Nearly ten thousand people have submitted a privacy complaint to the Dutch Data Protection Authority (AP) in the past six months. People mainly complain when more data is requested than necessary and when their personal data is passed on to third parties against their will. Business service providers, IT companies and the government are only outperforming, followed by financial institutions and healthcare institutions.
This is reported by the Dutch Data Protection Authority. With the entry into force of the General Data Protection Regulation (GDPR), privacy rights have been strengthened: anyone can submit a privacy complaint since 25 May. Most complaints (32 percent) in the six months after May 25 relate to violations of privacy law, such as the right to access and the right to delete. For example, people do not have access to their data if they request it, or there are thresholds if they want to have personal data removed. For example, many organizations ask for a copy of an ID before they want to delete data.
People also often complain (15 percent) when they have to provide more information than necessary, for example the BSN when creating an account at a spectacle store or when registering at a driving school. In addition, many complaints (12 percent) are about organizations that pass on personal data to third parties while people do not know or do not want this.
Education
In the first half of the year, in response to complaints, the AP mainly provided information to organizations to end complaints. In more than a third of the cases, the AP sent a letter with an explanation, mediated or had a conversation. Eleven investigations are underway, based on a multitude of complaints.
In one in three complaints, AP employees helped people to file a complaint themselves with the organization they are complaining about.
Sources):