We use cookies to collect and analyse information on site performance and usage to improve and customise your experience, where applicable. View our Cookies Policy. Click Accept and continue to use our website or Manage to review and update your preferences.

Data watchdog’s caseload tops 10,000
Data Protection Commissioner Helen Dixon

25 Feb 2021 / data law Print

Data watchdog’s caseload tops 10,000

The Data Protection Commission (DPC) dealt with more than 10,000 cases last year, according to its annual report for 2020.

The 10,151 cases it handled represented a 9% increase compared with 2019. The 2020 report shows that the data watchdog received 4,660 complaints under GDPR rules, while it was notified of 6,628 data security breaches.

Volume of complaints

The commission expressed concern, however, about the amount of complaints it receives on issues that have “little or nothing” to do with data protection.

“The DPC is concerned that the overall volume of complaints it receives — a growing number of which disclose no identifiable data protection issue at all — reflects a desire on the part of many individuals to have access to an independent and easily-accessible, no-cost dispute resolution service for general grievances originating in a disparate range of personally challenging events,” it said.

First fines under GDPR

The year saw the EU’s Court of Justice deliver its judgment in proceedings initiated by the DPC in the Irish courts in 2016 relating to data transfers from the EU to the US.

After that ruling, the DPC began an inquiry into Facebook’s transfers of data to the US, but the watchdog is now awaiting judgment on a judicial review of the probe initiated by the US tech giant.

In May, the commission issued its first fines under the GDPR, against the child and family agency Tusla, while in December it handed down its first fine in a cross-border case, fining Twitter International Company €450,000.

Also in December, the DPC served enforcement notices on seven organisations for non-compliance with rules on the use of cookies and tracking technologies.

'Other agendas'

The DPC said some organisations and individuals were attempting to misuse the GDPR to obfuscate or pursue other agendas, though it acknowledged that sometimes there could be genuine confusion about the rules.

“As an example, an ongoing issue arises with organisations deleting CCTV footage after they are on notice of an access request for that footage, claiming the GDPR requires them to delete it every seven days,” the commission said.

The DPC also said the COVID-19 pandemic provided “clear examples” of the value of the GDPR rules in ensuring that individual rights were protected under public-health initiatives such as the COVID-19 contact-tracing app.

Commissioner for Data Protection, Helen Dixon (pictured), said the GDPR must be understood “as a project for the now, but equally for the longer-term".

Staff numbers at the watchdog increased to 145 last year, and its 2020 budget of €16.9 million will rise further to €19.1 million this year.

Gazette Desk
Gazette.ie is the daily legal news site of the Law Society of Ireland