As technology becomes more advanced, the need for regulation increases alongside it. Governments have attempted for years to keep up with the ever-expanding world of smartphones, ecommerce and social media. They wish to protect consumers, promote competition and create safes spaces for users.
The need for safe spaces grew prevalent last year. In 2022, anonymous hackers ransomware and phishing attacks targeted big and small companies alike. Major companies like Uber and Ronin were, for instance, hacked by bad actors who gained access to their internal systems. On top of this, Vladimir Putin’s invasion of Ukraine created further turmoil as Kremlin gremlins upped the ante in their cyberattacks against Kyiv.
As we venture into 2023, it’s clear that companies need to protect themselves against digital assaults. It’s also likely that these looming worries about data protection and security will translate into implementation of stronger regulation.
“Enterprises looking to maximise opportunities offered by big data in 2023 must prioritise staying abreast of evolving data privacy reform and regulations,” Seth Batey, data protection officer and senior managing privacy counsel of data movement platform Fivetran, told Verdict.
“Failure to do so won’t just impact profitability, it has the potential to derail entire operations. The new age of data privacy reform is imminent.”
Join Verdict as we speak to a range of professionals across the technology industry to see what they believe 2023 has in store for tech regulation.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataFrank Contrepois, head of finops consulting, Strategic Blue
The whole tech industry seems obsessed with security issues and regulations and it is not surprising given that the average cost of data breaches increased 2.6% from $4.24m in 2021 to $4.35m in 2022.
I think one of the key things to look out for in 2023 is that there will be a lot of reiterating how the cloud is the most secure solution for enterprises. Companies that have their own systems, by offloading part of the security risks to AWS, can save a considerable amount of money. There is also an opportunity cost of continuing to build and maintain security systems that can be offloaded.
I think we will see more integrated security between leading cloud providers, such as AWS native, and other security software this year, as well as a lot more executives asking their IT leaders about their security systems and regulations. It is yet another reason why the cloud will look like a sensible place to be.
Antti Nivala, founder and CEO M-Files
EU personal data transfer laws will continue to present an issue for global, data-driven businesses. Many global businesses will continue to face uncertainty in 2023 as a result of the EU Court of Justice’s judgment in Schrems II, which questions the legality of transferring EU citizens’ personally identifiable information (PII) outside of the EU. We can expect more organisations to turn to information management to tackle this concern, as an avenue to understand better the flows of data, discover what data they hold, and control the data flows to limit where data travels, to avoid violating privacy laws.
Tom Cornell, senior I/O psychology consultant, HireVue
The technology sector is one of high growth, but in 2023 we are going to see more legislation proposed and coming into effect, which will affect AI businesses massively. In the short run, this might cause negative sentiment towards AI as it implies there is a need for regulation in the first place, but in the long run, uptake is likely to increase because there will be more consumer confidence in the product.
The legislation ultimately means businesses won’t need to be accountable for interpreting what should or shouldn’t be done when developing AI technologies, which is positive for everyone involved.
Karsten Winther, president for Europe, Middle East and Africa, Vertiv
Data centres will experience increased regulation and third-party oversight in 2023 as the world continues to grapple with the industry’s rising energy and water consumption against the backdrop of ongoing climate change. Mounting pressures to meet consumer demand for energy and water are forcing governments at all levels to take a harder look at data centres and their outsized consumption of those resources.
Data centres are estimated to be responsible for up to 3% of global electricity consumption today and are projected to touch 4% by 2030. The average hyperscale facility consumes 20-50MW annually – theoretically enough electricity to power up to 37,000 homes. We expect this to prompt increasing governmental scrutiny in 2023.
It’s happening in some places already. Dublin, Ireland, and Singapore have taken steps to control data centre energy use, and data centre water consumption – especially in areas prone to drought – is likely to trigger similar scrutiny. According to the U.S. Department of Energy, the water usage effectiveness (WUE) of an average data centre using evaporative cooling systems is 1.8L per kWh.
That type of data centre can consume three to five million gallons of water per day – similar to the capacity used by a city of 30,000-50,000 people. The industry will continue to take steps to self-monitor and moderate – including an increasing preference for environmentally-friendly thermal designs – but 2023 will see increases in regulatory oversight.
