Data Breaches and complaints up over 70% - key findings of DPC Annual ReportFriday, 21 February 2020
- The DPC recorded a total of 7,215 complaints in 2019, a 75% increase on 2018. A large percentage of these complaints fell into the categories of Access Request, Disclosure and Fair Processing.
- A total of 6,069 valid data breaches were received over the course of 2019, representing a 71% increase on 2018. Unauthorised disclosures represent the highest classification of notified breaches across all sectors, representing 83% of all breaches.
- The DPC is working on 70 statutory inquiries, including 21 relating to multinational technology companies. One such inquiry is into Facebook their compliance with the right of access and into the lawful basis for processing in their Terms of Service and Data Policy.
- The DPC detailed its findings in respect of its investigation into the processing of personal data carried by the Department of Employment Affairs and Social Protection in relation to the Public Services Card in 2019. In its findings there was a focus on the legal basis on which personal data is processed and whether there was sufficient transparency when providing this information to data subjects.
- A wide-ranging consultation was carried out by the DPC of the processing of children's personal data and of the rights of children as data subjects under GDPR. The feedback provided reflected the need for greater simplicity, accessibility and transparency in how children’s personal data is processed. It also highlighted the need for age verification gates on digital platforms.
- The DPC received 712 Data Protection Officer notifications through a new online web-form on the DPC website.
The DPC has identified emerging trends and topics of interest from 2019 including the use of CCTV, exam information and HR/employment disputes. The DPC has also committed to the publishing of guidance on children's data protection rights and the processing of children’s data, with a child-friendly guide for children on their rights and risks. In addition, the DPC is expected to publish guidance on cookies and other technologies which will take account of the judgments in Planet49 and Fashion ID.
Further developments on the Public Services Card dispute which is currently before the courts, ongoing statutory inquiries into tech companies and possible fines, and guidance on the processing of children’s data are keenly awaited in 2020.