DPC Publishes 2022 Annual Report.

Commissioner for Data Protection, Helen Dixon, has today launched the Irish Data Protection Commission’s Annual Report for 2022.

Highlights of the 2022 Annual report include:

  • The DPC concluded 17 Large-Scale inquiries, with administrative fines in excess of €1billion and multiple reprimands and compliance orders imposed.
  • Additionally, as at 31 December 2022, 4 DPC draft decisions in Large-Scale inquiries were in the EU co-decision making process (Article 60 GDPR) and 1 was in the EU dispute resolution mechanism (Article 65 GDPR). Furthermore, the DPC had progressed 9 large-scale inquiries to the point where submissions on a draft decision, statement of issues or inquiry report were invited from the relevant parties.
  • The DPC processed 9,370 new cases (6,660 queries and 2,710 complaints) from individuals in 2022.
  • The DPC concluded 10,008 cases (6,875 queries and 3,133 complaints), including 1,920 complaints received prior to 2022.
  • The DPC received 125 valid cross-border complaints (as Lead Supervisory Authority) and concluded 246 cross-border complaints.
  • Total breach notifications received in 2022 was 5,828.
  • The DPC brought about the postponement or revision of 7 scheduled internet platform projects with implications for the rights and freedoms of individuals.
  • In November 2022, the DPC had its decisions to impose administrative fines, ranging between €1,500 and €17 million, confirmed in the Dublin Circuit Court. All of these fines have been collected and transferred to the central exchequer in Ireland.
  • 207 electronic direct marketing investigations were concluded in 2022 and two telco companies were successfully prosecuted for 4 separate charges of sending unsolicited marketing communications without consent.
  • The DPC became a founding member of Ireland’s first Digital Regulators Group, to help integrate communication with Government and drive regulatory coherence ahead of pending legislative changes at EU level.
  • Produced 7 pieces of substantial new guidance, including 3 short guides for children on their data protection rights, and updated 11 pieces of existing guidance.

Some interesting case studies . See pages 64-89