In 2021, Consumer And Stakeholder Privacy Is About Defining Trust

Feb 19, 2021 by Eric D. Reicin, President & CEO, BBB National Programs

As business and nonprofit leaders navigate the Fourth Industrial Revolution, consumer and stakeholder privacy has become a matter of defining trust. As new digital services and connected devices fueled by personal data flourish, consumers’ reasonable expectation of privacy shifts. If expectations do not match reality, it can lead to gaps in trust and new paths for litigation and regulatory enforcement. 

Recent regulatory actions signal that privacy will be center stage in 2021. Whether you are in Washington, D.C., Ottawa, Sacramento, London, Brussels, or New Delhi, regulators’ attention has turned to enforcing privacy rights and defining data flows. This trend underscores the need for leaders to take stock of their own privacy practices, policies, and procedures to ensure their organization follows through on stakeholder promises and avoids litigation. 

Here are a few 2021 privacy developments business and nonprofit leaders should note. 


Balancing Privacy And Cross-Border Data Flows 

As the incoming Biden administration confronts the ongoing public health and economic crises, facilitating global digital trade while balancing privacy concerns will be critical. In the aftermath of the Court of Justice of the European Union Schrems II decision, the regulatory burden and associated risks for the transfer of personal data to the U.S. from the EU and U.K. have significantly increased.

U.S. businesses are operating in a compliance environment where no existing data transfer mechanisms are guaranteed to fully satisfy EU regulators. As a result, most choose to shore up their existing privacy commitments with additional safeguards, building on transparent frameworks like Privacy Shield to demonstrate their public commitment to EU principles. It is only through such mechanisms that businesses can continue to combat the rise of data localization rules and preserve the flow of personal data across borders. While U.S. organizations return to privacy-first principles — documenting their data flows, transfer tools, and contracts — the U.S. Department of Commerce is in active dialogue with its counterparts about the future of transatlantic data transfers, with an agreement expected in 2021.


More Scrutiny Over Data Collection And Monetization 

The broad impact of online platforms in consumers' daily lives will continue to be on the minds of many in 2021. Regulators have begun to investigate how the digital marketplace, with its reliance on personal data, may require a reconsideration of privacy and antitrust standards to discrimination and misinformation. In addition to filing a well-publicized antitrust case against Facebook, the Federal Trade Commission (FTC) announced in December 2020 an inquiry into data collection practices at nine social media and video streaming companies, including YouTube, Facebook, Reddit, Twitter, Discord, and TikTok’s parent company ByteDance.


Making Strides In Child And Teen Online Privacy 

The need to adapt privacy practices is even clearer when it comes to children and teens. Twenty years ago, the FTC’s original Children’s Online Privacy Protection Act (COPPA) Rule was designed to place parents in control of the personal information collected about their children online. In 2000, it would have been impossible to imagine how the internet and apps would become a ubiquitous part of our children’s lives. For COPPA to remain effective, we need to ensure that the factors that define "directed to kids" are updated to appropriately address today’s online services and platforms.

The FTC is currently conducting a COPPA Rule review. Before changes are finalized, the FTC is likely to scrutinize the edtech and digital advertising spaces more.

There are similar yet unaddressed challenges in the teen space. Teenagers are major participants in the digital ecosystem. Proposals from lawmakers to raise the age for COPPA as one way of addressing emerging teen privacy concerns leaves much to be desired. The FTC has raised questions about how teens interact with social media and video streaming services as part of its ongoing inquiry. To me, in 2021, industry leaders must come together to identify a forward-looking approach to teen privacy that recognizes the unique needs of this demographic.


Health Data And The Technology That Enables It 

The coronavirus pandemic has put the immense value of interoperable health data squarely in the spotlight. The expanded availability of data related to individual health is outpacing the development of regulatory safeguards to protect the public. Today, companies that operate on numerous platforms may end up with access to more data from which to make health inferences than a doctor’s office. Yet these technology companies are often not covered by existing health privacy laws

More work is needed among stakeholders in this space to ensure that the privacy protections consumers expect are preserved when their data is processed by third parties, including connected devices and mobile apps.


Prioritizing Privacy

For all organizations, challenges revolving around the use of private information will only increase in 2021. While the FTC and recent California privacy rules often do not have jurisdiction to regulate charities and many nonprofits directly, stakeholders expect nonprofits to meet the same global standards for privacy protections that businesses are embracing, and we will see whether the incoming Congress prioritizes federal omnibus privacy legislation. 

Many more privacy developments loom on the horizon, from the demise of cookies to contact tracing and the acceptance of connected cars. The organizations best prepared to meet these challenges will be those that keep consumer privacy top of mind, embracing policies and practices that go beyond compliance to provide individuals with a sense of empowerment over their data.

Originally published on Forbes.

Suggested Articles


The ABCs of DPF and GDPR

Easing data flows across the Atlantic, the EU-U.S. DPF satisfies requirements outlined under the General Data Protection Regulation (GDPR), helping companies avoid steep fines.
Read more

The FTC Joins the Global CBPR Party

This month the Federal Trade Commission (FTC) announced participation in the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE), signaling the agency’s interest in keeping pace with the increasingly global nature of commerce and marks an important step forward for the global expansion of CBPRs.
Read more

The UK Extension: Implications for International Data Transfers

The UK Extension to the EU-U.S. Data Privacy Framework (DPF) took effect, permitting the flow of personal data from the UK to the U.S. without the need for further safeguards and making UK coverage accessible for companies of all sizes. The UK Extension signals its commitment and enthusiasm for sustainable data flows.
Read more

Digital Advertising & Consumer Privacy: Roads Converge in 2024

Deprecation of traditional third-party cookie tracking and the adoption of new tracking alternatives has animated a new wave of regulatory issues that complicate business compliance with consumer privacy in digital advertising. From 2023 cases, DAAP identified best practices for responsible action in 2024 to stay out of regulatory crosshairs.
Read more