Top 8 privacy highlights | Risk Advisory | Deloitte Netherlands


Presenting you the top 8 privacy highlights of this year

Wrapping up 2021

The year 2021 was not only the year of yet another COVID-19 variant, but also the year that brought us many moments to remember in the field of privacy, digital ethics and digital responsibility! Want to find out what we see as the highlight of this year? Keep on reading!

Go directly to

It’s that time of year where we look back at the good, the bad, and the ugly. This year will go down in history as another eventful year, with yet another COVID-19 variant... Luckily the year 2021 was not only the year of COVID-19, but also the year that brought us many moments to remember in the field of privacy, digital ethics and digital responsibility!

1. Schrems strikes again; the aftermath!
After striking down the main mechanism for transferring data from the EU to the US in 2020, the consequences of the Schrems II judgment continue. This time the victims are the Standard Contractual Clauses (SCCs). Following these developments, the long awaited new SCCs were issued by the European Commission in June of this year, enabling international transfers of personal data.

2. A new day, a new Data Protection Law in China
China’s approximate 989 million internet users received an early Christmas gift this year, in the form of a new data protection law: the Personal Information Protection Law (PIPL). On November 1st, the country’s first comprehensive data protection law came into effect and boosted the protection given to hundreds of millions of consumers. The new law does not only reshape how companies in China need to operate but can also have effect on overseas companies, for example when they provide a product or service to persons located within China.

3. The new hub for trustworthy AI
The European Commission introduced a proposal for the world’s first Artificial Intelligence (AI) Act in April of this year. The ambition is to turn Europe into the global hub for trustworthy AI. The AI Act sets out rules for the development, commodification and use of AI-driven products, services and systems within the EU. If passed, this Act can enable responsible innovation in AI and Machine Learning.

4. Algorithms: the Why, How & What?
Racial profiling, inaccuracy, violation of human rights in algorithms? Hopefully something of the past! At least, that is what the Dutch Minister of the Interior wants to achieve by the development of the Impact Assessment Mensenrechten en Algoritmes (IAMA). This instrument supports organizations in identifying risks to human rights when using algorithms and taking the necessary mitigating measures.

5. Global agreement on the ethics of AI
How can we steer the development of AI in the right direction? Independent experts appointed by the UNESCO Director-General believe a global agreement on the ethics of AI might do the trick. That is how the first UNESCO’s global Recommendation for the Ethics of AI was created. This historical text defines the common values and principles which can guide the healthy development of AI.

6. Supervisor and the machine
The long wait is over! The Netherlands not only has a new government but will also get a new supervisor for algorithms. In the coalition agreement, the new Dutch government has agreed that a supervisor should be installed that monitors the lawful use of algorithms. Unfortunately, it is not yet known when the regulator will officially be installed and what its formal powers will be. Hopefully we will obtain more clarity around this in the coming year.

7. Ready, set, Digital Decade
Last year the European Commission announced an ambitious reform of the digital space, the Fit for a Digital Age program that will ensure technology not only serves the people but also adds value to their lives. This year the Commission kickstarted the Digital Age journey and the program came in full swing garnering the same level of attention as the Green Deal. We are expecting it will bring a big wave of new regulations that will shape our digital society in the upcoming years.

8. Log4j vulnerability
Finally, while many people were watching the F1 title competition between Max Verstappen and Lewis Hamilton, security experts and organizations worldwide were racing to patch a zero-day exploit of Log4j, a popular open-source library. The vulnerability may allow attackers to perform remote code execution and has been assigned a severity of 10.0, the highest possible score! This race is not over yet, let’s see who will win in 2022.

And remember: preparation is key! The upcoming (proposed) regulatory changes such as the AI Regulation, China’s new data protection law, Digital Services Act, Digital Markets Act and more, are all keeping many organizations on their toes. In these moments of change, forward-thinking organizations are already preparing and planning for the new things to come.

For now, we want to wish you a wonderful holiday season together with your loved ones and all the best for the new year! We look forward to seeing you again in 2022, a year in which we will continue to provide you with compelling privacy news. We have an exciting time ahead of us, that’s for sure!

Did you find this useful?