There has been an increase of 72% in requests from people to companies to modify or delete their data over a year, according to a report by privacy management company DataGrail.
DataGrail analyzed the data subject requests (DSRs)—formal requests made by a person to a company to access, modify, or delete the personal data that the company holds on them—that it processed on behalf of customers from January 1 to December 31, 2022.
The company found an average of 650 DSRs per million identities in 2022, compared to 377 per million identities in 2021. Identity refers to information associated with a unique record of a single person at a company. A single identity accounts for one customer’s personal data within multiple systems across an organization. The customer set has more than 100 million consumer records.
In 2022, data privacy incidents made headlines, with fines imposed on companies like Sephora in the EU and U.S. This may have heightened awareness and led to more DSR requests, according to DataGrail’s CEO Daniel Barber. The widespread use of generative AI, which does not require consumer consent, further complicates the situation and may prompt action from Congress or the FTC to protect consumer privacy. As more people take charge of their data, there could be a knock-on impact on advertising revenues.
“Consumers’ desire for greater control over their personal information grows stronger by the day as people recognize that privacy should be a human right, even if it is not yet federally protected,” said Barber. “Businesses are going to have to respond in an efficient manner, if for no other reason than for the value of earning and maintaining consumer trust and reputational capital.”
Overly aggressive email marketing campaigns from brands that people have had brief encounters with lead to DSRs. And brands that offer a one-off service, like weddings or school searches, are susceptible to people asking to delete their data once they no longer need the service.