Data Protection Commissioner

Data Protection Commissioner
Data Protection Commissioner
	Incumbent; Helen Dixon
	Office of the Data Protection Commissioner
Status	Independent Regulator
Formation	1989
Website	Official website

The Office of the Data Protection Commissioner (Irish: An Coimisinéir Cosanta Sonraí) (DPC), also known as Data Protection Commission,[1] is the independent national authority responsible for upholding the EU fundamental right of individuals to data privacy through the enforcement and monitoring of compliance with data protection legislation in Ireland. It was established in 1989.

Role and operations

The independent role and powers of the Data Protection Commissioner are as set out in legislation in the Data Protection Acts 1988 and 2003. These Acts transpose the Council of Europe 1981 Data Protection Convention (Convention 108)[2] and the 1995 EU Data Protection Directive (Directive 95/46/EC). However, the latter was then replaced by the EU General Data Protection Regulation (GDPR), which is directly applicable upon Members States such as Ireland.

Investigation of complaints

Complaints received from individuals who feel that their personal information is not being treated in accordance with the data protection law are investigated under section 10 of the Data Protection Acts. It is the statutory obligation of the Office to seek to amicably resolve complaints in the first instance. Where an amicable resolution cannot be achieved, the Commissioner may make a decision on whether, in her opinion, there has been a breach of the law. If the complainant or the data controller disagrees with the Commissioner's finding, they have the right to appeal the decision to the Circuit Court. The DPC's main priority, if a complaint is upheld, is that the data controller complies with the law and puts right the matter concerned. If an organization does not voluntarily cooperate with an investigation, the DPC has powers of compulsion to require such cooperation.

In 2015, the Office received 932 complaints that were opened for investigation.[3] Investigations into 1,015 complaints were concluded.

In 2021, NOYB (None Of Your Business), an Austrian NGO founded by Max Schrems, filed a complaint against the DPC for corruption under Austrian law after the DPC demanded that the group sign a non-disclosure agreement in order to continue with their long-running complaint against Facebook. NOYB argued that the DPC could not demand favourable media coverage as the price of using its services.[4][5][6]

Audits

Section 10 (1A) of the Acts provides that "the Commissioner may carry out or cause to be carried out such investigations as he or she considers appropriate in order to ensure compliance with the provisions of this Act and to identify any contravention thereof." These investigations often take the form of audits of selected organizations. The aim of an audit is to identify any issues of concern about the way the organization under scrutiny manages personal data.

In 2015, the DPC carried out 51 audits and inspections of organizations in the public and private sectors.[3]

Enforcement

Offences under the Electronic Communications Regulations

All breaches of the Privacy and Electronic Communications (EC Directive) Regulations 2003 for which the Office of the Data Protection Commissioner has responsibility are offences. The offences relate primarily to the sending of unsolicited marketing communications by electronic means. The offences are punishable by fines - up to €5,000 for each unsolicited message on summary conviction and up to €250,000 on conviction on indictment. The Office of the Data Protection Commissioner may bring summary proceedings for an offence under the Regulations.

Enforcement responsibility is shared with the Commission for Communications Regulation (ComReg).

References

"Who we are". Data Protection Commission. Retrieved 3 May 2021.
"Modernisation of the Data Protection "Convention 108"". www.coe.int. Retrieved 9 December 2021.
Dixon, Helen (21 June 2016). "Data Protection Commissioner publishes Annual Report 2015". Ireland: Data Protection Commissioner. Archived from the original on 7 November 2016. Retrieved 5 July 2019.
"Facebook's lead EU privacy watchdog accused of corruption". TechCrunch. Retrieved 3 January 2022.
"Irish DPC removes noyb from GDPR procedure - Criminal report filed". noyb.eu. Retrieved 3 January 2022.
"First noyb "Advent Reading" from Facebook/DPC Documents". noyb.eu. Retrieved 3 January 2022.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] "Who we are". Data Protection Commission. Retrieved 3 May 2021.

[2] "Modernisation of the Data Protection "Convention 108"". www.coe.int. Retrieved 9 December 2021.

[:0-3] Dixon, Helen (21 June 2016). "Data Protection Commissioner publishes Annual Report 2015". Ireland: Data Protection Commissioner. Archived from the original on 7 November 2016. Retrieved 5 July 2019.

[4] "Facebook's lead EU privacy watchdog accused of corruption". TechCrunch. Retrieved 3 January 2022.

[5] "Irish DPC removes noyb from GDPR procedure - Criminal report filed". noyb.eu. Retrieved 3 January 2022.

[6] "First noyb "Advent Reading" from Facebook/DPC Documents". noyb.eu. Retrieved 3 January 2022.

Privacy
Principles	Expectation of privacy Right to privacy Right to be forgotten Post-mortem privacy
Privacy laws	Australia Canada China Denmark England European Union Germany Ghana New Zealand Russia Singapore Switzerland United States California, amended in 2020
Data protection authorities	Australia Denmark European Union France Germany Ireland Isle of Man Norway Philippines Poland Spain Sweden Switzerland Turkey Thailand United Kingdom
Areas	Consumer Medical Workplace
Information privacy	Law Financial Internet Personal data Personal identifier Privacy-enhancing technologies Social networking services Privacy engineering Secret ballot
Advocacy organizations	American Civil Liberties Union Center for Democracy and Technology Computer Professionals for Social Responsibility Future of Privacy Forum Electronic Privacy Information Center Electronic Frontier Foundation European Digital Rights Global Network Initiative International Association of Privacy Professionals NOYB Privacy International
See also	Anonymity Carding Cellphone surveillance Cyberstalking Data security Eavesdropping Global surveillance Electronic harassment Mass surveillance Privacy engineering Telephone tapping Human rights Identity theft Panopticon Personality rights Search warrant
Category

Authority control
General	VIAF 1 2 WorldCat
National libraries	Spain Germany United States