Data privacy in 2023: 10 moments that shaped the year
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Usually, one topic tends to dominate discussion in privacy over the course of a calendar year. In 2021 it was the fallout from the Schrems II case, in 2022 it was US state privacy laws, but in 2023 there has been a multitude of high-profile stories to follow from the EU-US Data Privacy Framework (EU-US DPF) to calls for Artificial Intelligence (AI) regulation and continued developments in US state privacy. So much so, that significant new laws in India and Saudi Arabia, as well as revisions to the federal law in Switzerland and Standard Contractual Clauses in China almost went under the radar. This report, produced by the in-house analysts at OneTrust DataGuidance, outlines the ten key moments of the year.
Take a quick look with our infographic: Data privacy in 2023: 10 moments that shaped the year
Data privacy in 2023: 10 moments that shaped the year
The area that captivated us the most this year was undoubtedly the rapid rise in widespread use and developments of AI tools. 12 months ago, hardly anyone could have foreseen quite how much impact AI was going to have in 2023 and while it has potential to unlock positive outcomes for people and society it also poses a huge risk to individuals’ rights privacy. Globally, regulators have been working on robust regulation to help guide the responsible use of AI and 2023 saw laws proposed, drafted, and passed in jurisdictions including China, UK, US, and notably the EU.
We finally saw resolution to the ongoing fallout from the Schrems II case in July. The European Commission adopted its adequacy decision on the EU-US DPF creating a new framework for transatlantic data transfers. The framework was a product of over 18 months of negotiations and allows organizations to self-certify with the Department of Commerce. However, the framework was not without its critics as immediately after the adequacy decision was made opposition to the framework was already being voiced with noyb claiming that a challenge would be made before the Court of Justice of the European Union (CJEU) before the end of the year.
Another year has gone by, and more US states have added themselves to the growing patchwork of comprehensive privacy laws in the US. This year no less than eight more laws were passed. This was in addition to the five comprehensive state laws that were in effect or entered into effect in 2023. While the privacy landscape in the US continues to grow more complicated with each passing state bill, a federal law is still no closer to being passed and little progress was made over the course of the last 12 months.
While the US was busy passing new state laws, important developments were also being made in Europe. On the enforcement front, the Irish Data Protection Commission (DPC) issued Meta with the largest ever fine under the GDPR totaling €1.2 Billion for failures relating to their data transfers. In the UK, the Data Protection and Digital Information (No.2) Bill was reintroduced following the original bill’s withdrawal in March. Meanwhile in Switzerland, the revised Federal Act on Data Protection (revised FADP) and the revised Ordinance on Data Protection both entered into effect after several years of discussion.
Elsewhere, significant privacy developments took place in the Middle East and APAC regions. Vietnam's first and much awaited comprehensive data protection law was issued in April and came into effect on July 1. Meanwhile in Saudi Arabia, the Personal Data Protection Law entered into force in September following two postponements. In India, the highly anticipated Digital Personal Data Protection Act received Presidential assent in August, becoming India's first comprehensive data protection law and altering the Indian privacy landscape. And as several jurisdictions welcomed new privacy laws, the Cyberspace Administration of China issued Standard Contract Measures for the Transfer of Personal Information Abroad which became applicable from June.
Take a quick look with our infographic: Data privacy in 2023: 10 moments that shaped the year
OneTrust DataGuidance Data privacy in 2023 report
This year’s report, produced by the in-house analyst team at OneTrust DataGuidance, gives an in-depth round-up of the most significant moment of 2023 including:
- Developments in AI regulation
- EU-US Data Privacy Framework
- New US States Privacy Laws
- India’s Digital Personal Data Protection Act
- Vietnam’s Personal Data Protection Decree
- Saudi Arabia’s Personal Data Protection Law
- New Chinese Standard Contractual Clauses
- EU enforcement decisions
- UK Data Protection and Digital Information (No. 2) Bill
- Switzerland’s revised Federal Act of Data Protection
Download the 10 moments that shaped the year report to learn more about these developments and how they have impacted the privacy landscape over the past 12 months.
