The Data Protection Commission (DPC) released its 2023 Annual Report on 29 May 2024, showcasing a landmark year in data protection enforcement and regulation. The report highlights the DPC’s commitment to upholding personal data rights and compliance with the General Data Protection Regulation (GDPR).
Significant Enforcement Actions
The DPC issued 19 final decisions in 2023, resulting in administrative fines totaling €1.55 billion. Key cases included:
- Meta Platforms Ireland Limited: In May 2023, the DPC fined Meta €1.2 billion for GDPR violations related to data transfers from the EU to the US and ordered compliance adjustments.
- TikTok Technology Limited: In September 2023, TikTok was fined €345 million for improper processing of children’s data, alongside corrective orders.
- Bank of Ireland: In February 2023, a €750,000 fine was imposed for data breaches on the Bank of Ireland 365 app.
- Centric Health: A €460,000 fine was issued following a ransomware attack affecting over 70,000 patients’ data.
Case Statistics and Trends
The DPC saw a 20% increase in new cases, receiving 11,200, with 2,600 progressing to formal complaints. The DPC concluded 11,147 cases, including 3,218 formal complaints. It handled 6,991 valid data breach notifications, marking another 20% rise from 2022, with 92% resolved by year-end.
Legislative Contributions and Guidance
The DPC contributed to 37 legislative proposals, including input on the Circular Economy and Miscellaneous Provisions Act 2022, providing a legal basis for local authorities to use recording devices for waste management enforcement.
International and Cross-Border Activities
As the EU’s Lead Supervisory Authority for several major companies, the DPC managed 89 statutory inquiries, including 51 cross-border inquiries. Notably, it achieved 87% of all GDPR enforcement fines across the EU. The DPC also postponed or revised four significant internet platform projects due to data protection concerns.
Key Insights and Observations
The DPC’s report emphasizes the critical role of Data Protection Officers (DPOs) in ensuring compliance across various sectors. In 2023, the DPC concluded 237 electronic direct marketing investigations and prosecuted four companies for unsolicited marketing communications, resulting in €2,000 in fines.
However, It didn’t take long until the Irish Council of Civil Leadership pointed out that the report “highlights problems in Big Tech enforcement up to end of 2023”.
👉 Find the Report here.
♻️ Share this if you found it useful.
💥 Follow me on Linkedin for updates and discussions on privacy education.
📍 Subscribe to my newsletter for weekly updates and insights – subscribers get an integrated view of the week and more information than on the blog.
