3 Privacy Trends for 2024: Data Brokers, Privacy for Profit, and PETs

As we sail into another year, a familiar refrain comes to mind: 2024 will be a landmark year for privacy. Familiar as it is, it should come as no surprise that I (and the industry as a whole) keeps coming back to this idea. 

Between 2018-2022, only five states had passed comprehensive privacy laws. In contrast, seven states (Delaware, Indiana, Iowa, Montana, Oregon, Tennessee, and Texas) passed comprehensive privacy laws in 2023.

And those are just the “comprehensive” laws i.e. they provide a broad array of consumer rights and apply new requirements to a large swathe of businesses. In 2023, we also saw the passing of the Florida Digital Bill of Rights, California’s DELETE Act, and Washington’s My Health My Data Act—all formidable laws in their own right. 

2024 shows no signs of slowing.  

The year opened with a comprehensive privacy law passing the legislature in New Jersey, strong words from the FTC on the use and protection of DNA data, and a historic FTC enforcement action against data broker Outlogic, formerly known as X-Mode Social. All this movement, and it’s still only January!

I cannot overstate the importance of all-in-one technology that addresses this growing legislative patchwork by operating on company data at the code level. The trends we’ve seen in years past are only accelerating. 

As more states pass, not just comprehensive privacy laws, but narrow legislation that focuses on children’s privacy, data brokers, and hopefully, the growing concept of privacy-for-profit—the pressure to find solutions that support compliance, while saving resources in an unsettled market is only going to grow. 

All of this in mind, these are my top three privacy trends for 2024. 

1. Increased regulatory focus on data brokers

2. Privacy-for-profit i.e. charging users to respect their privacy

3. Evolution in privacy enhancing technologies (PET)

Data brokers were a mainstay in 2023 headlines. Three states—California, Texas, and Orgeon—passed new legislation, with California’s DELETE act drawing significant attention after its passage in October. 

Introducing fresh registration and disclosure requirements for data brokers, the DELETE Act also established a one-stop-shop mechanism for consumers looking to delete personal data held by data brokers. Under the act, consumers may also request a freeze on future data collection.

But 2023 didn’t just see new legislation in this area, it also saw significantly more public attention than in years past.

• One study revealed that data for U.S. military members was being sold for as little as $0.12 per record. 

• Another investigation found that consumer data for sale is often more detailed than the public is aware—brokers can and do sell data sets on sensitive professions such as judges, national security personnel, and elected officials. 

• In another incident, researchers accessed visitor data to Trump’s Mar-a-Lago from their couch, easily identifying at least one visitor with a simple cross reference on Google and social media. 

That was just 2023. 

2024 opened with an unprecedented settlement between the FTC and data broker Outlogic, formerly known as X-Mode Social. In this settlement, Outlogic was barred from further sales of “sensitive location data” and compelled to delete any data acquired illegally. Though experts have mixed views on what this settlement means for the future, the macro message is clear—regulators have set their sights on data brokers.

Another trend that’s continued to gain momentum is the concept of privacy-for-profit. 

The most pressing and high-profile example here is Meta’s move to roll out a subscription based service in the EU. In short, users who pay enjoy greater privacy protections and an ad-free version of Facebook. Those who don’t will be tracked, profiled, and served targeted ads.

Privacy rights groups, chief among them noyb, have rallied against the plan—arguing the subscription fee is extractive and out-of-proportion to the amount of ad revenue derived from each user. These groups also argue that if this strategy goes unchallenged, it could cause a domino effect. Apps and online services everywhere could begin to put a dollar amount against user privacy—limiting what should be a fundamental right for all to the wealthy. 

Meta isn’t the only example of this tactic. In Japan, one hotel is offering $1/night accommodation for guests willing to have their entire stay (minus trips to the bathroom) live streamed for anyone who wants to tune in. 

Though happening on a smaller scale, this idea presents similar issues as Meta’s subscription proposal: privacy as a privilege of the wealthy and potential for a troubling domino effect. 

As Meta continues to work through legal challenges to its proposal, I’ll be interested to see how this trend plays out in 2024. 

Even as tech giants and data brokers erode digital privacy at a startling pace—it’s not all doom and gloom. As a direct response to this trend, a counter-movement has emerged: the rise of increasingly powerful privacy enhancing technologies (PET). The three that interest me most going into 2024 are…

Differential privacy is system for publicly sharing information by describing the patterns of groups within a dataset, while withholding information about the individuals in the dataset. This technique adds random noise to the data to ensure individual privacy isn’t compromised—allowing maximum data accuracy with minimum risk of identification.

An idea that gained more traction in 2023, decoupling refers to (as the name suggests) splitting information between its purposes—allowing cloud services to access only what they need to complete a specific task. For example:

• If Joan buys a textbook from Amazon, her bank could guarantee the payment, but wouldn’t know what she’s buying. 

• An intermediary would decrypt the details of her order (the textbook) but wouldn’t know the identity of who was making the purchase. 

• With data about the order from the intermediary and payment from the bank, Amazon would fulfill the order.

So far this concept has only been applied in niche settings, but it shows promise for wider application on the large-scale protection of user privacy.

This is a cryptographic method where a given function is computed in a distributed manner. Despite multiple parties being involved, the inputs from each participant remain private. This assures that while aggregate data can be analyzed, individual data remains confidential.

Privacy moves and evolves constantly. That’s a big part of why it’s such a fascinating field to build for—there’s always a fresh challenge to solve.

With 13 state privacy laws on the books, and several more in the hopper, 2024 is the year companies need to focus on finding all-in-one solutions that support compliance without straining internal resources more than they already are.

As regulatory scrutiny for data brokers heats up, privacy-for-profit is tested as a commercial strategy, and new PETs emerge and evolve, I’m excited to jump into a brand new year and hope you’ll come along for the ride as we continue to build the future of privacy. 

Transcend is an all-in-one platform for modern privacy and data governance. Encoding privacy at the code layer, we provide solutions for any privacy challenge your teams may be facing—including getting you ready for the latest privacy trends and challenges in 2024.

From Consent Management, to automated DSR Fulfillment, to a full suite of data mapping solutions (Data Inventory, Silo Discovery, Structured Discovery, and more), Transcend has you covered as your company grows and evolves in a swiftly changing regulatory environment.