Martin Cheek, cybersecurity expert and managing director, SmartSearch
In 2023 we can expect to see increased regulations on data privacy and security and the implementation of regulations to mitigate the negative impacts of technology on society.
An increasing amount of personal information is collected and stored by technology companies. As industry experts, we anticipate that governments around the world will implement stricter regulations to protect consumer data. These regulations will include mandatory data breach notification laws, data minimisation requirements, and increased penalties for non-compliance.
As AI continues to be integrated into various industries, governments will impose regulations to ensure the accountability and transparency of these systems, requiring companies to explain their AI decision-making processes and to provide a human review mechanism for certain decisions.
As a leading tech business, we predict that governments will increase their scrutiny of technology companies to ensure that they are not using their market power to stifle competition. This will involve investigations into anti-competitive business practices and the imposition of fines for non-compliance.
Regulations will be introduced as new technologies emerge to address their ethical implications and to mitigate the negative impacts of technology on society, such as job displacement and digital addiction. We forsee this to include regulations to ensure the retraining and re-employment of workers affected by automation, and regulations to address the negative effects of excessive screen time and internet addiction.
Michael Ramsbacker, chief product officer, Trulioo
Diving down into specific sectors, it’s likely that we’ll see identity verification take on an even more critical role within the crypto sector. Recent events will likely lead to increased regulation across all areas of cryptocurrency, decentralised finance, and exchange functions. Regulators will look to bring in rules to protect consumers.
From a consumer perspective, confidence and trust around crypto is probably at the lowest level it’s ever been. Our own research last month found that 83% of crypto users said crypto companies should be doing more to reassure and protect customers.
Against this backdrop, I think it will increasingly be a case of the market deciding how the crypto sector recovers and the direction it takes going forward. I predict that we’ll see mainstream crypto investors voting with their wallets and favouring platforms (and jurisdictions) that are embracing, rather than trying to escape, regulation.
Nigel Jones, co-founder, Privacy Compliance Hub
Those responsible for cybersecurity may want to learn a few lessons from the shift in enforcement tactics by the ICO in 2022. If you are a public authority in the UK then perhaps you don’t need to worry as much about fines. On 30 June 2022, the ICO announced a revised approach to public sector enforcement and this approach has been followed in a recent case involving the Department of Education. However, if you think that because you aren’t high profile you won’t get fined, you may need to think again.
The ICO’s announcement on 26 September 2022 of its notice of intention to fine TikTok £27m for its treatment of children’s data was perhaps most interesting for the disclosure that as well as TikTok there are six other formal investigations ongoing and 50 other companies being monitored for similar breaches.
Robert Wassall, director of legal services, NormCyber
If 2022 is anything to go by, 2023 will be another big year for technology regulation, for two reasons. Firstly, inertia will continue to hamper organisations’ ability to adhere to modern data privacy standards, and secondly, due to the new information commissioner doubling down on ‘naming and shaming’ big offenders.
Organisations that want to avoid the scrutiny of the ICO in 2023 need to keep a close eye on regulatory developments and learn from the mistakes of others.
Meta is one to watch, having recently received a fine from the Irish Data Protection Regulator for its use of personalised ads. Meta will appeal against the fine, but should it lose, the case will have fundamental repercussions. Organisations that take a similar approach to Meta’s – i.e., those that rely on the acceptance of terms and conditions of the users of their platform as consent to receive personalised ads – will need to reconsider their strategies.
There will also be a large-scale re-think of data usage rights coming from the continent, as the EU is set to release further legislation to roll out a ‘GDPR-like’ approach to other data, not just personal. These new rules will guide how non-personal data can be used and shared, and will have far-reaching consequences for businesses.
Finally, the issue of international data transfers will continue to cause disruption to many businesses that rely on the mechanism. At the end of 2022, the ICO updated its guidance on international data transfers to include a new section on Transfer Risk Assessments (TRA) and a new TRA tool. The ICO is also working on guidance to help organisations use the International Data Transfer Agreement. In short, watch this space.
Jamie Barnard, co-founder/CEO, Compliant
In 2023, marketers will re-evaluate their media choices, prioritising channels and publishers based on four market forces: privacy, safety, sustainability and diversity. Advertisers will hold publishers to account, audit compliance across their supply chain and tailor publisher lists to:
- reduce exposure to privacy risks, ostracising platforms and publishers that play fast and loose with people’s data;
- reduce ad fraud and bot traffic, saving precious media dollars;
- lessen the environmental impact by avoiding wasted ad impressions; and
- experiment with media placement to show up to a broader, more representative audience.
