The Data Protection Commission has today launched its Annual Report for 2024 and released the results of its first Public Attitudes Survey.
From their press release:
Highlights of the 2024 Annual Report
- The DPC issued 11 finalised inquiry decisions resulting in administrative fines totalling €652 million during 2024. Multiple reprimands and compliance orders were also imposed. Significant decisions included:
- In October 2024, the DPC announced the conclusion to an inquiry into LinkedIn which assessed the lawfulness, fairness and transparency of LinkedIn’s processing of its EU/EEA members for the purposes of behavioural analysis and targeted advertising. The decision imposed a fine of €310 million on LinkedIn, in addition to an order to bring its processing operations into compliance.
- In December 2024, the DPC issued its final decisions following two inquiries into Meta Platforms Ireland Limited. Both of these own-volition inquiries concerned breaches notified by Meta Platforms Ireland Limited in September 2018 concerning user tokens. The decisions reprimanded Meta and imposed fines totalling €251 million.
- The DPC received 11,091 new cases from individuals in 2024 and concluded 10,510 cases.
- Of all cases received in 2024, 2,673 progressed to the complaint handling process.
- The DPC resolved 2,357 complaints through the formal complaint-handling process (Including 1,367 complaints received prior to 2024).
- The DPC concluded 145 valid cross-border complaints (as EU/EEA Lead Supervisory Authority). 82% of cross-border complaints received since 2018, where DPC is Lead Supervisory Authority, have now been concluded.
- Total valid breach notifications received in 2024 was 7,781, representing an 11% increase on 2023, with 81% of notifications received in 2024 concluded by year end. 50% of these breaches were a result of correspondence being sent to the wrong recipient.
- The DPC provided input and observations on over 56 pieces of proposed legislation in 2024, a significant increase on 2023, when this figure was 37.
- The DPC led efforts to provide greater clarity to the application of data protection requirements in AI model training and development. The DPC requested a statutory opinion from the European Data Protection Board (EDPB) on AI model development which involved EU/EEA regulators working together over a 14-week period. A formal opinion was adopted by the EDPB in December 2024 leading to a harmonised European standard.
- A total of 146 electronic direct marketing investigations were concluded in 2024 and the DPC prosecuted eight companies for the sending of unsolicited marketing communications without consent. The Court directed the companies to make charitable contributions in lieu of a conviction and fine. The donations amounted to €9,725 across all eight cases.
Access the full report (pdf)