A week when the Dutch got heavy and the Spanish got in a hurry, and consumers prepared to exercise their rights

Spain has rushed through a decree, the Dutch have announced random privacy-related investigations and citizens in Ireland and the UK are set to exercise their rights under GDPR in their millions: it’s another week in the ever-developing story of the fight for privacy.

In Spain, things have been lagging. GDPR came into force in May, but there are contradictions with existing data protection law in Spain, and politicians have been quarrelling over the conditions of a planned new act. In the meantime, by Royal Decree, a temporary measure is in place to reconcile contradictions between existing Spanish data protection law and the GDPR.

In Holland, by contrast, it seems that the hat will be busy, at least names are being drawn from it. The Dutch Data Protection Authority – Autoriteit Persoonsgegevens (AP) has begun a compliance regulation verification programme among randomly selected large companies. In total, 30 companies will be investigated from a list of 250 companies.

As for the public, according to a survey in the UK and Ireland, and conducted by analytics company, SAS, 27% of survey participants have already exercised their GDPR rights over personal data, 56 per cent plan to do so within a year, up from 42% last year and 46% of participants said they would activate their data rights after only one mistake.

Meanwhile, it has emerged there is a compliance problem with apps. A study from Crownpeak found that 79% of the top 50 Android apps and top 50 Apple apps offer no consent solution at all, despite, according to the survey, all apps considered have at least some data gathering.

On the breach front, things have been quieter (unlike the beach front, that has been brimming over), but the UK’s privacy regulator, the ICO, has fined Emma Diary £140,000 for illegally collecting and selling personal information belonging to more than one million people.

This has also been a busy week for Samsung, as it reveals its latest smartphone, The Galaxy Note 9, which it is describing as a supercomputer. As far as privacy, though, things are not so super. Researchers from Graz University of Technology claim to have found a way to exploit Meltdown, a security vulnerability uncovered earlier this year, in the Galaxy S7. One of the researchers, Michael Schwarz, told Reuters: “There are potentially even more phones affected that we don’t know about yet. There are potentially hundreds of millions of phones out there that are affected by Meltdown and may not be patched because the vendors themselves do not know.”

And finally, a banking start-up called Revolut has developed a virtual card, in which the details are regenerated with every transaction. That way, if a company selling products, which require payment by card, suffers a data breach and customer card details are compromised, it won’t matter – at least the risks associated with fraudulent use of card data stolen is nullified. It claims that the technology will reduce card fraud by 30%.


The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.

Pre-registration for DPWF 2019 will be opening in the coming weeks.

https://www.dataprotectionworldforum.com/