← Back to Projects

Future of Data Privacy & Ethics

Research

Research Presentation · Leuphana Universität Lüneburg · Timeline considered up to 2021

GitHub → View Presentation PDF →

Overview

A research presentation examining the state and trajectory of data privacy — from regulatory frameworks to emerging technological risks. The core argument: data privacy is not a compliance checkbox but a strategic capability, and the gap between what technology can do and what it should do is widening.

46%

of websites use cookies

83%

of users see targeted ads

86%

of web traffic carries third-party tracking cookies

A Short History of Data Privacy (2011–2021)

Short History of Data Privacy 2011–2021
Key milestones in data privacy regulation and incidents from 2011 to 2021 — from the Big Data era through GDPR, Snowden, and the VCDPA/CPRA/AI Act proposals
2011 Facebook & mobile app data practices push "Big Data" proliferation and sensor tracking into mainstream awareness
2012 Year of Wearables — smartwatches and wearable bands hit 5M and 15M sales, expanding personal data collection surface
2013 Whistleblower Snowden — WikiLeaks helps Edward Snowden expose classified NSA surveillance programmes
2014 Safe Harbour invalidated — EU–US data transfer framework ruled no longer valid; 5.2 quintillion bytes of data created daily
2016 Dark Patterns & GDPR — EU enacts GDPR; "dark pattern" design manipulation enters regulatory conversation
2018 GDPR goes live — several million-euro fines for violations; Cambridge Analytica scandal further empowers enforcement
2019 Enactment & Data Breach — high-profile organisations fined; Capital One data breach exposed
2020 Schrems II — CJEU ruling finds EU–US Privacy Shield invalid, forcing renegotiation of transatlantic data flows
2021 VCDPA, CPRA & EU AI Act proposal — Virginia and California pass new privacy laws; EU proposes landmark AI regulation

Regulatory Landscape

GDPR (EU, 2018) is the global gold standard — heavy fines for non-compliance, and it has directly inspired legislation in Brazil, Japan, and India. But global enforcement remains highly uneven, as shown below.

Data Protection Laws Around The World
Global data protection law coverage — showing regulation strength and enforcement capacity by country. Source: caseiq.com
  • GDPR introduced enforceable data subject rights: access, erasure, portability, objection
  • Brazil's LGPD, Japan's APPI — all GDPR-inspired but locally adapted
  • Enforcement gap: regulation exists globally but capacity to enforce varies dramatically by region

Emerging Technology Risks

Technology Risk Response
AI Re-identification of anonymised data; algorithmic bias Privacy-by-design, federated learning
Quantum Computing Breaks current encryption standards Quantum cryptography, homomorphic encryption
Blockchain Immutability conflicts with right to erasure Tailored protocol redesign for compliance
Cloud / Edge Data theft and unauthorised access at scale Access control policies, early threat detection

Ethics — The Core Tension

The central question is not what technology can do, but what it should do. Key dilemmas explored:

  • AI bias — models trained on biased data encode and amplify discrimination at scale
  • Data weaponisation — personal data used for manipulation, profiling, and social control
  • Environmental cost — energy and resource demands of large-scale data infrastructure
  • eTA (Ethical Technology Assessment) — assess technology against ethical principles before deployment, not retrospectively

Individual Protection Tools

VPNs 2FA Ad blockers E2E Messaging Password managers Anonymous browsing

Future Directions

  • Privacy-first design as default — not bolt-on compliance
  • Stricter global standards with harmonised enforcement
  • AI-driven legislative responses to keep pace with technological change
  • Zero-knowledge proofs and decentralised identity as privacy-preserving primitives

Topics Covered

GDPR AI Ethics Federated Learning Zero-Knowledge Proofs Quantum Cryptography Homomorphic Encryption eTA Framework Decentralised Identity