Privacy Complaints Up in France after GDPR
France reported a 64% increase in privacy complaints after GDPR went into effect on May 25th, according to the French data protection agency CNIL this week.
CNIL has received 3,767 complaints under GDPR compared to 2,294 during the same period last year. According to CNIL, the increase over what was already a record year last year suggests that EU citizens have seized on the privacy rights provided by GDPR.
CNIL also noted that it had received complaints on behalf of consumers from two organizations under the “collective redress” section of GDPR. In total, the organizations have filed complaints against companies including Google, Amazon, Facebook, LinkedIn and Apple.
The European authorities are also managing more than 200 cross-border privacy complaints. The DPA said these complaints raises questions about consent and many of them deal with children’s privacy issues.
The French DPA has received 600 notifications on data breaches, collectively identifying privacy leaks of the personal information of approximately 15 million peoples. Article 32 of GDPR requires 72 hour notification of organizations about certain data breaches.
The information about privacy complaints under GDPR follows statements about similar increases in complaints by the UK’s Information Commissioner’s Office and the Irish Data Protection Commission over the past few months.
In other news, the European Data Protection Board (EDPB) has announced it will issue new draft guidelines on the territorial scope of GDPR, subject to a public consultation. The release is intended to clarify when the GDPR applies to data controllers and processors established outside of the European Union, including the designation of an Article 27 Representative.
The EDPB has also reviewed recommendations from the DPAs about processing which should trigger a Data Protection Impact Assessment (DPIA). The EDPB has reviewed the recommendations in 22 opinions (covering 260 different types of processing) and reached an agreement about a common view on when a DPIA is required. The EDPB said that the 22 opinions are “in line with earlier guidance” from the Article 29 Working Party.
We will follow up with more information about these developments when we have them.
More from Clarip
Other Blog Posts on GDPR Enforcment:
More DPAs Issuing GDPR Fines and Warnings
EDPB Releases Guidelines on Territorial Scope of GDPR
EDPB Releases Comments on DPIA Requirements under Article 35.4
Dutch Question Microsoft Over Office Data Telemetry Collection Violations under GDPR
Austria Issues First GDPR Fine
ICO Threatens Max GDPR Fine to AggregateIQ
ULD DPA Issues Ban on Data Processing Under GDPR
Data Privacy Complaints Double in UK under GDPR
German DPA Circulates GDPR Compliance Survey