Skip to content

Privacy

Privacy News Highlights from 2024

December 6, 2024

Privacy is not only a legal and moral obligation but also a competitive advantage for organizations that value trust. Rapid regulatory changes, groundbreaking legislation, and unique enforcement actions all impact how businesses collect, retain, and process data. By staying ahead of emerging trends, privacy professionals can ensure compliance, avoid costly penalties, and build trust within their industry.

Privacy issues continue to dominate the global stage in 2024, as legislation, data breaches, and AI applications shape conversations in boardrooms and government meetings alike. For legal teams, privacy advocates, and professionals, staying informed is critical—not just to maintain compliance but to proactively manage risks and protect both organizational and consumer interests.

This post focuses on four major trends and events in privacy this year and what lessons they hold for professionals working in the space, but if you'd like to learn about 10 of the most impactful privacy events of 2024, download our 2024: The Year in Privacy whitepaper.

Major Privacy Highlights from 2024

1. European Policymakers Finalize Comprehensive AI Regulation

The European Union’s long-anticipated AI Act was finalized on December 8, 2023, setting a global standard for governing artificial intelligence.

Key Provisions

  • Unacceptable Risks: Practices like real-time biometric identification in public spaces and social scoring are banned entirely.
  • High-Risk Applications: Sectors like healthcare, education, and law enforcement face stringent requirements for transparency, quality, and security.
  • General AI Oversight: Generative AI models such as ChatGPT are subject to transparency rules and impact assessments.

This groundbreaking legislation will go into effect in 2025 and includes significant penalties, up to 7% of global turnover or €35 million, for violations.

Lesson: Companies must evaluate how their AI tools comply with emerging international regulations. Governance frameworks should integrate transparency, ethical considerations, and proactive monitoring.

2. FTC Secures a Landmark Ban on Geolocation Data Sales

The Federal Trade Commission (FTC) took monumental steps in January 2024 by securing the first-ever ban on the sale of sensitive geolocation data. This action targeted data broker X-Mode Social (rebranded as Outlogic) after it sold consumer data linked to sensitive locations such as reproductive health clinics and domestic abuse shelters.

Settlement Outcomes

  • X-Mode was required to delete all previously collected location data unless voluntarily consented to by users.
  • The company must ensure its data cannot be used to identify individuals' sensitive activities.
  • Consumers were given tools to withdraw consent or track data-sharing activities.

Lesson: The FTC’s action signals intensifying federal scrutiny over the handling of sensitive consumer data. Privacy teams are advised to adopt stringent data retention policies and ensure transparency in data collection and usage practices.

3. FCC Fines Wireless Carriers $200 Million for Sharing Geolocation Data Without Consent

Major wireless carriers, including AT&T, Verizon, Sprint, and T-Mobile, faced collective fines of over $200 million for selling customer geolocation data without proper consent. The Federal Communications Commission (FCC) identified systemic failures in ensuring compliance with privacy agreements, despite consumer objections.

Notable Violations

  • Real-time location data was sold to entities such as bounty hunters and bail bond companies.
  • Carriers failed to enact safety measures or adequately enforce downstream consent agreements.

The FCC characterized this as a critical breach of trust.

Lesson: Organizations must ensure enterprise-grade consent management systems are operational and effective across their extended partner networks, especially for sensitive data like geolocation.

4. Colorado Enacts Groundbreaking AI Governance Law

Colorado set the stage for AI regulation at the state level with its AI Accountability Act, targeting high-risk AI systems like those used for education, employment decisions, or financial reporting. This law creates obligations for both the developers and the deployers of these systems.

Key Obligations

  • Developers must prevent algorithmic discrimination and provide comprehensive documentation about the AI model's design, capabilities, and risks.
  • Deployers are required to establish detailed risk management policies and ensure these are actively maintained throughout the system's lifecycle.

The law aligns with global trends, particularly the EU’s AI Act, and introduces harsh penalties for non-compliance.

Lesson: AI-specific laws are no longer theoretical; they are here and enforceable. Organizations must adopt comprehensive risk assessments and transparency strategies to remain compliant and competitive.

Key Lessons Learned

  1. Stay Ahead of Regulatory Trends: Laws like the EU’s AI Act and Colorado’s accountability requirements highlight the need for global organizations to implement proactive governance strategies. By focusing on compliance across jurisdictions, organizations can reduce operational risks and promote trust.
  2. Prioritize Transparency and Consent: Regulators are doubling down on transparency. Companies must ensure clear communication of their data policies and maintain robust mechanisms for achieving—and managing—user consent throughout the data lifecycle.
  3. Adopt a Risk-Based Framework: From AI applications to consumer data handling, organizations should conduct regular risk assessments to identify and address vulnerabilities. A detailed asset inventory and lifecycle management policies can mitigate compliance challenges and unexpected enforcement actions.
  4. Invest in Privacy as a Competitive Edge: Compliance is no longer entirely reactive. Companies that build privacy-centric practices into their operations will stand out to customers and partners, gaining both trust and a first-mover competitive advantage.

Final Thoughts

2024 has set a precedent for privacy regulations, enforcement actions, and governance best practices. Whether your organization is grappling with AI governance or data retention policies, it’s clear that privacy must remain a high-priority issue. For privacy professionals, the key is not just staying informed but implementing the lessons learned into actionable plans.

To get deeper insights or consult on tackling organizational privacy challenges, download our whitepaper, 2024: The Year in Privacy today!

Sign Up for Alerts

Get notified when new content for specific topics is available.

Sign Up