Irish DPC issued €1.55bn in fines last year amid rising cases

29 May 2024

Image: © luzitanija/Stock.adobe.com

Co-commissioner Dr Des Hogan said that the DPC is seen as a ‘respected and outward looking regulator’ thanks to the leadership of former commissioner Helen Dixon.

The Irish Data Protection Commission (DPC) handed out fines amounting to more than €1.55bn last year amid a significant rise in the number of cases the watchdog dealt with.

In its 2023 annual report published today (29 May), the DPC said it received 11,200 new cases from individuals last year – representing a 20pc increase over 2022. Of these, it said it has resolved all but 53 cases.

The fines figure is largely thanks to just two cases: a €1.2bn fine on Meta Ireland in a GDPR case relating to Facebook data transfers from the EU to the US, and a €345m fine on TikTok in a case relating to the processing of personal data of children on their app. The former is the biggest GDPR fine ever issued, trumping the €746m fine issued to Amazon in 2021.

The DPC has issued multiple GDPR fines to Meta and its platforms over the years. In 2022, the Irish data authority fined Instagram €405m for violating children’s privacy, including its publication of kids’ email addresses and phone numbers in some cases. In 2021, the DPC fined WhatsApp €225m for GDPR breaches.

Earlier this month, an appeal made by Meta against a €265m fine was adjourned by the High Court until a related case is resolved in the EU courts. The fine in question was imposed by the DPC on Meta in November 2022 following a massive data breach that affected more than 500m Facebook users.

In its latest report, the DPC said it received 156 valid cross-border complaints as an EU/EEA lead supervisory authority. More than 82pc of those complaints received since 2018 have been concluded, the watchdog reported.

A busy year for data protection

The report comes after former Data Protection Commissioner Helen Dixon stepped down from her role in February. Dr Des Hogan and Dale Sunderland were announced as her joint replacements, while Hogan was also made DPC chair.

Meanwhile, Dixon took on a new job as commissioner at Ireland’s communications regulator, ComReg.

Hogan expressed his “deep gratitude” to Dixon for her decade-long stewardship of the DPC.

“Thanks to her leadership, and the commitment and tireless work of the DPC’s staff, we find ourselves taking over a respected and outward looking regulator; one with the values of vindicating the rights of the individual through fair and proportionate regulation,” he said.

Sunderland said as part of the launch of the report that 2023 was a “busy year” in personal data rights protection.

“The year saw a significant increase in complaints dealt with by the Data Protection Commission with record fines issued and corrective orders imposed following cross-border and national inquiries. Throughout 2023, the DPC sought to uphold the individual’s right to the protection of their personal data,” Sunderland said.

“This critical work was greatly supported by Data Protection officers and data protection staff and teams in organisations across the public, private and voluntary sectors who play a critical role in championing data protection rights, acting as a critical friend to those organisations by keeping the compliance conversation front and centre.”

Find out how emerging tech trends are transforming tomorrow with our new podcast, Future Human: The Series. Listen now on Spotify, on Apple or wherever you get your podcasts.

Vish Gain is a journalist with Silicon Republic

editorial@siliconrepublic.com