Now that the European Union is governed by the General Data Protection Regulation (GDPR), consumers are ready to demand compliance.
Regulators throughout Europe have reported significant spikes in complaints regarding data privacy compliance following the May 25 deadline, according to The Guardian. CNIL, the department for data complaints in France, said complaints rose 50 percent since May 25, and Austria reported that in the past month, it received eight times as many complaints as usual.
The European Data Protection Board also reported a surge in overall complaints throughout the continent.
Andrea Jelinek, chief regulator of data privacy for the GDPR, said the “machinery is up and running” for enforcement of the law, according to Politico Europe. Jelinek reported that there are already 29 international cases regarding data privacy violations under investigation after the law went into effect.
Even as consumers file complaints in an effort to test and challenge the GDPR, dozens of members of the EU have yet to pass final versions of the law, including Belgium, Romania, Finland, Hungary and Slovakia, among others. Some of the countries have not yet finished drafting final legislation to put the language into action, according to Politico Europe.
Most of the complaints coming in are about the U.S. based companies Facebook and Google, according to The Guardian, both of whom have attracted attention for asking consumers to either agree with the terms of the company’s data collection policies or opt out of the service altogether with a simple cookie banner at the bottom of the website, rather than allowing users to select what data they will allow to be collected.
Max Schrems, a well-known privacy advocate who has sharply criticized both Google and Facebook in the past, led the crusade against the companies for their “opt-in” policies, according to TechCrunch, filing complaints May 25, the day the GDPR went into effect. Schrems has led the effort through his non-profit, NOYB (none of your business).
In a statement, Facebook responded to the complaint and said it has taken steps over the past year and a half to update its policies, enhance user control over how data is handled, and offer more ways to download and delete information from the website, according to TechCrunch.
However, the social media company moved its user data storage operations from Ireland to the United States in April, ahead of the GDPR going into effect, according to The Guardian.
Other companies have withdrawn entirely from the EU in an effort to avoid a flurry of complaints, according to The Guardian, including major publications controlled by the Tronc media group.