After an eventful 2022 which featured massive data privacy fines, burning news , and new regulations, organizations around the world are bracing for another year and wondering what to expect for 2023.
In order to bring some clarity and start an insightful conversation, the first Yes We Trust webinar of the year focused on the state of data privacy around the world in 2023. The panel took place on January 19th and featured Luiza Jarovsky, CEO at Implement Privacy and creator of The Privacy Whisperer, Stéphane Hamel, Data Privacy & Ethics Consultant, and Romain Gauthier, CEO and co-founder at Didomi.
A first of its kind, this webinar will be followed by many more in the future on the privacy hub Yes We Trust. Learn more about Yes We Trust, access the webinar recording below, or continue reading for a summary of the conversation.
Summary
- Looking back at 2022: what happened in the data privacy industry?
- Conversation on Privacy UX, Europe, and tracking analytics
- Data privacy challenges to keep an eye on in 2023
Looking back at 2022: what happened in the data privacy industry?
To open up the webinar, our three panelists discussed last year and what were the most important events for the data privacy landscape in their opinion.
For Luiza Jarovsky, the most important event of the year was the situation between Meta, the Irish data protection authority (DPA), and NOYB - Max Schrems' organization. Meta was punished in several instances by the Irish DPA, totalling almost $1 billion in fines in 2022. In one of these decisions, Meta was found guilty of using contracts as a lawful basis to collect and process personal data. Going forward, the company won't be able to consider that by accepting the Terms of Services, all users are agreeing to have their data collected and processed.
“It is still unclear if they will have to use consent, if every Facebook user will have to say “I consent” but I think it’s going to change the social media and advertising industries.”
Luiza Jarovsky, CEO at Implement Privacy and creator of The Privacy Whisperer
For Stéphane Hamel, 2022 constituted a tipping point where marketers and analysts started wanting to know more about privacy. On a personal note, he also highlighted that Québec's Law 25 was a huge topic, with a worry for 2023 that not a lot of companies will try to implement the necessary changes to comply.
For our CEO Romain Gauthier, the events surrounding Google Analytics were a key moment of last year. In his opinion, this was the most disruptive the privacy industry had been since the enforcement of the General Data Protection Regulation (GDPR):
“This one really hurts, because we know that between 75 and 90% of European websites are currently using Google Analytics. It’s the kind of decision that can force massive market changes.”
Romain Gauthier, CEO and co-founder at Didomi
He also highlighted the immediate reaction from the Biden administration and the European Union, with a new data privacy framework between the E.U. and the U.S. in the works - reflecting that privacy can be a strong influence and cause political leaders to move fast, something that hadn't happened before.
To dive deeper into the major events of 2022 and more specifically what happened for us at Didomi, head to our blog post on the topic:
{{read-our-2022-rewind}}
Conversation on Privacy UX, Europe, and tracking analytics
In the second and main part of the conversation, our 3 panelists focused on three key topics:
- Privacy & UX: what future for the user journey?
- Europe as a baseline for global privacy
- How to combine tracking, analytics & privacy?
While we recommend checking the full webinar, we've gathered some of the main takeaways from the webinar.
Privacy & UX: what future for the user journey?
Dark patterns are a type of deceiving design element, which aims to trick users and consumers by deliberately obscuring, misleading, and deceiving them. Examples you might be familiar with include hidden costs on e-commerce websites, disguised ads, or manipulative cookie banner designs.
Because of dark patterns, consumers might end up making unintended and potentially harmful decisions online.
Luiza Jarovsky is particularly familiar with this topic, having written an academic paper about it and discussed it at length in her very informative The Privacy Whisperer newsletter. After highlighting the fact that a lot of grey areas remain around the topic, she argues that regulating might not be the best choice due to the rapid pace of technology - but that she believes Privacy UX will become an increasingly important field in the coming years.
