of artificial intelligence and its implications for data privacy.
• Five more US state privacy laws will take effect in 2024, increasing the total number of active state regulations to 14, with more states likely to follow suit.
• The EU’s Digital Services Act and Digital Markets Act will require significant adjustments from tech giants, impacting third-party businesses reliant on their platforms.
• Companies must embrace privacy as a core business function, adopting scalable solutions to meet growing compliance demands and evolving consumer expectations.

‍

New Privacy Regulations and Their Impacts - FAQs

What is the significance of the EU’s ePrivacy Regulation (ePR)?

The ePR, expected to replace the ePrivacy Directive, will clarify rules on cookies and regulate newer electronic communication services, likely coming into full effect by 2026.

What changes are expected in AI regulation?

The EU’s AI Act, anticipated in 2024, will set global standards for AI development, influencing similar laws worldwide. The US and Canada are also advancing AI-related legislation to address data privacy concerns.

Which new US state privacy laws take effect in 2024?

Five states—Montana, Florida, Texas, Oregon, and Delaware—will enforce new privacy laws, increasing the total number of states with active privacy regulations to 14.

How do the Digital Services Act (DSA) and Digital Markets Act (DMA) impact businesses?

These EU laws require large tech companies to comply with stricter rules, affecting their third-party customers and driving the adoption of privacy-focused solutions like consent management platforms.