Over €1 billion in fines imposed by data protection watchdog last year
Ireland’s Data Protection Commission (DPC) imposed punitive fines of over €1 billion last year, more than two-thirds of all fines issued across the European Union.
The watchdog’s 2022 annual report also details multiple reprimands and/or compliance orders supervised and enforced following the conclusion of 13 large-scale inquiries; 10,008 individual cases resolved; four successful prosecutions under the ePrivacy legislation in respect of two companies; observations in relation to 30 pieces of new legislation provided to government and the Oireachtas; and contributions to over 300 European Data Protection Board meetings.
At the end of 2022, four DPC draft decisions in large-scale inquiries were in the EU co-decision-making process and one was in the EU dispute resolution mechanism. Additionally, nine large-scale inquiries had been progressed to the point where submissions on a draft decision, statement of issues or inquiry report were invited from the relevant parties.
Helen Dixon, the commissioner for data protection, said: “2022 was a year that saw significant outputs from the DPC in its efforts to drive GDPR compliance and protect the rights of those in Ireland and across the EU.
“While the DPC encourages and guides organisations in achieving highest standards of protection in their processing of personal data, the DPC has also demonstrated it does not shy away from enforcing the law and applying sanctions where warranted.
“Two-thirds of the fines issued across Europe last year, including the EU, EEA and UK, were issued by the DPC on foot of detailed and comprehensive investigations, a fact that underlines both the outsized role, and exceptional performance, of the organisation in effectively holding those guilty of non-compliance to account.”