• by Ray Schultz , Columnist, May 1, 2024

To go by 2024 Data Privacy Trends, a new study from DataGrail, companies are being flooded by data subject requests (DSRs) from consumers.

But many companies are ignoring them. 

A startling 75% of websites ignore global privacy control (GPC) or do-not-sell requests. “Some could be violating current law or be unprepared for upcoming legal changes,” the study notes. 

Overall, there was a 246% increase in DSRs worldwide from 2021 to 2023, for an average of 859 per 1 million identities.

Of that total,  280 were do-not-sell requests (32.7%), while 231 were for access (26.9%) and 347 were for deletion (40.4%). 

Firms may have been daunted by the expense. The cost of processing DSRs was $881,000 per 1 million identities in 2023, a 38% increase 

DataGrail analyzed the DSRs it processed from January 1 to December 31, 2023.

The ecommerce field drew the most DSRs, followed by the marketing/sales tech sector. The latter included firms leveraging email, CRM, surveys and communications technology. 

One thing became clear: People want their data protected even if there are no laws in their area to do that. 

Of the requests seen, 46% came from IP addresses are located outside areas with strong privacy laws (i.e., the U.S., Canada, China, Brazil, the UK and the EU). 

Within the U.S., 125% of DSRs were from states with laws now on the books — namely California, Colorado and Connecticut. But 34% derived from states without privacy protections.