In 2024, the world witnessed unprecedented strides in data privacy and AI governance. Governments, regulatory bodies, and businesses grappled with the challenges of safeguarding personal information and ensuring ethical AI practices in an increasingly digital landscape. From state-level privacy laws in the United States to global milestones like Australia’s Privacy Act reforms, this year marked a pivotal shift in how privacy and technology intersect.

As the year closes, it’s clear that the evolving regulatory landscape is reshaping the responsibilities of organizations and the rights of individuals.

The Nebraska Data Privacy Act Becomes Law

In January, Nebraska took a major step toward protecting consumer privacy by enacting the Nebraska Data Privacy Act. This law mirrors many aspects of the California Consumer Privacy Act (CCPA) but with some notable differences tailored to Nebraska’s needs. It enhances data subject rights, imposes strict obligations on businesses, and marks another state taking charge in the absence of a comprehensive federal privacy law.

This development reflects a growing trend of states independently addressing data privacy concerns, setting the tone for a busy legislative year.

A Wave of New State Privacy Laws

By March, several U.S. states had passed or proposed their own privacy laws, expanding the regulatory patchwork across the country. States like Indiana and Iowa introduced legislation focusing on consumer rights, data security, and transparency, continuing the momentum from 2023.

This surge in state-level action has highlighted the urgent need for businesses to stay agile and proactive in meeting varying compliance requirements. Notably, these laws emphasized stricter timelines for breach notifications and broader definitions of “personal data,” pushing organizations to refine their data management practices.

American Privacy Rights Act (APRA) Makes Some Headway

The American Privacy Rights Act, a bipartisan bill introduced in April 2024, was the most recent attempt by US lawmakers to pass a federal privacy law. The law gained significant traction for a while. But after spending weeks in committee and undergoing multiple controversial revisions, the bill lost much of its initial support. It was eventually shelved in late June. The ongoing lack of a federal privacy law prompted state governments to continue implementing their own.

The Rise of State AI Laws

AI governance gained significant traction in May as states began introducing laws to regulate artificial intelligence. These laws are designed to ensure transparency, prevent discriminatory outcomes, and establish accountability for AI-driven decisions. For instance, New York’s AI transparency rules require companies to disclose when automated systems are used in hiring or lending decisions.

This trend underscores a broader acknowledgment that AI’s potential benefits must be balanced against its risks, signaling a paradigm shift in technology regulation.

EU AI Act Gains Traction

The EU AI Act, introduced earlier, reached a critical milestone in June. Designed to be the world’s most comprehensive AI regulation, it classifies AI systems based on risk and imposes stringent obligations on “high-risk” applications.

The Act emphasizes transparency, accountability, and the protection of fundamental rights, setting a high bar for AI governance globally. This landmark legislation will likely serve as a blueprint for other regions grappling with the complexities of AI regulation.

Google Retains Third-Party Cookies

In July, Google announced its intent to continue using third-party cookies in the Google Chrome browser. This was a significant change from its original plan to begin phasing third-party cookies out throughout the year. Reception to the decision was mixed. Whatever happens with third-party cookies in the future, it remains imperative both for customers to take control of their own online experience and for marketers to respect user preferences in how their data is collected and used.

Australia Approves Privacy Reforms

In August, Australia made history by approving its first reforms to the Privacy Act. A standout feature of these reforms is a ban on social media platforms collecting data from minors without explicit parental consent. The reforms also strengthen consumer rights, including a “right to be forgotten” and tighter rules around data retention.

These changes demonstrate Australia’s commitment to safeguarding personal data in an increasingly digital age, particularly for vulnerable groups like children.

Thailand Issues First Fine Under Data Protection Act

Thailand enforced its Personal Data Protection Act (PDPA) by imposing its first significant fine in October. This marked a turning point for privacy enforcement in Southeast Asia, emphasizing that regulators are serious about penalizing non-compliance.

The case involved a company’s failure to obtain proper consent before processing personal data, signaling a strict approach to upholding individuals’ rights under the PDPA.

Where Do We Go from Here?

The events of 2024 underscore a global commitment to strengthening privacy protections and holding organizations accountable for their use of data and AI. As legislation becomes more sophisticated and enforcement more rigorous, the stakes for businesses have never been higher. Whether it’s adapting to state-specific privacy laws, aligning with groundbreaking regulations like the EU AI Act, or responding to new enforcement trends in regions like Southeast Asia, organizations must navigate this complex landscape with foresight and agility.

As we step into 2025, don’t let yourself be caught off guard by future developments. Contact us today for help navigating the upcoming changes.