Irish data regulator racks up GDPR cases against Big Tech

Complaints soared by 75% in 2019 and multinational tech probes climbed to 21, although no fines were collected

The Irish Data Protection Commission (DPC) extended the number of investigations against Silicon Valleys biggest companies to 21 last year, although there’s no indication as to when any of these cases will be closed.

Six inquiries were opened into multinational tech companies throughout 2019, the first full year that’s passed since the General Data Protection Regulation (GDPR) was introduced, according to its annual review. 

Advertisement - Article continues below

This is in addition to 15 inquiries into the likes of Facebook and Google the watchdog had opened previously, with ten opened into companies owned by the former entity alone. 

The new inquiries include an examination of whether Facebook breached rules by allegedly storing hundreds of millions of passwords without encryption. Since the end of last year, the DPC has also opened a probe into Google and Match Group, which runs Tinder, for violations concerning the data procession of users’ location data.

“We have been busy during 2019 issuing guidance to organisations, resolving individuals’ complaints, progressing larger-scale investigations, reviewing data breaches, exercising our corrective powers, cooperating with our EU and global counterparts and engaging in litigation to ensure a definitive approach to the application of the law in certain areas,” said the commissioner for data protection, Helen Dixon.

Advertisement
Advertisement - Article continues below

“Much more remains to be done in terms of both guiding on proportionate and correct application of this principles-based law and enforcing the law as appropriate. 

“But a good start is half the battle and the DPC is pleased at the foundations that have been laid in 2019. We are already expanding our team of 140 to meet the demands of 2020 and beyond.”   

Advertisement - Article continues below

The watchdog received 7,215 complaints throughout 2019, which represents a sharp 75% rise against the total number of complaints received the previous year, during which GDPR was first introduced. 

Of the complaints received in 2019, a total of 5,496 concluded, leaving 1,719 unresolved - including all those against multinational tech giants. 

Valid data security breaches, meanwhile, hit 6,069 during 2019, representing a 71% increase on the total for 2018, 3,542. The largest category in this segment was “unauthorised disclosers”.

Moreover, due to a litany of organisations, including tech firms, basing their headquarters in Ireland to minimise tax liability, the DPC has found itself serving as the lead investigator for cross-border GDPR probes. Under this one-stop-shop mechanism, 457 complaints were received during 2019

Despite opening and concluded a wealth of investigations, however, the DPC has also collected nothing in fines since May 2018, according to a study released in January.

Advertisement - Article continues below

The slow progress on administering fines, and in investigating the larger tech companies, can be explained by the fact that a new legal framework with significant penalties “is always going to take time to implement correctly”.  

The DPC currently has 30 live litigation cases as of the end of 2019, and passages from the report suggest the organisation wants to take its time in order to get its rulings right and ensure they cannot be legally challenged.

“There is certainly no shortage of commitment and capability at the Irish DPC,” the report said. “But equally there is a keen awareness of the legal requirement to apply fair procedures and what it takes to bring cases over the line and the DPC remains focussed on this job. 

“As we have consistently said, there would be little benefit in mass producing decisions only to have them overturned by the courts.”

Looking forward, Dixon added that the business culture can move into the realm of “data protection by design” to ensure next-gen technologies don’t suffer from the problems “we sleep-walked into” over the last 20 years.

Advertisement - Article continues below

The DPC is hoping to have encouraged big tech firms to adopt a code of conduct to protect children online by the end of 2020. 

These aims are similar to that of the UK government, which has recently nominated Ofcom as the statutory regulator charged with overseeing content hosted on social media platforms like Facebook and Instagram.

The move formed part of the government’s response to the ‘Online Harms’ white paper, which was published last year. These proposals, however, were significantly stronger than those released in 2019, including the establishment of an entirely new regulatory organisation, with powers to fine tech giants heavily.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Recommended

ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
Supreme Court rules Morrisons was not liable for 2014 data breach
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do I fix the Windows 10 Start Menu if it's frozen?
operating systems

How do I fix the Windows 10 Start Menu if it's frozen?

3 Aug 2020