Irish Data Protection Commission
   HOME

TheInfoList



Click Here for Items Related To - Irish Data Protection Commission
OR:
Irish Data Protection Commission on:   [Wikipedia]   [Google]   [Amazon]

The Office of the Data Protection Commissioner () (DPC), also known as Data Protection Commission, is the independent national authority responsible for upholding the EU fundamental right of individuals to
data privacy Information privacy is the relationship between the collection and dissemination of data, technology, the public expectation of privacy, contextual information norms, and the legal and political issues surrounding them. It is also known as data ...
through the enforcement and monitoring of compliance with
data protection Data protection may refer to: * Information privacy, also known as data privacy * Data security {{Authority control ...
legislation in
Ireland Ireland (, ; ; Ulster Scots dialect, Ulster-Scots: ) is an island in the North Atlantic Ocean, in Northwestern Europe. Geopolitically, the island is divided between the Republic of Ireland (officially Names of the Irish state, named Irelan ...
. It was established in 1989.


Role and operations

The independent role and powers of the Data Protection Commissioner are as set out in legislation in the Data Protection Acts 1988 and 2003. These Acts transpose the
Council of Europe The Council of Europe (CoE; , CdE) is an international organisation with the goal of upholding human rights, democracy and the Law in Europe, rule of law in Europe. Founded in 1949, it is Europe's oldest intergovernmental organisation, represe ...
1981 Data Protection Convention (Convention 108) and the 1995 EU Data Protection Directive (Directive 95/46/EC). However, the latter was then replaced by the EU
General Data Protection Regulation The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of ...
(GDPR), which is directly applicable upon Members States such as Ireland.


Investigation of complaints

Complaints received from individuals who feel that their
personal information Personal data, also known as personal information or personally identifiable information (PII), is any information related to an identifiable person. The abbreviation PII is widely used in the United States, but the phrase it abbreviates has fou ...
is not being treated in accordance with the data protection law are investigated under section 10 of the Data Protection Acts. It is the statutory obligation of the Office to seek to amicably resolve complaints in the first instance. Where an amicable resolution cannot be achieved, the Commissioner may make a decision on whether, in her opinion, there has been a breach of the law. If the complainant or the data controller disagrees with the Commissioner's finding, they have the right to appeal the decision to the
Circuit Court Circuit courts are court systems in several common law jurisdictions. It may refer to: * Courts that literally sit 'on circuit', i.e., judges move around a region or country to different towns or cities where they will hear cases; * Courts that s ...
. The DPC's main priority, if a complaint is upheld, is that the data controller complies with the law and puts right the matter concerned. If an organization does not voluntarily cooperate with an investigation, the DPC has powers of compulsion to require such cooperation. In 2015, the Office received 932 complaints that were opened for investigation. Investigations into 1,015 complaints were concluded. In 2018,
Martin Meany Martin may refer to: Places Antarctica * Martin Peninsula, Marie Byrd Land * Port Martin, Adelie Land * Point Martin, South Orkney Islands Europe * Martin, Croatia, a village * Martin, Slovakia, a city * Martín del Río, Aragón, Spain * Mart ...
, editor of Goosed.ie, filed a complaint to the DPC against the Diocese of Ossory stating he wished for his baptismal records to be deleted. The complaint started a subsequent "own volition enquiry" by the DPC into "whether the church's holding of personal data on baptisms and other Catholic sacraments that individuals may have taken falls under the EU's data protection law, the General Data Protection Regulation". In 2022, Meany launched High Court
Judicial Review Judicial review is a process under which a government's executive, legislative, or administrative actions are subject to review by the judiciary. In a judicial review, a court may invalidate laws, acts, or governmental actions that are in ...
proceedings against the DPC. He claims the DPC has failed to complete an investigation into his complaint against the Catholic Church. In 2021,
NOYB NOYB – European Center for Digital Rights (styled as "noyb", from "none of your business") is a non-profit organization based in Vienna, Austria established in 2017 with a pan-European focus. Co-founded by Austrian lawyer and privacy activist ...
(None Of Your Business), an Austrian NGO founded by
Max Schrems Maximilian Schrems (born 1987) is an Austrian activist, lawyer, and author who became known for campaigns against Facebook for its privacy violations, including violations of European privacy laws and the alleged transfer of personal data to t ...
, filed a complaint against the DPC for corruption under Austrian law after the DPC demanded that the group sign a
non-disclosure agreement A non-disclosure agreement (NDA), also known as a confidentiality agreement (CA), confidential disclosure agreement (CDA), proprietary information agreement (PIA), or secrecy agreement (SA), is a legal contract or part of a contract between at le ...
in order to continue with their long-running complaint against
Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...
. NOYB argued that the DPC could not demand favourable media coverage as the price of using its services. In January 2023, DPC was forced to increase the fine issued to
Meta Platforms Meta Platforms, Inc. is an American multinational technology company headquartered in Menlo Park, California. Meta owns and operates several prominent social media platforms and communication services, including Facebook, Instagram, Threads ...
after a review by
European Data Protection Board The European Data Protection Board (EDPB) is a European Union independent body with juridical personality whose purpose is to ensure consistent application of the General Data Protection Regulation (GDPR) and to promote cooperation among the EU†...
found that the initial fine was insufficient. European Data Protection Board determined that DPC has failed to perform its enforcement responsibility with "due diligence". The critics have pointed out that 7 out of 8 decisions handed down by European Data Protection Board were against the Irish DPC, and that the DPC "always choose the most tortuous, lengthy and expensive legal route to a decision rather than a simple application of EU law".


Audits

Section 10 (1A) of the Acts provides that "the Commissioner may carry out or cause to be carried out such investigations as he or she considers appropriate in order to ensure compliance with the provisions of this Act and to identify any contravention thereof." These investigations often take the form of audits of selected organizations. The aim of an audit is to identify any issues of concern about the way the organization under scrutiny manages personal data. In 2015, the DPC carried out 51 audits and inspections of organizations in the public and private sectors.


Enforcement


Offences under the Electronic Communications Regulations

All breaches of the
Privacy and Electronic Communications (EC Directive) Regulations 2003 The Privacy and Electronic Communications (EC Directive) Regulations 2003 is a law in the United Kingdom which made it unlawful to, amongst other things, transmit an automated recorded message for direct marketing purposes via a telephone, without ...
for which the Office of the Data Protection Commissioner has responsibility are offences. The offences relate primarily to the sending of unsolicited
marketing communications Marketing communications (MC, marcom(s), marcomm(s) or just simply communications) refers to the use of different marketing channels and tools in combination.Tomse, & Snoj, 2014 Marketing communication channels focus on how businesses communicate ...
by electronic means. The offences are punishable by fines – up to €5,000 for each unsolicited message on summary conviction and up to €250,000 on conviction on indictment. The Office of the Data Protection Commissioner may bring summary proceedings for an offence under the Regulations. Enforcement responsibility is shared with the
Commission for Communications Regulation The Commission for Communications Regulation (ComReg) () is the general communications Regulatory agency, regulator for Republic of Ireland, Ireland, covering almost all possible types of communications. Founded on 1 December 2002, ComReg took ...
(ComReg).


References

{{authority control Government agencies of the Republic of Ireland Data protection authorities Department of Justice, Home Affairs and Migration