Year 1 of GDPR: Over 200,000 cases reported, firms fined €56 meeelli... Oh, that's mostly Google European data protection agencies have issued fines totalling €56m for GDPR breaches since it was enforced last May, from more than 200,000 reported cases – but watchdogs have said they're just warming up. An assessment from the European Data Protection Board (EDPB), which is made up of regulators across the region, found that …
"reports of data breaches in the first month at 1,700. This has levelled out a little, but there are still about 400 coming in a month. Overall, he expects the total to reach about 36,000 this year"
These figures don't add up, how can they expect 36,000 reports this year when they only have 400 a month (4,800 a year)?
What's a person to do? My personal peeve is SMS marketing - I complain to and boycott any company that does this. One company claimed they had the right to text me (which they did not) and even kept texting me after I complained, another said sorry can't explain why it happened (but I am stuck in a contract with them, so can't even boycott). Sure, I could report these operational cock-ups to the ICO, but let's face it - will the ICO ever do anything about these minor indiscretions?
It takes about 30 seconds to report once you have the below link. I'd imagine my repeated use of this helped the authorities find and raid those offices recently. In that article they stated around 400 complaints which isn't much so maybe that's why this stuff isn't being stamped out? ALWAYS report these things. These people need evidence to act upon.
https://ico.org.uk/make-a-complaint/nuisance-calls-and-messages/spam-texts-and-nuisance-calls/report-spam-texts-and-nuisance-sales-calls/
The main issues I've had with GDPR are companies refusing to tell me anything because I haven't actively subscribed to them. As an example, my broadband price went up by £5 per month but I wasn't told as I had failed to opt in to marketing emails. After speaking to them, GDPR was blamed for being unable to communicate price changes to me.
The other issue is how much effort having to opt out of tracking manually on most websites I visit. On sites I have opted out before, there is no indication this was saved. The usual accept and continue banner is displayed at the bottom of the screen but when I go into the consent options, they can be opted out or they could be opted in.
I have been getting much better ads though... now I've opted out of targetted ads where I can.
That sounds like a blatant abuse of the act since you have an ongoing (though now breaking down) relationship with the clowns. I understood that GDPR allowed continuing communications concerning the conduct of an existing relationship. Marketing abuse mails are a different can of worms, who was it BT's or Sky's blackmailers?
That's full BS - but privacy regulators should not invoked here - but consumer protection agencies. Any change of contract terms must be communicated (and the customer has to be able to terminate the contract without fees) - and GDPR does allow for that - as it's part of delivering a service - exactly like billing, I believe they billed you regularly - not marketing. So they broke consumers' protection laws...
"After speaking to them, GDPR was blamed for being unable to communicate price changes to me."
That's BS.
GDPR explicitly _doesn't_ block a company sending you notices about changes to terms and conditions of an active contract (a price change comes under that category) and trading standards can get involved in that one.
It's the kind of thing where a letter from Dewey Cheatem and Howe starting "I act on behalf of Mr Donald Duck" sends chills down spines and has them backpedalling furiously.
After speaking to them, GDPR was blamed for being unable to communicate price changes to me.
Just another case of companies not knowing what the rules are - there's a long history of that !
One example I recall from a couple of decades ago was when I put all my employers numbers on both the TPS and FPS in an attempt to cut down on the junk calls/faxes. Not long after, I was informed that we needed to remove one of the numbers from the FPS because a service they subscribed to (a weekly market intelligence report by fax) couldn't send them the fax as the number was on the FPS. I responded "quite bluntly" that the accuracy of anything coming from a company which had so little knowledge of the rules regarding the TPS and FPS was of "questionable accuracy". When the jist of my response was fed back to the service provider, I believe they modified their systems and the information faxes from them started coming in again.
Just like your example, the company had failed to grasp the difference between unsolicited marketing communications, and those happening as a result of a contract with them.
Fine them as a percentage of gross income, with a fine from one incident not being taken into accout for the fine of a second incident. This is the only way these people will feel any pain from their transgressions.
I really wish there was a way to get a similar law passed in the US. I'd LOVE to be able to include the phone companies, for delivering spam calls which are unwanted marketing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
