Privacy lawsuits and claims on biometric information processing and cyber-physical systems will have resulted in over $8 billion in fines and settlements by 2025, according to Gartner.
According to the research and analyst firm, new privacy laws cover the capture, conversion, storage and processing of biometric data, and can even apply to face tagging technology in social media.
Some laws also come with a retention regime, and may prohibit selling, leasing, trading or profiting from biometric data. There are also a few that prohibit the usage of biometric information in certain use cases altogether.
“Autonomous vehicles, drones that capture video, smart buildings and smart cities are cyber-physical systems that capture biometrics of all kinds. The collection and storage of biometric information is gaining, whether in the form of fingerprints, iris scans, remote recognition of face, gait, voice, or even DNA samples. But this information has huge potential to be misused or abused,” said Bart Willemsen, research vice president, Gartner.
He added, “In such cases, it is important that security & risk management leaders and privacy leaders consider alternative, less invasive means to achieve the intended purposes, explaining all necessary information to the customer without any caveat.”
Several multinational, consumer-facing organisations are actively moving toward a self-service model through privacy portals and intake forms. Their intent is to not simply avoid regulatory fines, but also to bolster customer trust and maintain positive brand sentiment.
Earlier this year, the UAE Data Protection Law (DPL) came into effect. It is the first comprehensive federal law focused on regulating the collection and processing of personal data in the country. It is intended to protect “any data related to a specific natural person or related to a natural person that can be identified directly or indirectly by linking the data”.
Increasing data privacy budgets
Gartner also revealed that the average annual budget for privacy will exceed $2.5 million in by 2024. This will also allow ‘privacy’ from being a compliance requirement into a competitive advantage.
Privacy budgets increased from $1.7 million in 2019, to $2 million in 2021 and are expected to continue to increase at a steady rate. This is primarily driven by the sudden uptick in online activity, remote working, and virtual learning increased cyber threats.
With privacy regulation efforts across dozens of jurisdictions set to transform in the coming two years, many organisations will only see the need to start their privacy programme efforts now, according to Gartner.
Organisations need to gain full control in detail over all personal data processing activities before they can hand over that control to the individual. One way to do that is through privacy rights and consent management services. “The customer will experience the difference between having to wait weeks for an incomplete answer, or within seconds have full access to the answer to the question ‘what data does an organisation process on me?’. That difference is where trust is gained, or lost,” said Willemsen.
