EEA Cross-Border Transfers. The U.S. and the EU will work towards, and hopefully reach, a cross-border data transfer solution.

Ransomware. More ransomware attacks and increased regulatory scrutiny of companies that pay ransom demands.

Digital Advertising. Development of alternate marketing strategies, and perhaps more reliance on consumer opt-in, as privacy laws further erode traditional tracking and targeting approaches.

COVID-19 Data Sharing. Entities involved in the COVID-19 response ecosystem will continue to have reporting, data sharing, and management requirements that vary based on jurisdiction.

Access Requests. Businesses will make operational updates relating to employee and B2B data collection, geolocation, cross-contextual behavioral advertising and sharing to ensure compliance with the 12-month “look-back” requirement for access requests.

State Privacy Legislation. Other states will join California and pass their own privacy laws, further complicating compliance for companies.

FTC Investigations. With the Biden administration in place, there will be an increase in privacy-related regulatory investigations.

Health Data Compliance. Further complications in health data compliance between state and federal law.

Record Retention Policies. There will be increased focus on the appropriate retention periods and consumer notice of retention periods in the EU, and by 2023 in California under the CPRA.

Privilege in Breach Investigations. There will be more litigation and guidance on steps to trigger and not inadvertently waive privilege in relation to third party forensic investigations.