From a privacy perspective, the advertising industry has sunk to the bottom of the barrel so the only way is up. Having reached this inglorious milestone, 2023 will witness a renaissance as forward-thinking companies start marketing privacy. Advertisers who recognise the inherent value of genuine, authentic, meaningful consent, will invest in creative, engaging and value-driven experiences that give people real choice. The death of the cookie will be the birth of a new model that will carry us into the immersive world of Web 3 and beyond.
Having been a thorn in the side of the ad-funded internet since its inception, in 2023 privacy will emerge from its chrysalis as the future of digital advertising.
Jeanne Kelly, partner, Browne Jacobson
The Data Protection Commission has been increasingly active with its decision outputs in 2022, and we expect further decisions and inquiries in 2023, resulting in increased and more regular fines.
The Consumer Rights Act, together with the Digital Services Act, will give individuals rights and recourse over digital items, resulting in changes in how digital platforms are operated in the year ahead.
Ken Barth, CEO, Catalogic Software
Security continues to be the top issue for IT professionals as we enter 2023, even in the face of the continuing political volatility that is driving unprecedented UK and European energy costs along with higher costs for IT products and services. The current geopolitical environment will continue to encourage bad actors to increase their cyberattacks, especially ransomware and supply chain attacks, on all types of organizations.
The IT industry needs to continue to invest heavily in the cyber resiliency of its products and services, including adding proactive defensive capabilities.
As the developer of an enterprise data protection product used by many UK companies, our development team is focused on adding proactive ransomware protection and recovery features that enable our customers to detect ransomware attacks early, and then quickly recover their systems and data to minimize any business disruption.
Seth Batey, data protection officer, Fivetran
Countries have historically looked to GDPR to guide data policy design but all this is set to change with the recent rise of country-specific approaches to regulating big tech’s data collection, usage and governance. In particular, the UK’s post-Brexit data privacy policy will be one to watch, as experts suggest that the UK will only take the “best parts” of GDPR to prioritise and emphasise a more pragmatic approach that puts more reasonable burdens on organisations to protect individuals’ privacy, rather than placing the onus on consumers to exercise their privacy rights.
Similarly, data protection reform conversations in Australia, Canada, and Asia continue to avoid imitating GDPR, instead leaning into accountability principles akin to the UK reform discussions.
The UK’s 2022 appointment of John Edwards, as head of the ICO, also signals a new direction for data privacy. While Edwards is committed to ensuring enterprises still reap the rewards of data-driven insights, those with an ear to the ground know that 2023 will be the year to neaten the edges around data privacy policy.
This new approach may even have a knock-on effect on future GDPR reforms. In fact, the EU supervisor, Wojciech Wiewiórowski, has said Brexit is an opportunity for the EU to see whether GDPR can, and should, be interpreted in a more flexible way and potentially influence current policy across the bloc.
We have already seen data privacy changes hit the world’s tech giants first, and the hardest, but that scrutiny is just getting underway. The EU’s new digital agenda (DMA, DSA, Data Act, and AI act) mark the legislative convergence of privacy and antitrust law. Improved antitrust laws will only make it easier for regulators to ascertain whether enterprises are using their power over markets to evade data privacy rules, and to gain unfair advantages over competitors. And it’s just the start.
With the challenge clear, big tech needs to up the ante on efforts to meet evolving privacy and antitrust regulations. Data governance has to take centre stage in 2023 for enterprises to be capable of keeping on top of reforms. Reviewing and revitalising data governance to make sure the outlines around laws and restrictions – that everyone in the organisation must follow – are clear, will ensure that the processes, roles, and technology enterprises use are secure and trustworthy. This will future-proof organisations’ customer-centric growth in 2023 and beyond.
Matt Peake, global director of public policy, Onfido
As we’ve already seen in other parts of the technology world, such as crypto, the EU will take a big step towards finalising progressive regulation this year, this time on AI – harmonising the European approach under a new EU AI Act which will regulate businesses seeking to build, manage, and deploy AI applications. It is expected that the legislation will set a precedent for other jurisdictions to evolve or follow.
