Privacy was a major topic of conversation in 2022 — beyond just keeping personal data out of the hands of cybercriminals. Privacy now ties into many adjacent areas, including Zero Trust security, antitrust concerns, usage of services provided by "Big Tech," and biometric authentication. As the conversation around privacy progresses beyond a focus on security infrastructure and best practices for preventing data breaches, regulations are working to catch up.
In 2023, the larger implications of privacy — including the ethics of using artificial intelligence (AI) and biometrics, the management of consumer-to-business relationships, and public issues such as consumer protection — will become much clearer through regulatory and legal action.
With today marking the start of Data Privacy Week, and ForgeRock proudly championing the cause, it's an ideal time to explore what to expect now and in the future in the evolving world of data privacy.
A Whole New World of AI, Consent, and Personal Data Management
What if AI could be used to power user consent, making life easier for individuals and businesses alike by enabling "smart" choices at the right moments? Offering personal data controls through AI could turn the tables on ethical concerns about this technology. A challenge is that privacy regulations typically expect consent to be concrete — explicit and specific to a purpose — and they look askance at automated data processing.
This is where the new UK General Data Protection Regulation (GDPR) offers hope. This bill allows for "automatic consent," which opens the door to more abstract forms of user permission that can smartly bundle up related usage patterns for consent and make it easier to manage consent in IoT environments, such as home automation and connected cars.
As organizations navigate the complex new world of AI, we recommend the following best practices to remain compliant and bolster data privacy measures:
- Make user permissions for initial data sharing necessary and meaningful. That means letting people choose – and change their minds – without constraints or pressure. Allowing people to make consent decisions at times far removed from critical data-sharing moments and offering dashboards for monitoring and revoking consent help to make consent more meaningful.
- Enable data permissions that usefully anticipate the user's intentions. It may be impossible for an individual to say "yes" or "no" honestly to each request for data collection in the course of an average day, particularly when interacting with smart devices. Being asked for consent for a new purpose of use while in the middle of navigating one's car, for example, could be an extremely dangerous experience. Therefore, identity and access management (IAM) technologies and other systems must generalize rules for permissions and anticipate the user's intentions. This is where AI-first data management will derive new consents based on previously granted permissions, or by offering users simplified consent options that will justify actions for related permissions.
- Design AI-enabled permission experiences that can grow as the data collected about the user grows. Permissions need to scale so that the sheer amounts of data collected and generated by users, services, and devices can be automated and empower users to make more informed choices about the use of their data.
What's Next? Data Privacy Takes Center Stage in 2023 and Beyond
With the new year officially upon us, and with data privacy finding common cause with trends such as Zero Trust security, consumer protection, and even Web3, we're predicting that privacy makes dramatic inroads as a motivator for every organizational stakeholder, enabling solutions that address multiple problems at once. Here are some predictions about these adjacent areas:
- More passwordless authentication: As organizations take advantage of digital wallets for payment, biometric authentication, and passwordless authentication, we can expect to see more pressure on technologists to adapt. They must ensure high authentication assurances in every user journey, while keeping the customer experience within and across channels seamless.
- Decentralized identity will get a boost: This year, decentralized identity will solidify its role in society as wallet technology becomes more broadly adopted for identity purposes. This will open up opportunities both for strong, passwordless authentication to merge with wallet tech and for better methods for user control of personal information.
- AI at the heart of identity: In 2023, we'll see increased adoption of AI to secure identity and access management. AI, when made explainable and when appropriately paired with human oversight, has the potential not only to make identity safer for consumers and employees, but also to improve the lives of the cybersecurity professionals who must make sense of massive amounts of data.
Let's make 2023 the year enterprises step up to become leaders in privacy — to compete, not just comply, and take proactive action to better secure and respect the personal information in their custody.