Dechert Cyber Bits – Special Edition: 2023 Predictions | Dechert LLP
- EU Regulation
- December 30, 2022
- No Comment
What is in store for Privacy and Cybersecurity in 2023
As the year ends, we offer this special edition with predictions for 2023 from each member of the Cyber Bits Partner Committee. Regardless of what happens in 2023, we renew our commitment to keep you informed of the latest developments to help you navigate this complex environment.
We wish you a happy new year and great things for the year to come.
Brenda and Karen
Partner and Global Co-Chair | Boston
Every year for decades, we’ve seen the number of cyberattacks increase, in both frequency and sophistication, and 2023 promises to be no different. As they grapple with how to fend off this criminal onslaught, we’ll see governments across the globe try to create new regulations (and modify existing ones) around company responses. This is a trend that started in 2022 and will continue into 2023.
Partner and Global Co-Chair | Washington,D.C.
The window for passage of comprehensive privacy legislation will effectively close. As a result, the FTC will step up its assertion of broad Federal privacy rulemaking authority and more states will consider CCPA-like legislation, and state and Federal lawmakers will focus on personal data driven, ethical AI.
Partner | Boston
As companies develop better overall network security and increasingly arrange for quality offline data backups to thwart the impact of ransomware encryption, cyber criminals will continue to develop new attack vectors, tactics and strategies to maintain or increase their negotiating leverage. We will see an increase in the attackers’ use of data exfiltration and “data shaming” as a leverage point, as well as an increase in the attackers‘ deletion of data and the destruction or impairment of a company’s IT infrastructure. It will be critical for companies to have in place sophisticated response teams to quickly minimize the damage and disruption from an attack and to reduce the attackers’ negotiation leverage.
Partner | Brussels
The passage of the Digital Markets Act in the EU is the precursor for new ex ante controls around the globe, complementing ex post antitrust enforcement. The privacy/antitrust nexus much in mind. Meanwhile, identifying and preventing ”killer acquisitions” is one of the talking points of the antitrust circuit – deals below filing thresholds where incumbents pay over the odds to acquire tomorrow’s challenger. Digital (and pharma) are center-stage here.
Partner | Los Angeles
We expect the Securities and Exchange Commission to adopt new rules for registered funds and investment advisers regarding cybersecurity risk management, cyber incident reporting and cyber risk disclosure. These rules will represent the most significant update to federal privacy law as applied to registered funds and advisers in nearly 20 years and will have a substantial impact on the asset management industry.
Dr. Olaf Fasshauer
National Partner | Munich
I think these developments in the EU will be among the most important to follow in 2023:
- the implementation of the Digital Services Act, the Digital Markets Act, the NIS2 Directive and the AI Act, and continued focus on the regulation of non-personal data.
- the Austrian post case of the ECJ, which asks the Court to decide whether a data subject can prevail on a damage claim under GDPR without proving a real or actual damage. The Advocate General suggests in his opinion that the data subject would have to make such a showing. If the Court were to follow the Advocate General’s opinion it will have a considerable impact on the enforcement of GDPR by civil law courts.
- the implementation of the Whistleblower Directive in the various EU member states.
Partner | London
After a year of high drama (and some farce) in UK public life, it seems inevitable the current UK government will reform data privacy regulation. Some in Westminster see the GDPR as a paradigm of EU over-regulation that Brexit sought to break away from. Divergence between the UK and EU is likely to become more marked and in the UK there is likely to be a tendency towards data liberalisation.
Partner | Philadelphia
As the Senior Editor of Cyber Bits, I can attest to the volume of stories we cull through to select the items that are of most practical interest to our readers. From following regulatory proposals made in the U.S. and abroad, to developments on specific issues like the continued quest for a workable post-Schrems agreement on cross-Atlantic data transfers, we’ve done our very best this year to keep you informed. The only thing I’d claim to be sure of is that privacy and cybersecurity will continue to be in the news and on the minds of regulators and our clients in 2023 and for years to come.