[BreachExchange] GDPR: Regulators see sharp rise in complaints

Wed Jun 27 23:03:21 EDT 2018

https://www.warc.com/newsandopinion/news/gdpr_regulators_see_sharp_rise_in_complaints/40684

GLOBAL: A month on from GDPR, and regulators across the European Union
have registered a strong increase in data protection complaints and
data breach notifications, a sign that the regulation has aided
greater transparency from business and public appetite for expanded
rights.

This is according to a report in the Guardian, which found that the
UK’s Information Commissioner’s office had seen a rise in both
complaints from the public and notifications from companies, though it
declined to detail the precise number. In France, meanwhile, the data
protection regulator CNIL saw a 50% year-on-year increase in the
number of complaints.

Isabelle Falque-Pierrotin, head of CNIL, told Politico: “The general
public is interested about all the transparency obligations, consent
and all the new rights.”

The UK’s ICO noted in a statement that the new regulation and its full
implications are in their early stages, but “generally, as
anticipated, we have seen a rise in personal data breach reports from
organisations.

“Complaints relating to data protection issues are also up and, as
more people become aware of their individual rights, we are expecting
the number of complaints to the ICO to increase too.”Austria, too, has
seen a sharp rise, with 128 complaints and almost 500 questions filed
to the country's data protection authority, alongside 59 breach
notifications in just one month – a similar number to the eight months
leading up to the 25th May.

Currently, the bulk of those complaints has been against large and
well-known internet companies. On the day the regulation came into
force, on 25th May of this year, the privacy campaigner Max Schrems
filed four complaints over Facebook and Google services that he argued
operated a ‘take it or leave it’ consent position, according to
TechCrunch.

In response, Facebook’s Chief Privacy Officer, Erin Egan said her
company had been preparing for 18 months to meet GDPR’s requirements.
“We have made our policies clearer, our privacy settings easier to
find and introduced better tools for people to access, download, and
delete their information.”

Under GDPR the fines for non-compliance have increased to the largest
of 4% of global turnover or €20m. However, enforcement is the
responsibility of individual countries’ regulators. At the beginning
of May, a Reuters survey found that 17 of 24 authorities did not have
the necessary funding or powers to fulfil GDPR duties. Both the UK’s
ICO and Ireland’s Data Protection Commissioner – which oversees the
European headquarters of Google, Apple, and Twitter – declined to
respond to the survey.

This has not quelled some companies fears, however, as some global
companies have shut down European operations. Instapaper, the
Pinterest-owned reading service has been down since 25th May. Tronc
media group have blocked EU readers, and certain ad exchanges have
ceased European operations rather than change their privacy policies.