As we approach 2024, data privacy has become an increasingly relevant topic. Just this July 2023, Kenya faced a pivotal moment when the e-Citizen government platform, entrusted with our most sensitive personal information, fell victim to a cyberattack. It was a Distributed denial-of-service (DDOC) attack that would see many Kenyans locked out of their government accounts and unable to access any service on the platform.
Despite the hackers claims to have stolen passport data, the Communication and Digital Economy Minister Eliud Owalo was clear that no data was accessed or lost. Nevertheless, the government’s assurance that no passport data was compromised is no guarantee that such incidents will not happen. Data Security remains an ongoing challenge that requires our continuous attention and resilience to adapt to new threats and vulnerabilities. It is a responsibility that we all share.
In light of this, here are our 7 predictions on some of the key trends on Data Privacy in 2024.
- Data Protection Regulations will become more strict: Governments worldwide are progressively implementing and upholding rigorous data protection laws. Organizations will have to ensure compliance with regulations like the General Data Protection Regulation (GDPR) and various other statutes on data protection currently in force in more than 30 African states. The need for tougher regulations was a key area of concern in the senate hearing in May 2023 where the CEO of OpenAI, Sam Altman, IBM Vice President Christina Montgomery and New York University Professor Gary Marcus called for stronger regulation around generative AI to safeguard basic human values.
- Increased emphasis on user consent: With the increasing concerns about data privacy and getting very clear and informed permission from the data user for collection and processing activities will become more important. Organizations must therefore prioritize openness and give clear information on how the user’s personal data is going to be used so that the users can make well informed decisions on whether to share their data, or not to.
- More companies will adopt Privacy-Enhancing Technologies: Privacy-enhancing technologies (PETs), such as differential privacy, homomorphic encryption, and secure multiparty computation, are gaining traction. In simple terms, PETs make your personal data unintelligible to anyone not authorized to access it and allows companies to gain insights from your personal data without breaching your data privacy. This way online criminal activities such as fraud, financial crimes, money laundering, identity theft and cybercrime can be prevented. It is worth noting that PET’s do not provide a one size fits all guarantee, it will therefore be important for organizations to re-evaluate the impact of their data processing and state how, and for what purpose they plan to use that data.
- Enhanced Data Breach Readiness and Incident Response: As data breaches continue to pose significant risks, we expect to see more organizations focusing on proactive measures to enhance their incident response capabilities. A Data Breach Readiness plan will help to assess and strengthen their ability to detect, react to, and contain attacks with speed and efficiency as well as implement robust security measures, conduct regular security audits, and develop comprehensive breach response plans to address data breaches with confidence, by identifying attackers before situations escalate into major crises.
- Increased Awareness of Data Ethics: Data ethics and values involve evaluating the moral and social consequences of data analysis, respecting the rights and interests of data subjects and users, and actively promoting the common good and public interest, particularly in light of the increasing attention to concerns like bias, discrimination, and algorithmic accountability. As we progress to 2024, organizations will be expected to proactively address these ethical considerations in their data collection, processing, and decision-making practices to ensure fairness, transparency, and accountability.
- Data Localization: Data localization, as the term implies, is the storage, management, and processing of data in a given location or region. We have already witnessed cases where certain countries like …were implementing data localization requirements, mandating that certain types of data be stored within their borders. The significant motivation behind advocating for data localization is its economic implications. The global data infrastructure industry is anticipated to exceed $340 billion in value by 2023, with projections indicating it will further expand to surpass $400 billion by 2027. These may sound positive in view of the benefits mentioned earlier, but there are numerous oppositions, and challenges that lay ahead.
- Privacy by Design: This means more organizations will begin to prioritize data privacy during the initial design stage as opposed to considering it in the final stages of the product development process. This way, privacy and data protection become core functionalities of the system, in addition to what the system was designed to do in the first place.
These trends reflect the evolving landscape of data privacy, signaling the ongoing challenges that demand continuous attention and adaptive responses to new threats and non-compliance. As we navigate these trends, it is essential for organizations and individuals alike to remain vigilant, adaptable, and committed to upholding the principles of data privacy in an increasingly interconnected world. By doing so, we can work towards a safer and more secure digital future for all.