It does not matter whether you sell clothing, software, or offer consultation services, one thing you need to do is take data protection seriously. This is a responsibility that no business can shy away from. 

With new rules and regulations cropping up all of the time, it is certainly not easy to stay on top of your requirements, but it is possible.

With that being said, below, we are going to take you through some of the different things that business leaders need to know about data privacy laws in 2022. However, do remember that things are always changing so this is something you need to keep on top of. 

Third-party cookies are going away

One of the first things that business owners need to know when it comes to data privacy laws in 2022 is that third-party cookies are going away. Third-party cookies are tracking codes that are created by a business other than yours and placed on the computer of a web visitor.

Social media networks and advertisers tend to utilize them for tracking users between sites so that they can create a robust user profile for targeted marketing purposes. This data will determine what adverts to create and where they are going to be most effective.

Third-party cookies make you feel like you are always being watched, and if hackers hijack cookies, they can pose a security risk. 

Under GDPR, cookies are viewed as personal data. GDPR will mandate that a site cannot store third-party cookies if they do not have a user’s explicit consent. 

Since then, we have seen a lot of major organizations make some changes, including Google. One of the most notable is that third-party cookies are no longer going to be supported by Chrome, as of mid-2024. 
In fact, they are not the first browser to do this. Firefox and Safari have been blocking third-party cookies for quite some time now. However, as Google Chrome accounts for 50.46 percent of the Internet browser market share in the United States, it is pretty significant to know that they are not going to support any type of third-party cookies anymore.

So, what businesses need to be focusing on now is first-party cookies. A first-party cookie is a code that is created and stored on the computer of the site visitor. The cookie can track data regarding the interaction they have had with your company. 

This data includes how often people visit your website, behavior on your site, passwords, and other basic analytics. 

With this data, your company can put together a targeted marketing strategy based on their interest in your website. You may know where viewers go once they have visited your website by tracking clicks, but you are not allowed to track behavior after they have left your site.

The CCPA has been updated with CPRA

As mentioned in the introduction, we are seeing rules and regulations being updated all of the time. A prime example of this is when the CCPA was replaced by the CPRA. If you have not prepared for CPRA, now is the time to do so, as it is going to come into effect on January 1, 2023. 

If you are not familiar with these regulations yet, they relate to data privacy in the state of California. If you are not based in California, you may assume that these laws do not apply to you. Think again.

If you have customers in California, whether it is one customer or 1,000, you need to take CCPA seriously and abide by the rules that are in place. 

While you may think that this is an inconvenience, it is only a matter of time before other states around the country start to take the same sort of action and implement rules of their own. So, you certainly won’t be ‘wasting your time’ by putting steps in place to follow the privacy rules.

Preparing for CPRA

As a business owner, you need to make sure you put steps in place to get ready for CPRA. One of the key differences is that the criteria for qualifying as a business has been updated. 

You will classify as a business if one of the following is applicable to you:

  • You have a yearly gross revenue of more than $25 million in the preceding calendar year
  • You buy, sell, or share the personal information of 100,000 or more households or consumers per annum
  • You derive 50 percent or more of its yearly revenue from sharing or selling consumers’ personal data

There is also a new category of highly protected data. These new requirements include:

  • Opt-in consent requirements after a previously selected opt-out
  • Opt-out recruitments for disclosure and use
  • Purpose limitation requirements
  • Updated disclosure requirements 

Aside from this, there are five consumer privacy and security rights that exist in CCPA that have been amended under the CPRA. These are as follows:

  • Right to data portability
  • Right to delete
  • Right to know
  • Right to opt-out of third-party sharing and sales
  • Opt-in rights for minors

It is important that you get up to speed and you put new data protection methods in place, as time is no longer on your side.

Momentum is gathering for state laws

To further elaborate on the state laws that are implemented and due to be enforced, we are seeing that there is already some movement when it comes to data and privacy across different states in the US. In Utah and Virginia, guidance has been issued about this. Furthermore, rules have been implemented in Colorado. This is only the start, so you need to keep on top of everything. 

When you consider the fact that the majority of online stores sell across the United States at the moment, this means that you need to adhere to all data privacy laws that are in place. While some states are not comprehensive in their privacy approach, such as Nevada, you are certainly not going to be doing any harm by protecting customers here, as well as in locations whereby it is necessary to do so, such as California. 

If you do not have security personnel in place already to handle the management of this, it is definitely advisable to do so. After all, it can be quite overwhelming. 

There are different laws per industry

In addition to the points that we have mentioned so far, it is also imperative for business owners to realize that there are different rules and regulations in place depending on the industry that you operate in.

Naturally, there are some industries whereby more stringent health and safety laws are required. So, it is important to keep on top of this.

A prime example of this is the health sector. The HIPAA law has been enforced in 1996 for the purpose of protecting US citizens and keeping their medical privacy intact. The regulations have been updated a number of times since, so you need to keep on top of them. 

GDPR is a main priority for business owners today

Last but not least, a recent study by Gartner indicated that 80 percent of companies are going to invest in solutions that are dedicated to safeguarding data privacy, rather than simply relying on a 360-degree strategy. 

The latter depends on obsolete data collection techniques that reduce consumer trust. Instead, you want to put solutions first that will not only enforce effective data security but will ensure that your customers are satisfied and trust your business as well. 

It is important to recognize that compliance with GDPR has a positive impact on an economic level as well. According to the Total Economic Impact (TEI) report from Forrester, companies that have made an investment in data security have encountered a return on investment of 152 percent, and their investment costs have been recouped in less than six months.

Keeping up-to-date with data privacy laws in 2022

So there you have it: an insight into some of the main data privacy laws that you need to be up to date with in 2022. It is imperative to make sure that data security is a priority of yours. It is not something you can simply address once per year and then never look at again.

Data laws are changing all of the time, and you have a responsibility to keep your customers and website visitors safe. So, make sure that data privacy is not only a priority of yours throughout 2022, but the years ahead as well.