Data Protection Commissioner

Irish Supervisory Authority announces decision in Facebook “Data Scraping” inquiry

Retrieved on: 
Thursday, December 1, 2022

- Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).

Key Points: 
  • - Legal Reference: GDPR obligation for Data Protection by Design and Default (Article 25 GDPR).
  • Summary of the Decision
    Origin of the case
    The Irish Supervisory Authority, SA commenced this inquiry on 14 April 2021, on foot of media reports into the discovery of a collated dataset of Facebook personal data that had been made available on the internet.
  • The material issues in this inquiry concerned questions of compliance with the GDPR obligation for Data Protection by Design and Default.
  • For further information: Data Protection Commission announces decision in Facebook Data Scraping inquiry

Yes Consumer Solutions Ltd

Retrieved on: 
Monday, August 2, 2021

Yes Consumer Solutions Ltd have been issued with an enforcement notice for a contravention of Regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Key Points: 

Yes Consumer Solutions Ltd have been issued with an enforcement notice for a contravention of Regulation 21 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

EU data protection authorities adopt joint opinion on the Digital Green Certificate Proposals

Retrieved on: 
Tuesday, May 4, 2021

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.

Key Points: 
  • The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.
  • With this Joint Opinion, the EDPB and the EDPS invite the co-legislators to ensure that the Digital Green Certificate is fully in line with EU personal data protection legislation.
  • The data protection commissioners from all EU and European Economic Area countries highlight the need to mitigate the risks to fundamental rights of EU citizens and residents that may result from issuing the Digital Green Certificate, including its possible unintended secondary uses.
  • Andrea Jelinek, Chair of the EDPB, said: "A Digital Green Certificate that is accepted in all Member States can be a major step forward in re-starting travel across the EU.

EU data protection authorities adopt joint opinion  on the Digital Green Certificate Proposals

Retrieved on: 
Tuesday, April 6, 2021

The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.

Key Points: 
  • The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) adopted a joint opinion on the Proposals for a Digital Green Certificate.
  • With this Joint Opinion, the EDPB and the EDPS invite the co-legislators to ensure that the Digital Green Certificate is fully in line with EU personal data protection legislation.
  • The data protection commissioners from all EU and European Economic Area countries highlight the need to mitigate the risks to fundamental rights of EU citizens and residents that may result from issuing the Digital Green Certificate, including its possible unintended secondary uses.
  • Andrea Jelinek, Chair of the EDPB, said: "A Digital Green Certificate that is accepted in all Member States can be a major step forward in re-starting travel across the EU.

Decision Technologies Limited

Retrieved on: 
Thursday, July 2, 2020

Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Key Points: 

Price comparison and technology company fined £90,000 for a contravention of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003.

FER0793114

Retrieved on: 
Tuesday, April 23, 2019

The complainant has requested information with regards to volume increases to proposed extensions and erections of dwellings. Bury Council (the council) provided a response. The complainant complained to the Commissioner that no internal review has been carried out after it was requested. The Commissioner’s decision is that the council has breached regulation 11(4) of the FOIA as it has not carried out an internal review, which requires one to be completed within 40 working days following receipt of an internal review request. The Commissioner requires the public authority to take the following steps to ensure compliance with the legislation. Conduct an internal review to the complainant’s request as required by regulation 11 of the EIR. The public authority must take these steps within 35 calendar days of the date of this decision notice. Failure to comply may result in the Commissioner making written certification of this fact to the High Court pursuant to section 54 of the Act and may be dealt with as a contempt of court.

Key Points: 
  • The complainant complained to the Commissioner that no internal review has been carried out after it was requested.
  • The Commissioner requires the public authority to take the following steps to ensure compliance with the legislation.
  • Conduct an internal review to the complainants request as required by regulation 11 of the EIR.
  • The public authority must take these steps within 35 calendar days of the date of this decision notice.

IDPC - Lands Authority Personal Data Breach

Retrieved on: 
Wednesday, February 20, 2019

The Commissioner has today issued his decision to the Lands Authority after concluding the investigation of the data breach, that was brought to his attention by the Times of Malta on 23rd November 2018.

Key Points: 
  • The Commissioner has today issued his decision to the Lands Authority after concluding the investigation of the data breach, that was brought to his attention by the Times of Malta on 23rd November 2018.
  • The findings of the investigation established that the online application platform available on the Authoritys portal lacked the necessary technical and organisational measures to ensure the security of processing.
  • The Lands Authority was found to have infringed the provisions of Article 32 of the General Data Protection Regulation (GDPR) and, in terms of Article 21 of the Data Protection Act (CAP.
  • The Lands Authority offered their full and unrestricted collaboration to the Commissioner during the course of the entire investigation.

FER0752769

Retrieved on: 
Friday, February 1, 2019

The complainant requested information held by Warwick District Council (the council) relating to planning enforcement action taken in respect of a particular property. The council withheld the information requested in its entirety under regulation 13 of the EIR. The Commissioner’s decision is that the council correctly withheld personal information under regulation 13(1) but as it issued a late internal review response it was in breach of regulation 11(4). The Commissioner does not require the council to take any steps.

Key Points: 
  • The complainant requested information held by Warwick District Council (the council) relating to planning enforcement action taken in respect of a particular property.
  • The council withheld the information requested in its entirety under regulation 13 of the EIR.
  • The Commissioners decision is that the council correctly withheld personal information under regulation 13(1) but as it issued a late internal review response it was in breach of regulation 11(4).
  • The Commissioner does not require the council to take any steps.

Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day

Retrieved on: 
Friday, January 25, 2019

This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018.

Key Points: 
  • This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018.
  • We are proud to have the strongest and most modern data protection rules in the world, which are becoming a global standard.
  • The Data Protection Authorities are also enforcing the new rules and better coordinating their actions in the European Data Protection Board.
  • For More Information

    Infographic GDPR in numbers

    Myth busting factsheet

    Online tool

    Commission guidance

    Seven steps for businesses to get ready for the General Data Protection Regulation

    Call for proposal for Data Protection Authorities

    Commission Guidance on the application of Union data protection law in the electoral context

Joint Statement by First Vice-President Timmermans, Vice-President Ansip, Commissioners Jourová and Gabriel ahead of Data Protection Day

Retrieved on: 
Friday, January 25, 2019

This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018.

Key Points: 
  • This year Data Protection Day comes eight months after the entry into application of the General Data Protection Regulation on 25 May 2018.
  • We are proud to have the strongest and most modern data protection rules in the world, which are becoming a global standard.
  • The Data Protection Authorities are also enforcing the new rules and better coordinating their actions in the European Data Protection Board.
  • For More Information

    Infographic GDPR in numbers

    Myth busting factsheet

    Online tool

    Commission guidance

    Seven steps for businesses to get ready for the General Data Protection Regulation

    Call for proposal for Data Protection Authorities

    Commission Guidance on the application of Union data protection law in the electoral context