Data Subject Requests (DSRs) (formal requests that individuals make to companies to access, delete, or not sell/share their personal data) will grow from 2022 to 2023, according to DataGrail research. It has increased by 32% since then. 2024 Privacy Trends Report.
Data deletion requests are the most common type of DSR, accounting for an average of over 40% of requests across an enterprise.
Data privacy demands skyrocket
As data privacy requests increase, research shows that there is increasing financial pressure on brands that handle data privacy requests. According to Gartner, it costs approximately $1,524 to complete a single access or removal request. According to data from DataGrail, a company with 1 million identities receives an average of 578 access and data deletion requests per year. This means that these DSRs can cost companies nearly $1 million per year.
In 2023, the total volume of data privacy requests increased by 246% compared to 2021. In 2021, there was an average of 248 DSRs per million identities, reaching 859 DSRs per million identities in 2023.
Access requests are on the rise, but data deletion requests are still the norm. Removals, which account for an average of more than 40% of enterprise-wide requests, have outperformed all other types of his DSRs for the third year in a row. Access requests saw the most significant increase, jumping approximately 50% from 2022 onwards.
Businesses are spending 36% more to respond to an influx of requests. It is estimated that manual processing of DSRs will cost companies more than $881,000 per million DSRs per year in 2023, compared to $648,000 in 2022.
Consumers are automating their “do not sell/do not share” settings, but many companies are not honoring their requests. 75% of organizations use three or more cookie trackers and are not up to date, even though consumers have not consented to tracking.
People want control over their personal data
The DataGrail report estimates that in 2023, 80% of all DSRs will come from jurisdictions with no privacy laws, meaning people around the world want more control over their personal data. It shows that.
DataGrail CEO Daniel Barber said: “Data privacy is now about control.” “Consumers have the right to know where their personal data is located and how it is being used, and increasing privacy demands indicate that it is actually being done.” As a result, businesses today face an unprecedented responsibility to not only manage their data responsibly and effectively, but also to give consumers autonomy over their data. We also need to gain consumer trust.”
Although some states and territories have enacted privacy laws, data privacy requests come from virtually everywhere. 46% of DSRs arrived from IP addresses outside the US, Canada, UK, or EU. This means that the people who create DSRs are not necessarily protected by strong privacy laws. In the US, 34% of requests were made by people in states without privacy laws.
“Consumers want more control over their data, even if they don't have legally protected privacy rights,” Barber added. “Organizations everywhere need to take the right steps to ensure people can trust them with their data.”
75% of websites ignore GPC requests
This report reveals how companies are responding to universal opt-out mechanisms (UOOMs) such as Global Privacy Controls (GPCs). UOOM allows consumers to automatically notify businesses not to sell or share their personal data for advertising purposes.
According to DataGrail research, 75% of websites ignore GPC requests. This means that most companies don't respect people's privacy needs. Some businesses may be in violation of current laws or are unprepared for future legal changes. In fact, the prominent law firm Gunderson & Dettmer recently reported a spike in privacy litigation.
Although privacy demands are increasing across all industries, the e-commerce industry, defined in the report as brands with direct-to-consumer (D2C) relationships, received the most DSRs (1,577 per million identities). DSR). This indicates the amount of personal data collected in online marketing campaigns. The e-commerce industry also reflects the growth of the “wellness” market, which includes multi-level marketing (MLM) companies and consumer health companies, which can potentially handle a lot of sensitive data.
Marketing technology companies in B2B environments typically receive the second highest volume of privacy requests related to data obtained through online campaigns, surveys, CRM tools, and more.