惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

月光博客
月光博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
人人都是产品经理
人人都是产品经理
IT之家
IT之家
Cyberwarzone
Cyberwarzone
T
Troy Hunt's Blog
有赞技术团队
有赞技术团队
阮一峰的网络日志
阮一峰的网络日志
T
Threat Research - Cisco Blogs
S
SegmentFault 最新的问题
Apple Machine Learning Research
Apple Machine Learning Research
G
GRAHAM CLULEY
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 叶小钗
Last Week in AI
Last Week in AI
C
CERT Recently Published Vulnerability Notes
The Hacker News
The Hacker News
Jina AI
Jina AI
T
Tor Project blog
V
Vulnerabilities – Threatpost
酷 壳 – CoolShell
酷 壳 – CoolShell
Spread Privacy
Spread Privacy
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Simon Willison's Weblog
Simon Willison's Weblog
Security Latest
Security Latest
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
博客园 - 司徒正美
V2EX - 技术
V2EX - 技术
I
Intezer
The Cloudflare Blog
Cisco Talos Blog
Cisco Talos Blog
SecWiki News
SecWiki News
博客园 - 【当耐特】
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
L
Lohrmann on Cybersecurity
Scott Helme
Scott Helme
Google Online Security Blog
Google Online Security Blog
量子位
The Last Watchdog
The Last Watchdog
AI
AI
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security Affairs
P
Palo Alto Networks Blog
S
Secure Thoughts
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Attack and Defense Labs
Attack and Defense Labs

