2018: The Rise of Privacy
There is little doubt that 2018 earned its place in the history of personal data protection, but we still found it useful to put together a little summary of the year’s most meaningful events (data breaches, claims, scandals, legislation!…).
We also find it important to mention that many of us chose 2018 to embark on new business ventures aiming to take certain industries, or society as a whole, to a new level in terms of privacy ethics, data democratization, decentralized identity, or pure regulatory compliance. In our case (at PrivacyCloud) it was a strong belief in true customer centricity and a complete redefinition of the business models powering most digital experiences that led us to take the leap.
All of it, data breaches, claims, scandals, breakthrough legislation, and new privacy-focused business ventures follow below, in chronological order, with a collage of key headlines providing a visual summary in our “four seasons” Infographic (embedded here for future reference — please feel free to download it or reuse it however you see fit).
2018: Year of Privacy
February
- Telefonica-funded Wibson is launched as a blockchain-based “Personal Data Marketplace”, following the steps of prior initiatives in the Personal Information Management space like Citizen.me, Digi.me, People.io, or Datum.
March
May
- The EU’s General Data Protection Regulation (“GDPR”) comes into force on the 25th
- Vienna-based non-profit NOYB (“None Of Your Business”) files initial claims against Facebook, Whatsapp, Instagram, and Google (Android) under the GDPR (with the French, Belgian, Austrian, and Hamburg state Supervisory Authorities, most likely dragging the Irish Data Protection Agency into all of them)
- Under Armour discloses a major data breach affecting an estimated 150 million people in the United States.
June
- Facebook suffers its biggest ever data breach, through the Nametests app using its Login feature. It affects 120 million people
- Adidas discloses a data breach potentially affecting “millions”, related to online customers in the USA
- The California Consumer Privacy Act (“CCPA”) is signed into law on the 28th.
July
- PrivacyCloud (founded on March 8th) launches its first mobile application on July 14th, reaching 2,000 installs in its test markets (Spain & Ireland) in a single week.
August
- Google is faced with a major scandal with regards to the manner in which its apps collect the user’s location history regardless of the user’s choice to disable such tracking.
September
- Facebook suffers a new security breach affecting 50 million people
- The first private lawsuit is filed against Google under the location history revelations
- A new update to Google Chrome (69) forces users into a browser-level login, resulting in public outcry and a subsequent amendment
- The French data protection agency (CNIL) issues its first formal warning against an AdTech firm: the DSP Vectaury happened to be using the IAB Consent Framework (publicly disclosed on November 9th)
- Tim-Berners-Lee announces the launch of Inrupt, a private venture built on top of Solid, a decentralized web platform he and others had been working on at MIT
- Hu-manity.co launches a mobile app for people to claim their data as property (a “31st human right”).
October
- Google announces closure of its Google+ social network after a second undisclosed data breach affecting 50m users.
November
- Facebook confirms having engaged a lobby firm to link negative public perceptions of the firm to the billionaire George Soros
- A separate Facebook leak shows that selling user data was actually pondered as an initial business model
- Complaints are filed by Privacy International against Criteo, Experian, Quantcast, Tapad, Acxiom, Oracle, and other major AdTech players
- Marriott discloses the world’s largest ever data breach, affecting some 500 million people.
December
- Facebook, it now emerged, bent its own personal data rules for major customers, allowing Apple, Amazon, Sony, or Netflix to read, edit, or delete private messages.
***
Quite a run!
Of course, looking at such an eventful year one cannot help thinking: Will the trend continue in 2019? Will this be the year that EU Supervisory Authorities take the lead in enforcing the GDPR? Will they be able to bend the AdTech industry into complying? Will the upcoming ePrivacy Regulation provoke a whole new chain reaction?
One thing is certain about the new year, whatever the muscle or will of privacy enforcement bodies across the world: Businesses and governments will collect even more data about even more people, and, for good or bad, with or without our knowledge, more of that data will be used to power our digital lives.
Whether it is people or businesses who take control of such data remains to be seen.
Happy 2019!!