To go by 2024 Data Privacy Trends, a new study from DataGrail, companies are being flooded by data subject requests (DSRs) from consumers.
But many companies are ignoring them.
A startling 75% of websites ignore global privacy control (GPC) or do-not-sell requests. “Some could be violating current law or be unprepared for upcoming legal changes,” the study notes.
Overall, there was a 246% increase in DSRs worldwide from 2021 to 2023, for an average of 859 per 1 million identities.
Of that total, 280 were do-not-sell requests (32.7%), while 231 were for access (26.9%) and 347 were for deletion (40.4%).
Firms may have been daunted by the expense. The cost of processing DSRs was $881,000 per 1 million identities in 2023, a 38% increase
advertisement
advertisement
DataGrail analyzed the DSRs it processed from January 1 to December 31, 2023.
The ecommerce field drew the most DSRs, followed by the marketing/sales tech sector. The latter included firms leveraging email, CRM, surveys and communications technology.
One thing became clear: People want their data protected even if there are no laws in their area to do that.
Of the requests seen, 46% came from IP addresses are located outside areas with strong privacy laws (i.e., the U.S., Canada, China, Brazil, the UK and the EU).
Within the U.S., 125% of DSRs were from states with laws now on the books — namely California, Colorado and Connecticut. But 34% derived from states without privacy protections.