Compliance Solutions for Websites, Apps and Organizations | iubenda

AI can build your website. It can't manage your consent. | iubenda Browser signals and machine-readable consent: what they are and what the EU’s Digital Omnibus could change California Consumer Privacy Act (CCPA): Complete Guide How to increase your cookie banner opt-in rates: 5 mistakes to fix today | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #153) Why your consent management setup is a marketing performance question Everything you need to know about GDPR The redesigned cookie banner and configurator What nobody tells you about handing over the company you built European marketers are betting on retention. Privacy could be the edge they’re not using yet. The 5 best alternatives to Didomi in 2026: Pros, cons, pricing, and comparison Looking back on 15 years: what iubenda's founder would tell his 2011 self | iubenda The best cookie policy generator in 2026 DPO Newsletter: Global Data Protection & Privacy News (issue #152) | iubenda What publishers should expect from the EU’s Digital Omnibus proposal Uncertainty is the biggest blocker to AI adoption in marketing | iubenda Everything AI app builders need to know about vibecoding and privacy compliance | iubenda Introducing 1-Click Embedding for Google Tag Manager The Essential Small Business Terms and Conditions Template: What You Need to Know Terms of Use Template | iubenda IAB Europe Raises Concerns Over GDPR Procedural Regulation Draft Report | iubenda Learn from HelloFresh's Costly Mistake: Ensure Compliance with iubenda | iubenda Understanding the Spanish DPA Guide on Audience Measurement Cookies | iubenda The Austrian Data Protection Authority's FAQs on Cookies and Privacy | iubenda DPO Newsletter: Global Data Protection & Privacy News (issue #127) | iubenda Microsoft Ensuring European Data Stays Within the EU Cloud Boundary | iubenda Businesses Beware: ICO’s Record £14.3m in Fines for Data Misuse in 2023 Understanding the Risks and Responsibilities of Model-as-a-Service Companies in AI Development Facebook's New “Link History” Feature: A Blend of Convenience and Surveillance? | iubenda OpenAI’s Strategic Move in the EU: Aligning with Data Privacy Regulations TikTok Faces Lawsuit Over Tracking Non-Users What’s the Digital Markets Act (DMA) and how will it affect you? | iubenda Simplifying Cookie Consent: The European Commission's Approach | iubenda Google Settles Landmark Privacy Lawsuit for $5 Billion | iubenda Navigate GDPR Compliance with Confidence: Lessons from Recent Fines in Italy Simplifying the Commission's New Reporting Template for Digital Market Gatekeepers | iubenda Understanding the GDPR Complaint Against X (Twitter) for Illegal MicroTargeting | iubenda Spanish Media Giants Take On Meta in a Groundbreaking $600 Million Lawsuit | iubenda DPO Newsletter: Data Protection & Privacy News (issue #126) | iubenda Belgian DPA Mandates Cookie Banner Changes for Major Media Websites | iubenda UK's Top Websites Warned by ICO to Revise Cookie Practices | iubenda Understanding the European Union's Data Act | iubenda Google Announces Consent Mode v2 – here’s what it means for your business and advertising Noyb Challenges EU Commission Over Controversial Ad Campaign | iubenda OECD Updates AI Definition: A Step Forward in Shaping EU’s AI Law Firefox To Introduce Simplified Global Privacy Control Berlin Court Cracks Down on LinkedIn’s Privacy Violations The YouTube Ad Blocker Controversy: A Test of the ePrivacy Directive? | iubenda DPO Newsletter: Data Protection & Privacy News (issue #125) Facebook and Instagram Subscription: Meta adds a paywall | iubenda GDPR Violation: Lack of Transparency in Data Processing via Google Fonts Amazon Introduces AWS European Sovereign Cloud to Address EU Regulations | iubenda Texas New Data Privacy Law TDPSA: Everything you need to know How to Make Money with a Website Without Selling Anything Oregon Consumer Privacy Act: Overview | iubenda Google’s Move to Disable Third-Party Cookies: What Advertisers Need to Know IMY Fines H&M for GDPR Violations: A Closer Look EU Commission Requests Information from X Under Digital Services Act: What You Need to Know | iubenda Understanding California’s “Delete Act” and Data Broker Regulations TCF v 2.2 Initial Layer (Banner) Requirements | iubenda Grindr Faces €5.8 Million Fine: A Reminder on the Importance of GDPR Compliance | iubenda Newly Enacted Iowa Consumer Data Protection Act (ICDPA) | iubenda The Witch’s Brew of Privacy: A Halloween Tale of Compliance and Consequences IAB TCF 2.2 – What you need to do DPO Newsletter: Data Protection & Privacy News (issue #124) Blog Ideas That Make Money: How To Make Money From Your Blog + Examples | iubenda Maximize your Growth with Online Presence Management | iubenda Meta's New Pivot in Europe: To Pay or Not to Pay for an Ad-Free Experience? | iubenda Consumer Reports Launches Free ‘Permission Slip’ App to Protect Your Data | iubenda DAZN’s Access Request Saga Personal Brand Logo: How to Stand Out in a Crowded Marketplace UK-US Data Bridge: A New Era for Secure Data Transfers 7 Ways How to Promote Affiliate Links Effectively (And Boost Commissions) | iubenda Mastering LinkedIn Personal Branding: A Guide to More Opportunities Meta's New Approach: Pay for Your Privacy? | iubenda No Return, No Refund Policy Template & Guide GDPR in the US: a GDPR Checklist for US Companies Crafting a Niche with Branding and Identity Design | iubenda The Online Safety Bill: A Leap Towards a Safer Digital United Kingdom Understanding Google's $93m Settlement over Consumer Location Data Accusations | iubenda CCPA vs CPRA: Key Differences You Need to Know | iubenda How To Use Ecommerce Retargeting to Grow Your Business | iubenda PECR: Everything you need to know | iubenda How Mobile Apps Illegally Share Your Personal Data: A Deep Dive | iubenda Legal Spotlight: Privacy Concerns Surrounding OpenAI’s ChatGPT and Microsoft’s Involvement Legal Scrutiny Looms Over Transatlantic Data Deal: French MEP Takes Action Understanding the Digital Markets Act: A Comprehensive Guide Block AI Crawlers: Here’s How To Stop Your Site From Being Used for AI Training (OpenAI and Google Bard Irish Regulator Slaps $368M Fine on TikTok DPO Newsletter: Data Protection & Privacy News (issue #123) | iubenda The Privacy Pitfalls of Vehicle Data Collection: What You Need to Know | iubenda Twitter customer’s data on the menu for xAI models Update: Revised Swiss Privacy Law Takes Effect Fitbit and the GDPR Hurdle: What You Need to Know About Your Data Privacy | iubenda Terms of Service Template for your site | iubenda Senators Urge FTC to Investigate YouTube and Google for Violating Children's Privacy: What You Need to Google AdSense Requirements: Here's What You Need to Know | iubenda Users can’t opt out from marketing emails: FTC fines Experian $650,000 | iubenda DPO Newsletter: Data Protection & Privacy News (issue #122) | iubenda 7 Ways Business Process Automation Can Increase Your Profits
Privacy and Data Protection: What to Expect in 2023 | iubenda
Carla Gonzalez Cidoncha · 2023-01-11 · via Compliance Solutions for Websites, Apps and Organizations | iubenda
📢 Important Update: EU-US Data Privacy Framework Agreement Reached! 🌍🤝

In light of this significant development, we have updated our coverage to reflect the latest information. To stay up-to-date on the new EU-US Data Privacy Framework agreement and its implications, we invite you to read our latest article on the topic.

