Data Protection Commissioner
   HOME

TheInfoList



Click Here for Items Related To - Data Protection Commissioner
OR:
Data Protection Commissioner on:   [Wikipedia]   [Google]   [Amazon]

The Office of the Data Protection Commissioner (
Irish Irish may refer to: Common meanings * Someone or something of, from, or related to: ** Ireland, an island situated off the north-western coast of continental Europe ***Éire, Irish language name for the isle ** Northern Ireland, a constituent unit ...
: An Coimisinéir Cosanta Sonraí) (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to
data privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data pr ...
through the enforcement and monitoring of compliance with
data protection Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data p ...
legislation in
Ireland Ireland ( ; ga, Éire ; Ulster-Scots: ) is an island in the North Atlantic Ocean, in north-western Europe. It is separated from Great Britain to its east by the North Channel, the Irish Sea, and St George's Channel. Ireland is the s ...
. It was established in 1989.


Role and operations

The independent role and powers of the Data Protection Commissioner are as set out in legislation in th
Data Protection Acts 1988
an
2003
These Acts transpose the
Council of Europe The Council of Europe (CoE; french: Conseil de l'Europe, ) is an international organisation founded in the wake of World War II to uphold human rights, democracy and the rule of law in Europe. Founded in 1949, it has 46 member states, with a p ...
1981 Data Protection Convention (Convention 108) and the 1995 EU Data Protection Directive (Directive 95/46/EC). However, the latter was then replaced by the EU
General Data Protection Regulation The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and of human rights law, in par ...
(GDPR), which is directly applicable upon Members States such as Ireland.


Investigation of complaints

Complaints received from individuals who feel that their
personal information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely accepted in the United States, but the phrase it abbreviates ha ...
is not being treated in accordance with the data protection law are investigated under section 10 of the Data Protection Acts. It is the statutory obligation of the Office to seek to amicably resolve complaints in the first instance. Where an amicable resolution cannot be achieved, the Commissioner may make a decision on whether, in her opinion, there has been a breach of the law. If the complainant or the data controller disagrees with the Commissioner's finding, they have the right to appeal the decision to the Circuit Court. The DPC's main priority, if a complaint is upheld, is that the data controller complies with the law and puts right the matter concerned. If an organization does not voluntarily cooperate with an investigation, the DPC has powers of compulsion to require such cooperation. In 2015, the Office received 932 complaints that were opened for investigation. Investigations into 1,015 complaints were concluded. In 2018, Martin Meany, editor of Goosed.ie, filed a complaint to the DPC against the Diocese of Ossory stating he wished for his baptismal records to be deleted. The complaint started a subsequent "own volition enquiry" by the DPC into "whether the church's holding of personal data on baptisms and other Catholic sacraments that individuals may have taken falls under the EU's data protection law, the General Data Protection Regulation". In 2022, Meany launched High Court
Judicial Review Judicial review is a process under which executive, legislative and administrative actions are subject to review by the judiciary. A court with authority for judicial review may invalidate laws, acts and governmental actions that are incomp ...
proceedings against the DPC. He claims the DPC has failed to complete an investigation into his complaint against the Catholic Church. In 2021, NOYB (None Of Your Business), an Austrian NGO founded by Max Schrems, filed a complaint against the DPC for corruption under Austrian law after the DPC demanded that the group sign a
non-disclosure agreement A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share with one another for certain purposes, but wis ...
in order to continue with their long-running complaint against
Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dust ...
. NOYB argued that the DPC could not demand favourable media coverage as the price of using its services.


Audits

Section 10 (1A) of the Acts provides that "the Commissioner may carry out or cause to be carried out such investigations as he or she considers appropriate in order to ensure compliance with the provisions of this Act and to identify any contravention thereof." These investigations often take the form of audits of selected organizations. The aim of an audit is to identify any issues of concern about the way the organization under scrutiny manages personal data. In 2015, the DPC carried out 51 audits and inspections of organizations in the public and private sectors.


Enforcement


Offences under the Electronic Communications Regulations

All breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003 for which the Office of the Data Protection Commissioner has responsibility are offences. The offences relate primarily to the sending of unsolicited
marketing communications Marketing Communications (MC, marcom(s), marcomm(s) or just simply communications) refers to the use of different marketing channels and tools in combination.Tomse, & Snoj, 2014 Marketing communication channels focus on how businesses communicate ...
by electronic means. The offences are punishable by fines - up to €5,000 for each unsolicited message on summary conviction and up to €250,000 on conviction on indictment. The Office of the Data Protection Commissioner may bring summary proceedings for an offence under the Regulations. Enforcement responsibility is shared with the
Commission for Communications Regulation The Commission for Communications Regulation (ComReg) ( ga, An Coimisiún um Rialáil Cumarsáide) is the general communications regulator for Ireland, covering almost all possible types of communications. Founded on 1 December 2002, ComReg t ...
(ComReg).


References

{{authority control Government agencies of the Republic of Ireland Data protection authorities Department of Justice (Ireland)