Privacy and data protection trends in 2021

What could 2021 mean for privacy, both in the public and private sectors? 

It can sometimes feel like the world is moving altogether too quickly these days. From the tumult of 2020, with the pandemic of the coronavirus gripping the globe, to major changes in the way we work, rest and play, our technology and the way we use it has never been more important. 

But as 2020 gives way to 2021, there’s no sign of slowing down the significant shifts we’ve already seen. The coming 12 months promise big things – from the Biden administration taking office in the United States, to the UK leaving the European Union and its support for things like GDPR, there are huge shifts afoot that could have an outsized impact on privacy and data protection in 2021. 

So, what are they?

Focus on national privacy protection

Citizens of the European Union are currently shielded by the General Data Protection Regulation (GDPR), a set of rules that governs how their data will be used. Although the UK is leaving the European Union, and theoretically could diverge away from Europe on this, it seems likely that they will maintain parity on protecting users’ data. 

But they’re far from the only people working in this space. China published a draft of its Personal Information Protection Law (PIPL) in October, which would govern citizens of that country – though whether it’s a smokescreen is still to be seen. India is still debating its Personal Data Protection Bill, tabled in 2019, though there is hope it will come into law this year.

And California’s CCPA, which has been dubbed a US GDPR, has attracted the interest of other states, who could follow in 2021. The Biden administration could even introduce a federal consumer privacy bill of rights, granting protections to all users of the internet and any tech platforms nationwide.

Schrems II remains a concern

One of the biggest shifts in data protection and privacy in 2020 will continue to rumble on in 2021, as the aftershocks of Schrems II will still be felt.

The decision by the European Union in October 2020 means that EU privacy rules have jurisdiction over national security rules anywhere else.

Companies who transfer EU citizens’ data outside the EU have to adhere to stronger rights. Schrems II is going to be a headache for many companies who find it difficult to adhere to the global reach of European law, but it seems likely that they’ll have to if they want to continue to serve the hundreds of millions of European uses who comprise a large share of their business.

Home working shifts continue to cause alarm

Shipping personal data around the world could become a flashpoint for employers who are seeking to gain a little more control over how their workforce spend their working hours.

We’ve already seen the first flourishes of a surveillance state in the workplace, with data tracking wristbands that purport to know when employees are unsatisfied with their current conditions.

For bosses, it’s a boon – but expect to see a raft of legislation and lawsuits over the notion that you’re required to give up data about your health and wellbeing to your employer – especially when you’re sat at home.

What’s likely to happen is that this will trigger a reckoning in collecting employee data, believes Heidi Shey of Forrester. "Consumer demand, innovation, and the pandemic are changing the way we work and igniting employers’ desire to collect, analyze, and share employee personal data,” she says. “It’s an opportunity, but without the right safeguards, it becomes a trap, and we predict in 2021 regulatory and legal activity regarding employee privacy will double.”