GLOBAL: A month on from GDPR, and regulators across the European Union have registered a strong increase in data protection complaints and data breach notifications, a sign that the regulation has aided greater transparency from business and public appetite for expanded rights.
This is according to a report in the Guardian, which found that the UK’s Information Commissioner’s office had seen a rise in both complaints from the public and notifications from companies, though it declined to detail the precise number. In France, meanwhile, the data protection regulator CNIL saw a 50% year-on-year increase in the number of complaints.
Isabelle Falque-Pierrotin, head of CNIL, told Politico: “The general public is interested about all the transparency obligations, consent and all the new rights.”
The UK’s ICO noted in a statement that the new regulation and its full implications are in their early stages, but “generally, as anticipated, we have seen a rise in personal data breach reports from organisations.
“Complaints relating to data protection issues are also up and, as more people become aware of their individual rights, we are expecting the number of complaints to the ICO to increase too.”Austria, too, has seen a sharp rise, with 128 complaints and almost 500 questions filed to the country's data protection authority, alongside 59 breach notifications in just one month – a similar number to the eight months leading up to the 25th May.
Currently, the bulk of those complaints has been against large and well-known internet companies. On the day the regulation came into force, on 25th May of this year, the privacy campaigner Max Schrems filed four complaints over Facebook and Google services that he argued operated a ‘take it or leave it’ consent position, according to TechCrunch.
In response, Facebook’s Chief Privacy Officer, Erin Egan said her company had been preparing for 18 months to meet GDPR’s requirements. “We have made our policies clearer, our privacy settings easier to find and introduced better tools for people to access, download, and delete their information.”
Under GDPR the fines for non-compliance have increased to the largest of 4% of global turnover or €20m. However, enforcement is the responsibility of individual countries’ regulators. At the beginning of May, a Reuters survey found that 17 of 24 authorities did not have the necessary funding or powers to fulfil GDPR duties. Both the UK’s ICO and Ireland’s Data Protection Commissioner – which oversees the European headquarters of Google, Apple, and Twitter – declined to respond to the survey.
This has not quelled some companies fears, however, as some global companies have shut down European operations. Instapaper, the Pinterest-owned reading service has been down since 25th May. Tronc media group have blocked EU readers, and certain ad exchanges have ceased European operations rather than change their privacy policies.
Sourced from the Guardian, Politico, Reuters; additional content by WARC staff