Ie: Data Protection Commission publishes 2022 Annual Report

Posted on by Dissent

Commissioner for Data Protection, Helen Dixon, has today launched the Irish Data Protection Commission’s Annual Report for 2022.

Highlights of the 2022 Annual report include:

  • The DPC concluded 17 Large-Scale inquiries, with administrative fines in excess of €1billion and multiple reprimands and compliance orders imposed.
  • Additionally, as at 31 December 2022, 4 DPC draft decisions in Large-Scale inquiries were in the EU co-decision making process (Article 60 GDPR) and 1 was in the EU dispute resolution mechanism (Article 65 GDPR). Furthermore, the DPC had progressed 9 large-scale inquiries to the point where submissions on a draft decision, statement of issues or inquiry report were invited from the relevant parties.
  • The DPC processed 9,370 new cases (6,660 queries and 2,710 complaints) from individuals in 2022.
  • The DPC concluded 10,008 cases (6,875 queries and 3,133 complaints), including 1,920 complaints received prior to 2022.
  • The DPC received 125 valid cross-border complaints (as Lead Supervisory Authority) and concluded 246 cross-border complaints.
  • Total breach notifications received in 2022 was 5,828.
  • The DPC brought about the postponement or revision of 7 scheduled internet platform projects with implications for the rights and freedoms of individuals.
  • In November 2022, the DPC had its decisions to impose administrative fines, ranging between €1,500 and €17 million, confirmed in the Dublin Circuit Court. All of these fines have been collected and transferred to the central exchequer in Ireland.
  • 207 electronic direct marketing investigations were concluded in 2022 and two telco companies were successfully prosecuted for 4 separate charges of sending unsolicited marketing communications without consent.
  • The DPC became a founding member of Ireland’s first Digital Regulators Group, to help integrate communication with Government and drive regulatory coherence ahead of pending legislative changes at EU level.
  • Produced 7 pieces of substantial new guidance, including 3 short guides for children on their data protection rights, and updated 11 pieces of existing guidance.

The Commissioner for Data Protection, Helen Dixon, commented:

“2022 was a year that saw significant outputs from the DPC in its efforts to drive GDPR compliance and protect the rights of those in Ireland and across the EU. While the DPC encourages and guides organisations in achieving highest standards of protection in their processing of personal data, the DPC has also demonstrated it does not shy away from enforcing the law and applying sanctions where warranted. Two-thirds of the fines issued across Europe last year, including the EU, EEA and UK, were issued by the DPC on foot of detailed and comprehensive investigations, a fact that underlines both the outsized role, and exceptional performance, of the organisation in effectively holding those guilty of non-compliance to account.”

The Data Protection Commission Annual Report 2022 is available here.

Source:  Data Protection Commission

Category: Breach LawsCommentaries and AnalysesNon-U.S.