In the weeks leading up to the GDPR taking effect, we all withstood a barrage of last minute emails from various companies, some of which we remembered giving our details to, and some we had no recollection of having any contact with in the first place. It was a rude awakening to just how many companies hold our personal information. Let’s be honest though, the majority of us didn’t bother reading these privacy details in the first place, nor was it any different the second time around. This is largely because these privacy agreements are designed to be off-putting, arduous pieces of information, in the hope that we simply accept them and move on with our day.
However, some people did read these new policies, as they were looking for alarm bells. That is, they were looking to catch companies that attempted to work around the GDPR with new, nefarious policies. One of these people is Mac Schrems, an Austrian lawyer and well-known privacy advocate. He filed $8.8 billion worth of law suits against Google, Facebook, Instagram and WhatsApp. He claims that both Google and Facebook are forcing consent on users to be able to collect and share their data, if they wish to use their platforms. Schrems claim – and rightly so - that this violates the terms of the GDPR which states users should have the option to use a platform without their personal data being recorded and sold to third parties. Moreover, it states that data can only be used for the original purpose it was recorded for. As proceedings are still taking place, we will have to wait and see how this unfolds.
Although it is substantial, the aforementioned complaint is a needle in a haystack compared to the total number of complaints laid so far. Since the GDPR has come into effect, there has been a steep rise in the overall number of complaints across Europe. Austria received over 100 complaints in one month, the equivalent of 8 months’ worth of complaints prior to the GDPR taking over. Other countries such as France, reported a 50% rise in complaints. The UK received over 1000 complaints in less than a month. As expected, the numbers are staggering.
Further to that, there’s also been an increase in companies reporting data breaches now they can face fines of up to €20 million or 4% of annual turnover. Ireland alone had 547 data breach notifications in the month following the GDPR. One company in particular, Dixon Carphone, is already in hot water after reporting a major data breach of over 5.9 million credit cards. With an annual revenue of £10.58 billion they could be facing quite a substantial fine.
Businesses are not the only ones feeling the effects of the GDPR. Although many companies updated their privacy details accordingly, some companies deemed it too hard to comply with and shut their doors to EU citizens. Other companies such as The Washington Post, saw it as business opportunity and instead of updating their policy, blocked EU citizens unless they pay for an ad free subscription (there is no need for personal data collection for targeted ads).
Hopefully, treating online privacy as a commodity won’t be a trend that catches on, and until GDPR-like regulations become common practice across the globe, companies will keep doing everything in their power to record and own as much of your data as possible.