If 2014 was the year of the data breach – as I predicted two years ago – then 2015 was the year that privacy and security simultaneously became both a kitchen table issue and a national policy issue.

In the US and EU we’ve seen breathtaking events that impact both.

This included massive cyber attacks in the US that resulted in the possible theft of personal data belonging to millions of current and former federal employees, as well as horrific acts of terrorism in the EU that underscore the difficulty in balancing the state’s obligation to provide security to its citizens while respecting an individual’s fundamental right to privacy. 

My prediction is that 2016 will be just as impactful, but I hope for more mundane reasons.

Here are the big things in privacy and security that I think may occur.

1. New EU data framework

First, the massive overhaul of the EU’s data protection framework will be completed, at least the legislative portion of this initiative.

The multi-year project will culminate in a pan-European data protection regulation that will be a once-in-a-generation piece of legislation aimed to streamline compliance for organisations that rely upon the frictionless movement of data across borders.

It will also create new individual rights that allow for better access and control of one’s personal data, as well as new obligations for organisations that collect and transfer data.

While some may wish for more robust data protection regulation to emerge, I am deeply impressed by not only the difficult process, but also the willingness to compromise.

Once the new law is passed there will, of course, be a certain amount of time provided for organisations to comply, possibly up to two years.

Most organisations will need at least that much time to fully understand the changes they need to make in addition to implementing them – it is no easy undertaking.

There are bound to be countless questions and unforeseen consequences from this massive piece of legislation, but I’m sure that those issues will begin to be addressed in 2016.

2. US Safe Harbor refloated

My second prediction for 2016 is that the recently invalidated US Safe Harbor Program – a legal mechanism to transfer personal data from the EU to US companies – will return to the agenda.

This data transfer proposal, long in the tooth, has been highly scrutinised since the Snowden revelations of the NSA’s massive data collection programmes and was close to agreement when the European Court of Justice invalidated the programme.

There is simply too much money at stake, on both sides of the Atlantic, for a path to ‘yes’ not to be found.

I anticipate a new and improved framework to replace the old Safe Harbor Program – one that respects an individual’s right to judicial redress and also limits governmental access to personal data under certain situations.

3. Cookie Law enforcement

My third prediction is that regulators will step up enforcement of the ePrivacy Directive, what some call the ‘cookie law,’ and focus on notice and consent requirements for tracking technologies in mobile apps. 

For quite some time EU regulators have signalled that the ePrivacy Directive isn’t limited to websites that use tracking technologies, but have also indicated that they want the private sector to have a compliance solution before they look for enforcement.

4. Reaction to ad blocking

My fourth prediction is that digital advertising will respond to the widespread popularity of ad blocking.

For too long the digital advertising industry has focused on innovation for advertisers and marketers, to the consumer’s detriment.

But 2015 was the year consumers told the industry they want a cleaner, faster mobile experience – one that isn’t cluttered and doesn’t slow down their mobile browsing.

I predict the industry will positively respond, and will swiftly innovate and develop improved advertising technologies, services and products that allow for a cleaner and ultimately better experience.

This in turn will decrease the amount of ad blocking downloads, and will allow advertisers and marketers to build better, more collaborative relationships with their consumers.

5. Video & VR

Finally, watch for amazing things to happen in both video and virtual advertising.

Video based advertising may well leapfrog over mobile advertising, or at least enjoy a growth rate twice as fast.

The real fun, though, may well be in advertising in the virtual reality industry. Tech giants are sinking huge amounts of R&D into the technology, making it close to life-like and 3D.

It will be a short step indeed for interest-based product placement to embed itself into this nascent industry.