Helen Dixon is stepping down from her DPC role in February

15 Nov 2023

Ireland's data protection commissioner Helen Dixon in 2019. Image: Stuart Isett/Fortune Global Forum/Flickr (CC BY-NC-ND 2.0)

Dixon has led Ireland’s DPC since 2014 and has helped it grow into the EU’s lead regulator for GDPR enforcement, thought the regulator has been criticised in the past.

Helen Dixon, Ireland’s data protection commissioner, has confirmed that she is stepping down from the role on 19 February next year, as her term in the role draws to a close.

Dixon has been leading Ireland’s Data Protection Commission (DPC) since September 2014. The regulator has had a key role in enforcing GDPR in Europe when it came into force in 2018.

Dixon said the regulator has played a “pivotal role” in ensuring organisations were prepared for their obligations and that the public had a “renewed understanding” of the risks and rights relating to their personal data.

“I look back with great satisfaction at what the Data Protection Commission has achieved over the last nine and a half years,” Dixon said. “I have had the opportunity to transform the DPC from a small regionally-based office of 27 staff into an independent regulatory body today with [more than] 215 committed experts, headquartered in Dublin and internationally recognised for the quality of its staff and work.”

“I am grateful to the many individuals who entrusted their complaints to me and the DPC for handling. Whatever the outcome, I have always given my best efforts. Equally, I am grateful to the many stakeholders who have engaged so constructively with me and my team over the last number of years.”

GDPR enforcement

As many major tech players have their headquarters in Ireland, the DPC has taken the lead in some of the biggest EU investigations against Big Tech companies over the years.

The regulator has also been responsible for various fines issued to these companies. For example, the DPC was responsible for more than €1bn in GDPR fines issued last year out of a European total of €1.64bn, according to a report by global law firm DLA Piper.

Last year’s highest GDPR fine was imposed in November when the Irish DPC slammed Meta with a €405m fine for violations relating to children’s privacy on Instagram.

In May of this year, the DPC slammed Meta with a €1.2bn fine for its Facebook data transfers between the EU and the US, which is the largest GDPR fine issued to date.

But despite the number of fines and investigations, the DPC has been criticised over the years, with accusations of having “torturous” procedures and being a “bottleneck of GDPR investigation and enforcement”.

Speaking at the European Parliament in May, German Free Democratic Party MEP Moritz Körner criticised the length of a TikTok investigation, as he claimed he first raised concerns about the app in 2019. That investigation concluded in September 2023.

Meanwhile, the record fine issued to Meta was one that the Irish watchdog disagreed with. The European Data Protection Board stepped in to ensure the final decision included the record fine.

Dixon has spoken back against these criticism in the past and said no other data protection authority concludes as many large-scale, cross-border inquiries as the DPC. She also said claims that the watchdog is “routinely overturned” by its peers are “misplaced”.

The DPC is currently expanding as it continues to deal with a massive GDPR workload. Last month, it advertised for two new commissioners to join the team.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Ireland’s Data Protection Commissioner Helen Dixon in 2019. Image: Stuart Isett/Fortune Global Forum via Flickr (CC BY-NC-ND 2.0)

Leigh Mc Gowran is a journalist with Silicon Republic