🔍 Discover the latest: EU to USA Personal Data Transfers Now Approved

Thank you for your continued support and trust in our coverage of important global issues!

2023 will bring many changes to the privacy and data protection landscape: new privacy laws will be enforced, there will be changes to old directives and new guidelines, new data privacy trends.

In this post, we’ll go over the main changes and trends to watch out for in 2023!

data privacy trends

In short

  • United States
    • California’s CPRA
    • Virginia’s VCDPA
    • Colorado’s CPA
    • Utah’s UCPA
  • Europe
    • Digital Services Act
    • Digital Markets Act
    • Data Governance Act
  • The EU-US Trans-Atlantic Data Privacy Framework
  • Switzerland
  • Canada
  • Brazil
  • Australia

United States 🇺🇸

Even though an all-encompassing federal law about privacy and data protection is still far away, the US privacy landscape will significantly change this year, with many new state laws coming into force.

California’s CPRA

On January 1st, 2023, the California Privacy Rights Act (CPRA) has officially become law and will be fully enforceable on July 1st, 2023.

The CPRA builds on the CCPA’s existing provisions, establishes new consumer rights, and adds new requirements for companies that gather personal data from California users.

The CPRA introduces also a different category of protected data: sensitive personal information (SPI). This poses new requirements for businesses. For example, a business that processes SPI must have a clear and visible link on its website labelled “Limit the Use of My Sensitive Personal Information”, that allows customers to limit this processing.

Virginia’s VCDPA

Alongside California’s CPRA, on January 1st, the Virginia Consumer Data Protection Act (VCDPA) has also come into force. Virginia has thus become the second state in the United States to enact a comprehensive data privacy law after California.

The VCDPA affects organizations that do business in Virginia or provide products/services to people in Virginia. In other words, your organization does not need to be located in Virginia to be affected by the VCDPA.

Virginia’s VCDPA grants users new rights regarding the collection and processing of their data and requires businesses to complete data security assessments when processing personal data for targeted advertising and sales, among others.

Colorado’s CPA

The Colorado Privacy Act (CPA) will come into force in July 2023. It will apply to legal entities that do business in Colorado or produce products or services that intentionally target Colorado residents.

Under the CPA, consumers will have enhanced rights in regard to their personal data. Some of the proposed rights include the right to opt out of:

  • targeted advertising;
  • the sale of personal data; and
  • certain types of profiling.

The Act also specifies the obligations that controllers must meet in relation to sensitive data.

Utah’s UCPA

The Utah Consumer Privacy Act (UCPA) will be enforced at the end of the year, on December 31, 2023. The law will apply to controllers or processors who conduct business in Utah or produce a product or service that is targeted to residents of Utah.

If compared with the previous laws, the UCPA takes a lighter, more business-friendly approach to consumer privacy, but it also gives consumers enhanced rights in regard to their personal data.

How to comply with the new US Privacy laws

These new laws introduce new requirements for organizations doing business in the US.

Complying doesn’t have to be a hassle!

If you’re using iubenda, all you have to do is:

  • select “Enable disclosures for users residing in the United States” within the Privacy and Cookie Policy Generator to activate the new US-specific clauses.
  • enable “US State Laws” within the Privacy Controls and Cookie Solution: the solution will auto-configure to meet the new US requirements allowing your users to opt out.

Europe 🇪🇺

In 2023, many new Acts that are now being discussed will be enforced in Europe. Let’s have a closer look at each one of them.

Digital Services Act

📣 Latest Update: August 31, 2023

Effective August 25, 2023, the EU’s Digital Services Act (DSA) now governs “very large online platforms” and “very large online search engines” that have more than 45 million active users in the EU. Under this new regulation, such companies must partake in yearly audits and actively combat disinformation. Non-compliance risks penalties, including fines that can reach up to 6% of a company’s worldwide revenue or even result in a ban. The full Act will be applicable to smaller websites starting early 2024. Big Tech is now under enhanced legal scrutiny, with obligations related to content safety, user targeting, and data sharing. In line with DSA obligations, Google has declared that it will provide targeted ad data to authorized researchers. There remains ongoing debate on whether these tech giants have sufficiently met EU regulatory standards.

The Digital Services Act (DSA) was published in the Official Journal of the European Union on October 27, 2022, and has gone into effect in mid-November. However, since many of its requirements will be fully enforced starting by 2024, during this year businesses will have to start complying.

