What was promised by the GDPR (Art. 80 and Rec. 142) is now a reality! Following Schrems’ filing of 422 complaints to ten EU Data Protection Authorities yesterday for cookie-related violations, it is now clear that the data protection compliance posture of companies will be checked not only by Supervisory Authorities but also – de facto and actively – by privacy organisations and associations patrolling the internet to proactively find potentially unlawful data processing practices and reporting them to the Authorities.
Ratio: In the past, users/data subjects did not enforce their rights due to a lack of time/knowledge. This shortcoming has now been resolved by collective and organised activism.
Take-away: We have reached a point of no return, so companies should be seriously prepared to properly handle interactions and complaints from privacy organisations/associations, acknowledging that data protection is not just a compliance matter, but a business requirement in the competitive data-driven economy.