As 2024 unfolds, we are witnessing a new period of data privacy from new and updated regulations at various jurisdictional levels. Among these changes, Google’s strategy to end the use of third-party cookies is reshaping how online entities approach user data and privacy.

Google’s initiative to discontinue third-party cookies is aimed to reinforce user privacy on the internet, forcing businesses to rethink their strategies for tracking and interacting with users. Companies are now tasked with developing new methods for collecting user data that prioritize privacy, potentially relying more on first-party data and transparent user consent mechanisms. The full phase-out, scheduled for the second half of 2024, will bring an industry-wide adjustment for new standards of user data collection and utilization.

Global and national regulatory changes

The GDPR in the European Union has been instrumental in setting a global benchmark for data privacy. The regulation’s focus on user consent, data minimization, and cross-border data transfer rules shows a comprehensive approach to personal data protection. The EU’s plans to harmonize the interpretation and application of GDPR across its member states aim to remove discrepancies and provide a cohesive regulatory framework to simplify compliance for multinational corporations.

In the U.S., the absence of a federal privacy standard has resulted in a patchwork of state-level legislations, each with its nuances and requirements. For instance, the introduction of new privacy laws in states like California, Colorado, Connecticut, Virginia, and Utah in 2023 has further diversified the regulatory environment. Companies operating in multiple states must navigate these disparate laws, adjusting their privacy policies and practices to comply with each jurisdiction’s specific mandates.

The variations in state laws not only concern the regulations themselves but also the definitions and scope of personal data, consumer rights, and compliance obligations. For example, California’s Delete Act, aiming to improve transparency and control over data brokers, introduces another layer of complexity and shows the path toward more stringent data privacy measures.

Corporate Preparedness for Privacy Regulations

Womble Bond Dickinson’s recent survey offers detailed insights into corporate executives’ preparedness for navigating the intricacies of privacy regulations. Organizations across various sectors are finding themselves needing to adapt swiftly to the changing requirements of privacy laws. The survey taps into the perceptions and readiness levels of corporate leaders, offering a snapshot of how businesses are positioning themselves in the face of these regulatory shifts.

Alarmingly, the survey indicates a downward trend in the number of executives who feel thoroughly prepared to comply with U.S. privacy laws. Data from the survey show a drop from 59% in 2022 to 45% in 2023 among executives confident in their readiness for privacy law compliance. Such a decrease points to growing concerns among corporate leaders about their ability to stay abreast of and effectively navigate the privacy regulatory environment.

Executives’ diminishing confidence may stem from the increasing complexity and scope of privacy regulations. As new laws emerge and existing ones evolve, companies must continually reassess and update their compliance strategies. The decline in perceived preparedness signals a need for enhanced focus on understanding and implementing the necessary measures to comply with privacy laws.

International regulations and AI impact

The EU’s AI Act

Europe’s AI Act emerges as a key regulation influencing artificial intelligence technologies across the European Union. Legislators have designed this act as a comprehensive set of rules for AI’s development, deployment, and utilization. Aiming at ethical, transparent, and rights-respecting AI use, the act categorizes AI systems according to their risk levels. Each category faces specific regulatory requirements, reflecting a commitment to balancing innovation with the protection of individual and societal interests from AI’s potential adverse effects.

Digital Services Act

Alongside the AI Act, Europe’s Digital Services Act targets the regulation of online platforms, focusing on illegal and harmful content. This act mandates digital service providers, including social media platforms and online marketplaces, to introduce accountability and actively combat issues like disinformation and hate speech. Through obligations placed on these providers, the Digital Services Act looks to make a safer online environment, providing user protection and maintaining the principles of freedom of expression and information.

Together, these legislative acts demonstrate the European Union’s proactive stance on governing artificial intelligence and digital services, aiming for a balanced approach that benefits society while promoting responsible technological advancement.

Antitrust laws and privacy regulations

Antitrust laws intersect with privacy regulations, leading to a complexities for AI governance and personal data usage across industries. Antitrust objectives to foster fair competition and prevent monopolistic practices now merge with increasing concerns over data privacy and consumer protection. As companies collect, store, and use personal data—critical for AI technologies—antitrust enforcement affects these practices. Questions arise about balancing innovation promotion with consumer privacy rights in the digital era.

Antitrust scrutiny extends to how companies use personal data, influencing their data practices and market behavior. When authorities investigate monopolistic practices, they examine data usage, affecting how firms handle consumer information. Such scrutiny makes sure market dominance does not lead to privacy invasions or anti-competitive data practices, maintaining a competitive market that respects user privacy.

How organizations can work within these new regulations

Data strategies

Companies developing AI technologies must navigate antitrust and privacy laws that impact their data strategies. Firms must design AI systems considering legal constraints on data acquisition and use, adhering to compliance procedures while fostering innovation. Legal frameworks now require that AI development aligns with fair competition and privacy protection, influencing how companies approach AI and data strategies.

Shaping AI development and deployment

Antitrust and privacy considerations shape AI development and deployment, guiding how technologies respect competitive fairness and data privacy. Companies must integrate legal compliance into their AI strategies, balancing innovation with ethical and legal responsibilities. Such integration makes sure AI technologies advance without compromising consumer rights or market fairness.

Frameworks for ethical AI

The need for AI governance frameworks arises, specifically one that addresses competition, data protection, and ethics. Policymakers face the challenge of creating regulations that foster AI innovation while ensuring ethical use and data privacy. These frameworks aim to guide AI development in a manner that benefits society, respects privacy, and maintains a competitive market.

Navigating future AI policies

As AI continues to advance, policymakers and industry leaders must navigate the interplay of antitrust, privacy, and AI governance. Future AI policies will likely reflect a balance among innovation, market fairness, and consumer privacy, shaping the trajectory of AI development and its societal impacts.

Alexander Procter

March 25, 2024

5 Min