"What really matters for the users, for privacy on the ground, is the user experience, the interface, how you interact and exercise your choice. I think this field is very important and I’m happy that last year there were fines on this topic, it’s really very popular. In two or three years, my prediction is that we will be in a much more mature phase of Privacy UX."
Luiza Jarovsky, CEO at Implement Privacy and creator of The Privacy Whisperer
Our three panelists agree that the culture around privacy is changing, as well as what consumers want and expect from organizations. As a result, building trust and transparency with customers is more critical than ever for brands.
Europe as a baseline for global privacy
Starting the conversation, Romain Gauthier mentions that at Didomi, 95% of the consent notices deployed by European clients use the setting “Apply GDPR globally”, and that many consider Europe's GDPR as the gold standard for privacy around the world.
This was reflected in the poll conducted during the webinar, with over 85% of the respondents considering it best for global organizations to simply apply GDPR everywhere:
Luiza Jarovsky acknowledged that Europe is trying to be a first mover and leader, for example by introducing several bills around data and data protection, such as the Data Act, the Data Governance Act, the Digital Markets Act, the Digital Services Act or the Artificial Intelligence Act, and as such setting a standard for the rest of the world.
As a Data Privacy & Ethics Consultant, Stéphane Hamel provides his feedback and critical view of applying various regulations depending on where consumers are located:
I always find it interesting when I do an audit of a global brand and their privacy policy starts with 'Your privacy is very important to us', but then they treat their customers in different ways depending on which country they come from. If their privacy is really important, then all customers should be treated the same.”
Stéphane Hamel, Data Privacy & Ethics Consultant
In his opinion, we are going to quickly see the difference between brands that address privacy from a risk-avoidance perspective and brands that start to address it as a brand value much like corporate social responsibility initiatives.
How to combine tracking, analytics & privacy?
Since early 2022 and the Belgian DPA decision regarding the Transparency and Consent Framework, there has been a lot of uncertainty in adtech and martech tracking models - in part due to the recurring topic of the deprecation of third-party cookies and trackers, which has been rolled back to 2024 by Google.
Do companies need to ask for consent to build some forms of analytics?
For Stephane Hamel, it all comes back to the purpose of collecting data. Indeed, he argues that you don’t necessarily need personal data to improve your website and optimize performance: Calls with customers, surveys, emails, or surveys are other, very valuable ways to improve your products and better serve your customers.
Data privacy challenges to keep an eye on in 2023
In the last section of the conversation, our panelists discussed the main challenges to keep an eye on in 2023, with two main topics emerging:
A larger focus on Privacy UX and Dark Patterns
Luiza Jarovsky predicts that there will be a lot more fines related to Privacy UX and Dark Patterns in 2023. In her opinion, every department from engineers to marketers should have an understanding of privacy.
"When we’re talking about Privacy, it’s much more than just clicking 'I consent' or reading a privacy policy. It’s a fundamental right, it’s human dignity, it’s how the person’s identity is reflected online, how the person wants to be seen by this network of websites following us.
So I think it’s important that companies realize that not just the legal department should understand privacy. If you want to say that you are privacy-focused or that you really understand privacy, then everyone at your company should have a notion of data protection, and of what we protect when we’re talking about privacy."
Luiza Jarovsky, CEO at Implement Privacy and creator of The Privacy Whisperer
An accelerating pace around privacy and more enforcement
On his side, Stéphane Hamel believes that the pace is accelerating and that we’re going to see more enforcement in 2023. He drives a parallel between privacy and the history of seat belts, which received a lot of pushback initially, before becoming a widespread safety device.
To conclude the conversation, he states that he believes 2022 will be a year of innovation and new solutions, and an exciting time for the privacy industry, something we also strongly believe at Didomi. For more insights about what you can expect in 2023, check out what our Chief Privacy Officer has to say on the topic.
And to continue this conversation, join the Yes We Trust community on LinkedIn, where you can ask questions, discuss with other privacy experts, and stay up to date with the latest privacy news: