2020. A short retrospective from a data privacy perspective (1)

As the end of the year approaches, it’s the right moment for reflection and retrospective. Everyone tends to agree that 2020 was a game-changer year, that will shape industries and behaviours alike. It was also a year full of events for privacy professionals: the COVID-19 pandemic, 2 years since the implementation of GDPR just to name a few of them. We asked a few privacy specialists to tell us how they would describe 2020 from their perspective and this is what we found out. 

For Cristiana Deca, privacy expert, “2020 was a very challenging year, since I discovered how a remote world looks like, and I got to see first-hand how privacy can be in danger if we don't protect it as a human right. We Europeans were so lucky to have GDPR in place when the pandemic hit because it gave us the tool to assess all covid-19 measures and tech solutions through its lens. At a macro level the privacy community became more conscious about privacy by design principle and its importance”.

Dr. Gabriela Zanfir-Fortuna, Senior Counsel for Global Privacy, says: "2020 was a big year for privacy and data protection, I might even call it effervescent. On one hand, around the world, the first responses to the COVID-19 pandemic were very much data-focused. Think of contact tracing apps, heat maps based on location data, drones, and temperature scans, but also cross-border, huge, clinical trials that needed data exchanged in real time. All of these brought up front and center the need for appropriate safeguards on how data, including sensitive data, should be collected, used and shared”.

Dr. Gabriela Zanfir-Fortuna underlines another important aspect: “On the other hand, leaving the pandemic aside, there were so many consequential developments that are bringing privacy and data protection towards convergence and interoperability around the world: the LGPD in Brazil entered into force, China proposed its first comprehensive personal data protection bill, India made significant steps towards adopting the comprehensive personal data protection bill, Canada finally proposed a deep overhaul of its existing old federal privacy law, we've also seen general data protection bills being proposed in Nigeria, adopted in Rwanda. Australia is in full process of public consultation on its own overhaul of the general privacy law, and last but not least, the US has seen important developments too. A new law was voted in California to replace the CCPA and provide enhanced protection to privacy, and at federal level we've seen several new bills proposed, including one primarily sponsored by the Chairman of the Senate Commerce Committee, Sen. Wicker. What is fascinating is that in all of these developments you can identify nuggets of the GDPR, to a lesser or a bigger extent. It's just a lot that has been going on".

For Tudor Galos, Privacy consultant, “This was one of the most challenging years for businesses across the world. First of all, the COVID-19 pandemic hit, and businesses had to completely change the way they were functioning. Beside moving employees from open space to home environments, companies had to quickly change business processes, security policies and procedures and develop and implement business continuity plans. And most of them had only one weekend in March to implement these changes”.
 
“Hackers had the ideal conditions to attack”, added Tudor Galos, “people were afraid of SARS-COV-2, companies were implementing work-from-home scenarios with ad-hoc procedures, internet service providers fought to upgrade the networks to support the increased home internet consumption etc. Moreover, this year we had the first hacking attack which ended up with a murder, as a person died when a hospital in Germany was hit with a ransomware attack”.

2020 was also the year when data controllers realised the fact that they are accountable for international transfers as Privacy Shield was invalidated by EUCJ. This led to an unimaginable scenario in which most personal data transfers to US became illegal and data controllers had to perform TIAs (Transfer Impact Assessments) as Standard Contractual Clauses increased their accountability. We, as Privacy Professionals had to quickly move to assist our customers in maintaining and improving privacy compliance as employees moved to work-from-home scenarios. 

In the next parts of this article, we will discuss about other challenges and concerns of data privacy specialists.

Related articles:

• 2020. Which was the biggest challenge for the privacy professionals during this year? (2)
• How do you believe the COVID-19 pandemic will further impact the privacy specialists’ activity?

 
Photo by Kelly Sikkema on Unsplash