TikTok, WhatsApp, SnapChat and the multimillion-dollar Meta Fine.
With so many privacy laws emerging in 2023, it’s time to take a look at where your business stands. Are you compliant with all of them? If you have a website, collect, process, or manage user data, you should be informed of what’s coming up.
End users could visit your site from anywhere. And even if they’re using a VPN to mask their location, you are still obligated to comply with state and global laws.
What if someone is using a VPN and their location information is false?
This would be a problem if you didn’t have a Consent Management Platform (CMP) to do the work for you. It’s nearly impossible to track all of your site users' consent – and the fines are just around the corner.
For instance, if someone shows their location in Brazil and your business is located out of Colorado, you’ll still need to comply with the laws that apply to both of those regions. Simply because a user is using a VPN does not mean you are exempt from the law where they are actually located.
By tracking and managing all of your users’ consent and preferences, you’ll be able to easily show that your website or business is in compliance to the best of your knowledge. As you read on, you’ll see that fines for non-compliance become higher and higher if they are willful.
What privacy laws are changing? What should I know?
On January 1, 2023, many changes are being made to existing privacy laws and new ones are being enacted. That’s going to get even more intense in the middle of the year when more laws come into play. Law makers are cracking down, and business owners need to pay attention.
Take a look at:
California Consumer Privacy Act (CCPA)
California Privacy Rights Act (CPRA)
Virginia Consumer Data Privacy Rights (VCDPR)
General Data Protection Act (GDPR)
Brazilian Lei Geral de Proteção de Dados Pessoais (LGPD)
These are just a few. In 2018 when data privacy laws began being strongly enforced, it was difficult to navigate what the changes were. Now, it’s been a few years and there are more measures in place for businesses to understand how they can comply, and why.
What’s happening to businesses that haven’t complied with privacy laws?
Facebook was recently sued by the GDPR for non-compliance. This isn’t their only lawsuit, but it’s the most expensive one yet! This fine was levied by the Irish Data Commission, but it was performed based on rules under the GDPR. Facebook IDs, phone numbers, and other personally identifiable information were sold to third parties.
Strangely enough, these occurrences seemed to happen in regions where the population was low, and resources were difficult to come by from residents and end users.
This has led to an overall ban on Facebook/Meta targeted ads in Europe. Arguably, something that could have been avoided if the company had responsibly managed consent preferences from the very beginning.
WhatsApp is under fire for sharing information even though they promised users end-to-end encryption. This impacted financial institutions (such as CitiBank and its internal communications) and more.
SnapChat is nearly obsolete, but the company did make a simple change that helped them comply with laws. The mistake they made came at a cost of nearly $35M. By disrespecting their users’ privacy and taking biometric and personal data, they got in very big trouble.
TikTok is receiving more and more attention for their lack of privacy concerns. Now that minors are involved and new laws are being invoked that specifically speak to minor data privacy, things are starting to heat up.
Healthcare apps have been sharing data from customers to law enforcement. As laws change in different states and regions around the USA, that’s becoming a huge problem. Making a post on Facebook or simply doing a Google search could land some families in hot water. Please note: this information is not protected by HIPAA.
A new Federal Act on Data Protection FADP) has been signed in Switzerland. It’s going into law in September of 2023. This law protects natural Swiss citizens the right to control and manage where their data is going. It also makes provisions for biometric and genetic data that further keep people safe.
The Privacy Rights Act of 1988 enacted in Australia has been outdated for some time. Now, new provisions are being made. This includes personal right to data, personal right to opt in or opt out, and the right to correct or delete incorrect information.
How can my business stay compliant?
A Consent Management Platform (CMP) can be an immense relief. Not only will you have peace of mind regarding compliance with changing laws, your customers and website visitors will have transparency and choices as to where their data is going and how it’s being used.
Try out the Adzapier CMP – free for 14 days – and get a complaint within 30 minutes. All you have to do is talk with one of our privacy experts and they’ll guide you right through the process. Not only will you have the records to show that you’ve been compliant, but you’ll be also able to prove to your customers and end users that you have their users’ data privacy in check.