One year after the entry into force of landmark EU rules to better protect personal data, nearly 145,000 complaints have been registered, an initial assessment revealed on Wednesday.
The “General Data Protection Regulation” (GDPR), launched on May 25 last year, enhances the rights of internet users and requires all companies to request explicit consent to use personal data collected or processed in the EU.
The EU has billed the GDPR as the biggest shake-up of data privacy regulations since the birth of the web, saying it sets new standards as the world seeks closer scrutiny of Facebook, Google and Amazon.
It also gives citizens the “right to know” when their data is hacked.
The complaints have already triggered severe penalties, including France’s record 50 million euros fine on US giant Google for not doing enough to inform users on how their data is used.
“The main aim of the rules has been to empower people and help them to gain more control over their personal data,” said EU Justice and Consumer Affairs Commissioner Vera Jourova and EU vice president Andrus Ansip in a joint statement.
“This is already happening, people are making use of their new rights and more than two-thirds of Europeans have heard about the regulation,” they added.
After one year of operation, some 144,376 complaints and questions were registered with the EU’s national authorities in charge of enforcing it.
Meanwhile just under 450 pan-European cases have been opened, as digital players often offer the same services in several EU countries.
One shortcoming om this first anniversary was that three EU countries — Greece, Portugal and Slovenia — have still not transferred the European regulations into their national laws.
The Commission is therefore still working to ensure smooth implementation across the continent, Jourova said at a press conference.
It also wants to help smaller companies to meet the complicated requirements of the GDPR.
The Commissioner compared the regulation to “a one-year-old baby who has an appetite and is very agile”.
While in the months leading up to the entry into force of the regulation there had been widespread criticism, now voices “around the world are calling for comprehensive data protection rules similar to GDPR”, she said.