In the foreword to the Irish Data Protection Commission's latest annual report, Helen Dixon has called for a set of universal metrics to measure the performance of all European supervisory authorities. Her comments follow repeated criticism of her office's enforcement record and claims of damage to the country's global standing if matters don't improve. Ms Dixon said, "what has remained elusive in 2021 is any agreed standard by which to measure the impacts and success or otherwise of a regulatory intervention in the form of GDPR that applies to literally everything. If the collective goal of all of us is to ensure better protection of people from misuses of their personal data and, indeed, to ensure they are not dis-advantaged by "over-implementation" of GDPR rules, the types of quantitative and qualitative metrics that need to be assessed must be carefully laid out. Further, enforcement priorities must be set and the impact of different enforcement measures and sanctions must be tracked and analysed over time for impact and value-for-money." Ms Dixon also warned that a focus on "the number of cases, and the quantity and size of the administrative fines levied" as the sole measure of success for the GDPR poses harm to the law.
The reports highlights indicate the DPC received 7,469 queries and 3,419 complaints from individuals, a 7% over 2020. Businesses reported 6,549 valid breach notifications, 95% of which were concluded in 2021. In total, five large scale inquiries were concluded, the headline being the €225 million WhatsApp fine. A further nine cases are in preliminary drafts, and statements of issues are being sought in 17 cases.
Read the full DPC 2021 Annual Report or this concise summary by DLA Piper.
In related news, Facebook whistleblower Frances Haugen told an Oireachtas committee that the Irish Government should order an independent review of the Data Protection Commission. Ms Hauge said, "I would urge you to learn the lessons from criticisms of your data protection commission. The DPC is widely considered to have stepped back from its responsibilities in properly enforcing GDPR. The tech companies on your shores once again got away with it."
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.