Data Privacy Complaints In France Increase Post-GDPR

gdpr-eu-privacy-international

Four months after General Data Protection Regulation (GDPR) came into effect, France is seeing a rise in data privacy complaints.

The country’s CNIL agency announced on Tuesday (Sept. 25) that it’s received 3,767 complaints since May 25, which is when the GDPR went into effect. That is an increase from 2,294 complaints over the same period last year, which was already a record year. The CNIL said it has also received more than 600 data breach notifications, affecting around 15 million people.

The two organizations filing complaints for consumers are Max Schrems’ privacy NGO, noyb, and the French digital rights group, La Quadrature du Net, which the CNIL said has filed complaints against Google, Amazon, Facebook, LinkedIn and Apple.

France isn’t the only country to see a boost in complaints. Last month, it was reported that the number of complaints filed with the U.K. data protection watchdog has more than doubled since GDPR went into effect. Between May 25 and July 3, there were 6,281 complaints filed with the Information Commissioner’s Office (ICO) — more than double the number during the same period the previous year.

There has also been a boost in complaints in Ireland, with more than half related to GDPR.

GDPR allows European citizens to request their data from companies, as well as request for their data to be corrected and deleted under the “right to be forgotten” provision. Companies that fail to follow the new rules can face fines as high as €20 million ($23 million), or 4 percent of their global annual revenue.

However, a recent study found that three months in, GDPR compliance rates are low, showing that only 20 percent of firms are fully compliant.

“Despite this being on the horizon for a couple of years, the reality of the work involved in implementation and ongoing compliance may have taken many businesses by surprise,” said James Geary, principal at EMW. “Failing to respond promptly to subject access requests or right to be forgotten requests could result in a fine, and the time involved in responding properly should not be underestimated.”