Even those not working in or closely connected to the tech industry have likely heard of the EU’s General Data Protection Regulation and the California Consumer Privacy Act, one of the first state-level laws of its kind in the U.S. These two high-profile regulations are intended to protect citizens’ data and privacy in an increasingly digital world.
While they may be the vanguard of global tech-related legislation, GDPR and CCPA are not comprehensive, and they won’t be the only tech-related laws global companies will need to comply with. New and proposed laws—some narrowly focused and others more wide-reaching—may soon impact the way businesses operate. Below, 13 members of Forbes Technology Council discuss several tech functions and existing laws that may soon face additional government oversight.
Members of Forbes Technology Council talk about tech areas, functions and laws facing new or potential government oversight.
Photos courtesy of the individual members.1. AI And ML
Artificial intelligence and machine learning have started to become mainstream. However, there are a lot of unsolved questions about their efficacy and bias. Some states in the U.S. have already established regulations around the use of such AI. I believe federal regulations around the use of AI are coming, and they will significantly impact the way companies involved in everything from data capture to building driverless cars do business. - Ashish Fernando, iSchoolConnect
2. Data Mobility
There is a growing regulatory movement around the mobility of data. This would have a tremendous impact on the public cloud. The concept here is that, due to a variety of reasons (some technical, some economic), data quickly becomes “locked” in the public cloud where it resides. Egress fees are a good example. If this changes, the multicloud will explode as enterprises are free to move their data. - Garima Kapoor, MinIO
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
3. Caller ID
Under new Federal Communications Commission rules, known as STIR/SHAKEN, telecommunications providers will be required to implement caller ID authentication by June 30, 2021. In combination with the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act, these regulations will help protect customers from illegal robocalls. All businesses using the phone to communicate with their customers will need to adapt. - Richard Rosen, Fastcall
4. Cybersecurity Risk Management
The Securities and Exchange Commission has proposed a new rule for public companies titled “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure.” With the increasing focus on cybersecurity, companies should have policies and procedures in place now to manage cyber risks and report on security incidents. These rules will also ensure that CISOs have board-level visibility going forward. - Peter Lund, Industrial Defender
5. User Data And Content Oversight
Recently, the European Union announced the Digital Services Act. It includes regulations on how tech companies handle user data and police content on their platforms. This measure will have a tremendous impact on tech giants such as Alphabet and Meta, since it would require them to open up their platforms and set tougher restrictions around how they attract users and sell their data (for example, for ads). - Alexander Weltzsch, Dealcode GmbH
6. Digital Payments And Cryptocurrency
Money is going digital, whether it is bitcoin or some type of stablecoin, and regulations will follow. Such laws will require adjustments to all types of billing and payment systems for virtually every company that is not a nonprofit—and for many nonprofits as well. - John Gunn, Token
7. U.S. To EU Data Transfer
The newly announced data-sharing pact between the U.S. and the EU, developed to allow data transfer in accordance with GDPR, will need to be watched carefully. Its predecessor, Privacy Shield, was struck down by a European court in 2020, leaving software and AI firms in limbo. Time will tell if this provides a more reliable, trusted way for large companies to move and use data to do business. - Tim Guilliams, Healx
8. Online Retail
The South Dakota v. Wayfair ruling is having a significant impact on many online marketplaces. Marketplace operators now have to file and pay taxes in any state they are doing online business in over a certain revenue threshold. Additionally, marketplace sellers now have to file a Form 1099-K if they are selling more than $600 online. - Ryan Lee, Nautical Commerce
9. Cybersecurity Breach Reporting
Legislation requiring organizations to disclose cybersecurity breaches to federal agencies within 24 hours is moving forward. Because forensic investigations often take longer than that, companies will need threat detection and response plans to reduce the time to detect, respond and notify to help mitigate business risk and avoid potential penalties. - Lyndon Brown, Pondurance
10. Medical Device Cybersecurity
The PATCH Act is a proposed bipartisan bill to address cybersecurity requirements for medical device manufacturers. Manufacturers would be required to maintain updates and patches throughout the lifecycle of their devices, including post-market. Also, a software bill of materials would be needed from manufacturers to ensure that it is easier to monitor vulnerabilities and licenses. - Will Conaway, The HCI Group/Tech Mahindra
11. Digital Invoicing
Digital invoicing and compliance with Peppol may significantly affect companies soon. The Peppol framework enables the exchange of electronic invoices via a common delivery network, which is faster, more cost-efficient and more reliable than paper and emailed PDF invoices. Governments worldwide are establishing e-invoicing mandates, with many choosing Peppol as the framework to do so. - Szilvia Horvath, ELO Digital Office Corporation
12. GDPR And CCPA
General Data Protection Regulation and the California Consumer Privacy Act are still evolving. Major changes are being considered and will be considered for a while. These changes will impact your business. Certainly, they will impact your lives as consumers. Privacy issues and their regulation are most definitely here to stay. - Olga V. Mack, Parley Pro
13. U.S. State-Level Privacy Acts
Individual state privacy acts are ramping up, with Virginia, Colorado and New York following California’s lead. As a result, businesses need to get used to GDPR-level privacy requirements for everyone. Get ahead of the trend. Begin the process to define GDPR-level privacy controls now, even if you think they won’t apply to your business or customers—because, in time, some version of them will. - Dave Karp, Comodo
