LONDON (Thomson Reuters Foundation) — From an airline emailing a couple’s travel plans to another customer to a car dealership sending a customer’s bank details to a restaurant, a record number of people filed privacy complaints with Europe’s leading data authority last year.
Ireland’s Data Protection Commission said on Thursday it received almost 2,900 complaints about the handling of personal data since a landmark Europe-wide privacy law was adopted last May – 8 percent more than in all of 2017.
The surge signaled growing concern across the continent about how people’s data is used, according to the Irish commissioner Helen Dixon, the lead regulator on the European Union’s (EU) General Data Protection Regulation (GDPR).
“The rise … demonstrates a new level of mobilization to action on the part of individuals to tackle what they see as misuse or failure to adequately explain what is being done with their data,” she said in a statement.
Tech firms are facing a global backlash since last year’s Cambridge Analytica scandal, in which tens of millions of Facebook profiles were harvested without their users’ consent.
The GDPR, the biggest shake-up of data privacy laws in more than two decades, allows users to better control their personal data and allows regulators to impose fines of up to 4 percent of a firm’s global revenue for violations.
The rise in complaints in Ireland was significant since – as the host of the European headquarters of U.S. technology firms like Facebook and Google – the country is the lead regulator on GDPR, said online privacy expert Paul-Olivier Dehaye.
“Ireland is the ground zero of data protection enforcement for all of Europe,” Dehaye, co-founder of PersonalData.io, a non-profit helping people take control of their data, told the Thomson Reuters Foundation.
“We are seeing that people really care.”
Notifications of data breaches from companies also shot up by 70 percent in one year to more than 4,700 in 2018, the commission said.
The GDPR requires organisations holding personal information, such as a person’s name, address and religion, to notify authorities when they suffer a breach.
The Irish regulator said it opened 15 investigations into Facebook, Twitter, Apple and LinkedIn for possible breaches of GDPR rules, which should reach the adjudication stage later this year. —Reporting by Umberto Bacchi @UmbertoBacchi, Editing by Katy Migiro