This petition is to establish awareness towards the EU and UK that laws pertaining General Data Protection Rules (GDPR, d.d. 2016-04-27) are not only being breached – they are being dismissed by the Data Protection Agencies, who refuse to abide by the law, considering they won’t handle individual complaints.

I’m petitioning this letter to get them to litigate unlawful use of our personal data in order to protect citizens as set out by the GDPR.

Personal data has become big business. Websites use cookies to collect your personal data for analytical and marketing purposes. Therefore this data becomes valuable. Whenever websites offer a ‘free’ service, it’s an indication that they are trying to collect your personal data. The service seems free on the surface, buts it’s actually you and your data that are the product they want to monetize.

To process personal data for analytical and marketing purposes, websites need to ask for your implicit consent by a clear affirmative act. You should be able this deny this request, and retract it at any time. This is not the case for many websites. Furthermore your personal data can be nefariously obtained to profile you, which can lead to discrimination, identity theft, fraud, financial loss, etc.

As the applicable laws for data security are being expanded to fight the rise of cybercrime, such as the Cyber Security Act (CSA, d.d. 2018-04-17) which entered into force in 2021, the executioners should be held accountable for the correct implementation of the legislations provided to protect us.

I need your help to make sure that these laws and guidelines are abided by, by forcing the Data Protection Agencies to address them properly when EU en UK citizens notify them of their concerns – thus making citizens and their personal data secure in their daily lives.

As the Data Protection Agency does not handle individual cases, and individual requests for discovery continue to be denied, we the people can come together and demand our rights be protected as described by the law.

Further reading on GDPR: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e3022-1-1

According to GDPR law (Article 6 - Lawfulness of processing), our personal data should be protected as follows:

Processing shall be lawful only if and to the extent that at least one of the following applies:

The data subject has given consent to the processing of his or her personal data for one or more specific purposes;

Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;

processing is necessary for compliance with a legal obligation to which the controller is subject;

processing is necessary in order to protect the vital interests of the data subject or of another natural person;

processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

(Source: https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN#d1e3022-1-1