A Collection is a selection of features, articles, comments and opinions on any given theme or topic. It allows you to stay up‑to‑date with what interests you most.
Login here to access your saved articles and followed authors.
We have sent you an email so you can reset your password.
Sorry, we had a problem.
Tags related to this article
Published 22 junio 2017
The Office of the Data Protection Commissioner ("ODPC") recently released its 2016 Annual Report in which it described 2016 as an "Olympic year" for the field of data protection law.
2016 saw a number of significant developments in the data protection sphere in Ireland and internationally, most notably, the enactment of the General Data Protection Regulation ("GDPR") (which comes into effect in May 2018); the introduction of the Privacy Shield, following the strike down of the Safe Harbor principles in late 2015; and the ODPC seeking a reference to the Court of Justice of the European Union ("CJEU") in respect of standard contractual clauses (model clauses) in the Schrems case (for a summary of this case, see our previous articles here and here).
Last year saw the continued expansion of the ODPC with staff numbers having more than trebled in the four years since 2013. The increased capacity of the ODPC in 2016 resulted in it being in a position to establish a Multinationals and Technology team (to co-ordinate the ODPC's regulatory activities for multinationals in Ireland) and to co-ordinate the first full year of operation of the Special Investigations Unit (tasked with carrying out investigations into potential data protection breaches on its own initiative, as distinct from the complaints-based model the ODPC had heretofore followed).
As internet companies continued to grow and expand across Europe in 2016, this growth inevitably brought with it a number of high profile data security breaches. Most notably, the large scale data breach reported by Yahoo! Inc ("Yahoo") (which has its European headquarters in Ireland) in Autumn of last year. This saw 500 million Yahoo user accounts being breached and a large number of customer email accounts being scanned by Yahoo for specific information requested by US intelligence officials.
In light of the continued growth in the technology company sector and the increased focus on large scale data breaches, the ODPC commended in its Report the proposed Digital Clearing House. This has been proposed by the European Data Protection Supervisor, to bring together data protection, consumer and competition authorities to look at ways in which cooperation between them could lead to web-based service providers being more accountable for their conduct.
The Annual Report notes a number of trends in the field of data protection reporting. For example, complaints made to the ODPC in 2016 increased by approximately 30% from 2015, with the majority of complaints being in respect of data access requests. The ODPC also received a large number of complaints in relation to the disclosure of personal data and the unfair processing of personal data. The Report states that the majority of complaints were amicably resolved.
Interestingly, the Report states that nine entities were prosecuted for electronic marketing offences in 2016 and that consultation queries rose significantly in 2016, with the ODPC holding over 100 face-to-face meetings with public and private sector companies. This increase in engagement by companies with the ODPC is encouraging, however, the ODPC emphasised the point that data protection rights cannot simply be "legislated away" to an independent regulator.
In conclusion, the Report states that the ODPC's work in the next 12 months will be focussed on the GDPR, both from the perspective of preparing itself, as a data protection authority, for the GDPR's implementation and assisting public and private bodies to become GDPR-ready. Additionally, the ODPC reaffirms its commitment to promoting and building awareness of data protection rights and obligations into 2017 and beyond.
To the extent that organisations handle data in Ireland, organisations should review the ODPC’s report to identify key areas of concern to the Irish DPO.
For a copy of the ODPC's 2016 Annual Report, click here.
London - Walbrook
+44 (0)20 7894 6577
Sally Roff, Stefan Desbordes
David Williams, Peter Allchorne, Barrie Hall
Clare Hughes-Williams, Catrin Davies, Naomi Park, Sophie Ruffles
Emma Fuller, Jade Batstone, Daniel Miller
Sally Roff, Chris Baranowski
Charlotte Le Maire
Andrés Amunátegui Echeverría, Sascha Stullenberg
Peter Allchorne, David Williams
Richard Highley, Julian Bubb Humfryes
Mark Roach, Rebecca Austin
David Williams, David Johnson
Sara May, Mark Ashley, Liam Riley