IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Irish data regulator racks up GDPR cases against Big Tech

Complaints soared by 75% in 2019 and multinational tech probes climbed to 21, although no fines were collected

social apps

The Irish Data Protection Commission (DPC) extended the number of investigations against Silicon Valleys biggest companies to 21 last year, although there’s no indication as to when any of these cases will be closed.

Six inquiries were opened into multinational tech companies throughout 2019, the first full year that’s passed since the General Data Protection Regulation (GDPR) was introduced, according to its annual review. 

This is in addition to 15 inquiries into the likes of Facebook and Google the watchdog had opened previously, with ten opened into companies owned by the former entity alone. 

The new inquiries include an examination of whether Facebook breached rules by allegedly storing hundreds of millions of passwords without encryption. Since the end of last year, the DPC has also opened a probe into Google and Match Group, which runs Tinder, for violations concerning the data procession of users’ location data.

“We have been busy during 2019 issuing guidance to organisations, resolving individuals’ complaints, progressing larger-scale investigations, reviewing data breaches, exercising our corrective powers, cooperating with our EU and global counterparts and engaging in litigation to ensure a definitive approach to the application of the law in certain areas,” said the commissioner for data protection, Helen Dixon.

“Much more remains to be done in terms of both guiding on proportionate and correct application of this principles-based law and enforcing the law as appropriate. 

“But a good start is half the battle and the DPC is pleased at the foundations that have been laid in 2019. We are already expanding our team of 140 to meet the demands of 2020 and beyond.”   

The watchdog received 7,215 complaints throughout 2019, which represents a sharp 75% rise against the total number of complaints received the previous year, during which GDPR was first introduced. 

Of the complaints received in 2019, a total of 5,496 concluded, leaving 1,719 unresolved - including all those against multinational tech giants. 

Valid data security breaches, meanwhile, hit 6,069 during 2019, representing a 71% increase on the total for 2018, 3,542. The largest category in this segment was “unauthorised disclosers”.

Moreover, due to a litany of organisations, including tech firms, basing their headquarters in Ireland to minimise tax liability, the DPC has found itself serving as the lead investigator for cross-border GDPR probes. Under this one-stop-shop mechanism, 457 complaints were received during 2019

Despite opening and concluded a wealth of investigations, however, the DPC has also collected nothing in fines since May 2018, according to a study released in January.

The slow progress on administering fines, and in investigating the larger tech companies, can be explained by the fact that a new legal framework with significant penalties “is always going to take time to implement correctly”.  

The DPC currently has 30 live litigation cases as of the end of 2019, and passages from the report suggest the organisation wants to take its time in order to get its rulings right and ensure they cannot be legally challenged.

“There is certainly no shortage of commitment and capability at the Irish DPC,” the report said. “But equally there is a keen awareness of the legal requirement to apply fair procedures and what it takes to bring cases over the line and the DPC remains focussed on this job. 

“As we have consistently said, there would be little benefit in mass producing decisions only to have them overturned by the courts.”

Looking forward, Dixon added that the business culture can move into the realm of “data protection by design” to ensure next-gen technologies don’t suffer from the problems “we sleep-walked into” over the last 20 years.

The DPC is hoping to have encouraged big tech firms to adopt a code of conduct to protect children online by the end of 2020. 

These aims are similar to that of the UK government, which has recently nominated Ofcom as the statutory regulator charged with overseeing content hosted on social media platforms like Facebook and Instagram.

The move formed part of the government’s response to the ‘Online Harms’ white paper, which was published last year. These proposals, however, were significantly stronger than those released in 2019, including the establishment of an entirely new regulatory organisation, with powers to fine tech giants heavily.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Deploying flexible data protection to support cloud workload placement
Whitepaper

Deploying flexible data protection to support cloud workload placement

10 Mar 2022
Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Europol ordered to delete huge cache of unlawfully stored data
data protection

Europol ordered to delete huge cache of unlawfully stored data

11 Jan 2022
Grindr given €6.5 million GDPR fine for selling special category user data without consent
General Data Protection Regulation (GDPR)

Grindr given €6.5 million GDPR fine for selling special category user data without consent

15 Dec 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022