The framework is designed to be risk-based so that the level of regulation will depend on the level of risk. This means that services such as identity verification and authentication, which merely seek to confirm a user’s identity, should attract minimal requirements. It’s a step in the right direction but it’s critical that the EU collaborates with the private sector to ensure that the act does not stand in the way of low-risk use cases by over-regulating them.
If implemented correctly, companies involved in AI development will benefit from being able to bring new services to market with regulatory certainty, and without being burdened by unnecessary compliance or operational costs. This will ultimately help fuel innovation in AI, which helps to reduce bias and drive more inclusive online services.
Seb Wallace, investment director, Triple Point Ventures
Venture capital is comfortable supporting nascent technology. Blockchain – and by extension crypto – fits within this category. To take one isolated good or bad data point and hold it up as ‘all that is right or wrong’ about blockchain is guaranteed to misstate the potential impact distributed ledger technology could have on the financial and legal world.
Specifically, on FTX, which can’t be ignored, there may have been fraud or at least negligence that warrants investigation. It goes without saying that no investor wants to support a company that ends up acting, or is alleged to have acted, fraudulently. It is unfortunate that FTX ended as it did. But the FTX failure masks other, promising businesses in the space, including Ramp, who recently closed a significant funding round.
As minority investors, VCs often have limited influence on the day-to-day operations of their companies (often for good reason!). The frank – if strange – reality of VC is that the sector assesses and assumes many edge-case risks when backing new technologies. What happened to FTX is sad, particularly in a sector with the risk of collateral damage for everyday consumers. But ultimately with new technology comes risk. Financial regulators will hopefully now construct a balanced approach to regulating crypto that enables the best companies – and their investors – to maximise value for users over the next year and beyond.
Pat McCarthy, CRO, Precisely
In 2023, we can expect tighter tech regulations around ESG reporting. However, organisations can only adhere to these if they have accurate, consistent, and contextual data for ESG reporting. Data is one of the most important factors for gaining insight, measuring metrics, and filling in the gaps when it comes to ESG practices.
The challenge here is that data often lives in silos, is stale, unstandardised, full of duplicates, incomplete or lacks the insight required to make it fit for purpose. Although most companies already have a data infrastructure in place, many find it is not detailed or trustworthy enough to properly report on these initiatives, both in the long and short term.
So, with data assets being critical to reaching a net-zero system, companies will need to establish a foundation of data integrity to make strategic decisions based on trustworthy ESG data. As part of this, they will need to invest in technology that combines data integration, data governance and quality, location intelligence and data enrichment capabilities.
Additionally, a board-level mandate on data is required, as well as business-led use case arguments for tools that automate the process. This will provide real-time analytics to support confident decision-making, something which is particularly important as businesses pivot to align with changing ESG initiatives and regulations.
Now, more than ever, organisations need trusted data to be able to make confident decisions, set targets, and measure the progress of their green resolutions. By building a meaningful data integrity strategy, organisations can be sure they are making important decisions based on data they can trust.
Michael Queenan, CEO and co-founder, Nephos Technologies
The Online Safety Bill, as it stands, lacks any real punch. There’s no real accountability. The aim of this bill should be around protecting vulnerable people, particularly those under 18s, something the country and social media giants are failing to do. We have to introduce enforceable and meaningful legislation that explicitly protects future generations or quite simply we are letting them down.
Over the last 15 years, the rate of teen suicides has increased by more than 30%, directly correlating with the growth of social media. Holding social media bosses personally responsible for such deaths will provide more incentive to comply with regulations.
Placing this accountability with the top regional lead will be the most effective method and enforcing this from the outset will avoid the passing or deflection of blame between privacy officials and business leaders. The government must be strict with such legislation if we are to genuinely save our children from a world that we, ourselves, didn’t have to deal with.
Proper know your customer (KYC) checks are still missing. We should be setting a UK standard of formal age authentication for any social media platform, as is mandatory with financial services applications. Email addresses and Facebook accounts should not be accepted as proof of age when they are so easy to manipulate.
The UK has the chance to take the global lead and show the world that protecting our children’s rights matters more than keeping app companies happy. It is currently unclear exactly how the government thinks that the bill will achieve this, without obligatory age authentication as a minimum requirement.
GlobalData is the parent company of Verdict and its sister publications.