- Cybersecurity Rules by the SEC and the EU – Both the Security and Exchange Commission’s public company cybersecurity disclosure and breach notification rules as well as the implementation of the EU NIS 2 Directive will drive increased focus from management and the board on cybersecurity risks, preventive measures, and incident response. Expect to see another year of growing enforcement activities in the breach space, including scrutiny of representations made by public and critical infrastructure companies about their security practices.
- Server Side Tracking Replaces Browser Side Tracking – Increasing regulation by international and U.S. state laws is driving creative ways to collect information about consumer behavior while ensuring compliance with privacy regulations. Server side tracking, which collects data on the server hosting a website and not on the users’ browser, will replace browser-side tracking, giving users more control over their data.
- Training AI Models – The data privacy implications of using first party and third party data to train artificial intelligence algorithms and models may inform legislators’ levels of severity in new proposed state and federal laws as they seek to regulate this fast-moving technology. While not addressing privacy issues, the European Union's risk tier-based AI Act, which will regulate the deployment and use of AI, is close to formal adoption before becoming EU law.
- Washington State’s New Health Privacy Law – Lawsuits, lawsuits, lawsuits, and more lawsuits could be brought in Washington state under the My Health My Data Act (MHMDA), which affects any company or non-profit handling consumer health data in the state and permits Washington residents to file lawsuits for violations.
- Legislation Loves Company – In the United States, more than a half dozen states enacted data privacy statutes and the federal government came within an inch of passing a comprehensive federal privacy statute. The pace of new legislation (and new regulations) will increase even further in 2024 with more governments in the United States and abroad enacting omnibus and sector-specific (i.e., AI) privacy legislation.
About the Authors:
Greenberg Traurig’s Data Privacy & Cybersecurity Practice is composed of a multidisciplinary group of attorneys and professionals located throughout the world. The team of dedicated data protection attorneys have experience working hand in hand with organizations of all sizes to develop practical strategies and provide strategic advice on virtually all aspects of data protection including CCPA, GDPR and other compliance issues; data use, transfer, and licensing issues; data breaches and regulatory investigations; and defending against privacy-related class actions.