The aim of the DSA is to set new rules to create a safer and more open digital space in the EU. For example, it enhances transparency online, restricts targeted advertising, bans dark patterns and much more.

Digital Markets Act

Alongside the Digital Services Act, the European Commission also issued the Digital Markets Act (DMA), which will start to apply as of 2 May 2023.

The DMA aims at regulating the activity of the so-called “gatekeepers”, i.e. organizations that operate as “core platform services” (app stores, search engines, social media platforms) and that have a great impact on their internal market.

Data Governance Act

The European Union’s Data Act, following its adoption by the European Parliament on November 9, 2023, is set to transform the digital landscape. Initially proposed by the European Commission in February 2022, this landmark legislation is poised to enhance fairness in the digital environment, stimulate competition in the data market, and make data more accessible for all, including businesses and individuals.

The Data Act will officially enter into force following its formal adoption by the Council. Most provisions will become applicable 20 months after this occurs. 

Currently, the Act is open for public comment for six weeks, allowing stakeholders to provide their input.

The EU-US Trans-Atlantic Data Privacy Framework

This year will most likely bring a new EU-US privacy agreement, which will make data flow between these countries easier.

In 2020, the Privacy Shield was invalidated after the Schrems II ruling. After almost two years of thorough negotiations, the European Commission and the United States have agreed on a new Trans-Atlantic Data Privacy Framework. The deal ensures that data transferred to the US is adequately protected, addressing the concerns of the Schrems II ruling.

In particular, the new framework will ensure that:
  • access to data by US intelligence authorities is limited to what is necessary and proportionate to protect national security;
  • US intelligence agencies will adopt procedures to guarantee that national security objectives do not disproportionately impact individual privacy and civil rights protection;
  • specific monitoring and review mechanisms will be implemented.

President Joe Biden has already signed an Executive Order to move the discussion further. Now the European Commission will have to issue an adequacy decision, which will finally legitimize data transfers between the EU and the US. The decision-making process could take up to six months.

Switzerland 🇨🇭

On January 1st 2023, the new Federal Data Protection Act (FADP) has come into force.

Switzerland has a law governing data privacy known as the Federal Act on Data Protection, which dates back to 1992 and was partially updated in 2019. The Swiss Parliament has now adopted a fully revised version of the law to be more in line with the GDPR. The intention is that it will match the privacy and security standards of the rest of the EU, even though it will maintain the original concepts and vary slightly in some areas.

This law applies to the processing of personal data concerning individuals by private individuals and federal agencies.
It does not apply to the processing of personal data by individuals for exclusively personal use.

Canada 🇨🇦

The current privacy law in Canada is the Personal Information Protection and Electronic Documents Act (PIPEDA). However, a new bill is being discussed in the House of Commons: Bill C-27, the Consumer Privacy Protection Act (CPPA). It will replace Part I of PIPEDA, which governs how the private sector handles users’ data.

CPPA will apply to any business that collects, uses, or discloses personal data in Canada or internationally.

The aim of the CPPA is to align Canada’s privacy legislation to international privacy standards, to ensure that the privacy of Canadians is protected and that businesses can benefit from clear rules as technology continues to evolve.

In short, the draft of Canada’s CPPA (Bill C-27) includes:
  • higher control and transparency about the handling of personal data;
  • a clear indication of users’ rights and businesses’ obligations;
  • the users’ freedom to transfer their personal data safely from one business to another; and
  • users will have the option to request the deletion of their information when it is no longer needed.

While the Bill is still a draft, we can likely expect that a definitive text will be ready by the end of 2023.

Brazil 🇧🇷

After the LGPD officially became enforceable in 2020, in 2022 the ANPD published new guidance on cookies and their use.

In 2023, we can then expect that the Brazilian Data Protection Authority (ANPD) will continue to align Brazil’s privacy framework to international standards.

Australia 🇦🇺

Australian data protection laws date back more than 30 years ago, with the Australian Privacy Act of 1988.

However, since in the past few months, there’s been a spike in data breaches, the government decided to implement some new rules and introduce the Privacy Legislation Amendment Bill 2022.

The Amendment Bill increases the penalties for repeated violations of the Privacy Act of 1988 and it also gives greater powers to the Australian Information Commissioner in the event of a privacy breach.

🚀

As you can see, privacy and data protection are always changing!

That’s why it’s important to be up-to-date with the latest news and data privacy trends.

Every week, our team collects the most interesting news about privacy and data protection and the latest data privacy trends and sends them directly to your inbox. It’s our DPO Newsletter, thousands of people have already signed up.

Don’t miss any updates: sign up now!

About us

iubenda

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com