DeleteMe’s Privacy Predictions for 2022

Each year we look at trends in the online landscape over the recent past and try to look for ‘what’s going to change in regard to online privacy issues in the coming year’. Based on what we’ve seen over 2020 and 2021, as well as our recent internal research¹, 2022 is looking to be a very interesting year, with a number of new developments that privacy-minded people and companies should be aware of.

To start, 2020 and 2021 brought a lot of big, new privacy issues to the table:

• Millions of people shifting work and social lives online ² due to covid, consequently driving a boom in PII-driven consumer fraud and an explosion in cyberattacks on business (better social engineering being used to enable ransomware attacks).
• Major tech platforms making significant changes to how they (at least superficially) address consumer privacy concerns ³ causing major disruptions in the ad-tech industry, gutting some of its most-valuable resources for tracking consumers, and whose future is still in flux. They also implemented new (and in cases, invasive) tech features that create entirely new privacy risks.

The promise of new approaches for privacy regulation ⁴ of big tech; which, while it hasn’t yet materialized at the Federal level (despite many attempts) has grown rapidly at the state level ⁵ and internationally, and made navigating the growing complexity of the regulatory landscape a growing concern.

With all these different issues still in play, how will things change in 2022? Here are DeleteMe’s privacy predictions for 2022:

1.       PII exploitation will continue to get more sophisticated

• DeleteMe agrees with Identity Theft Research Center’s idea about a shift from ‘identity theft’ to ‘identity fraud’ ⁶; the distinction is subtle, but ‘theft’ of individual personal identifying details isn’t the problem anymore as much – it’s taking advantage of new ways to use it – often in bulk – targeting institutions and systems ⁷ rather than fleecing individuals; tho, that too will evolve.

 2. ”Digital ID”, both at the State and Federal level, will advance; it may be sold as a solution to online personal information risks in the absence of progress on comprehensive privacy legislation, but may simply concentrate identity-abuse risks ⁸.

• The digital driver’s license is already underway in a few states ⁹; ‘Health ID’s’ are being discussed at federal level ¹⁰; and ‘identity wallets’ are starting to emerge as preferred methods of authentication over the stopgap of two-factor-authentication, which, while ‘better than passwords alone’, already show exploitable cracks ¹¹.

3.       The Cookie is Dead: Long Live the (new) Cookie

• The AdTech industry will by necessity develop new technologies and workarounds for continued consumer tracking ¹², and while major tech platforms will pat themselves on the back for their newfound ostensible sensitivity to consumer privacy, it will increasingly become clear we’re all still being tracked, just in new ways ¹³…. Which may incidentally lead to…

4.       Global Privacy Control becoming more widely adopted by consumers

• Hopefully, by end of 2022, integrated into all the largest browser platforms ¹⁴. Everyone is completely sick of website ‘cookies permissions’ and having to re-state your preferred tracking options repeatedly.  Adopting a single, universal standard where people ‘set and forget’ their privacy options will make online life easier for everyone.

5.       A boomlet in the consumer privacy-compliance industry.

• With laws like California’s CCPA/CPRA coming full online in the 2023, and many similar new laws popping up around the country, many companies will be scrambling at the last minute to ensure compliance ¹⁵, while also preparing longer term for potential structural changes, like new FTC rulemaking which could upend some previously accepted (if dubious) data-use practices.

What we know won’t change: data breaches will continue to grow; consumer PII will still be a valuable commodity for both the tech industry and threat-actors; and weaknesses in the overly complex way we live our lives online will continue to pop up.  And DeleteMe will still be here to help people limit unwanted participation in the PII marketplace.

References

1. More Data, Less Privacy: DeleteMe’s 2021 Personal Identifiable Information (PII) Report
2. Change in remote work trends due to COVID-19 in the United States in 2020
3. Apple and Google Are Killing the (Ad) Cookie. Here’s Why
4. One year after Schrems II, the world is still waiting for U.S. privacy legislation
5. The State of Consumer Data Privacy Laws in the US (And Why It Matters)
6. The Fraudian Slip Podcast: Sentilink – ITRC 2022 Predictions
7. Brady: $400 Billion in Stolen Unemployment Benefits Is Greatest Theft of American Tax Dollars in History
8. Digital IDs Are More Dangerous Than You Think
9. Your driver’s license could soon live on your phone. Here’s what you should know.
10. Idea of national patient IDs revives privacy fight
11. Hackers Are Getting Better and Better at Defeating Your 2FA Security
12. After Cookies, Ad Tech Wants to Use Your Email to Track You Everywhere
13. Personal Data Is Worth Billions. These Startups Want You to Get a Cut.
14. Mozilla Firefox joins browsers implementing Global Privacy Control
15. The Companies Benefiting From Fragmenting Internet Privacy Rules