Ireland's new Data Protection Commissioner (the "DPC"), Helen Dixon, has issued her first annual report (the "2014 Report"). What do you and your business need to know about the DPC's annual report? We look at five headline issues, including the DPC's cooperation with global regulators, plans for upcoming audits and the expansion of the DPC's staff and budget.
The DPC goes global
In 2014, the DPC actively engaged with her fellow EU data protection authorities ("DPAs"), as well as with DPAs from around the globe. These included Canadian, Australian and US authorities, with whom the DPC cooperated in relation to a global security breach. In the 2014 Report, the DPC has underlined the importance of the memoranda of understanding with these global DPAs, noting the efficiencies resulting from these arrangements. Given the growing cluster of US tech companies in Ireland, the DPC is aiming towards greater international cooperation and consultation. Indeed, one of Ms Dixon's stated goals for 2015 is "to improve international cooperation ... in particular with [her] Article 29 'Working Party' counterparts".
The DPC's Office has traditionally carried out substantial audits of multinational technology companies. Ms Dixon's predecessor, Billy Hawkes, led two of the Office's largest and most detailed audits - those of Facebook Ireland and LinkedIn Ireland. Given the dedicated resources required for large-scale audits of multinational tech companies, the DPC has stated that a "scope-and-risk" based approach will be taken for upcoming audits. As a result, audits may focus only on particular areas of concern, rather than being organisation-wide reviews. This appears to have arisen from the constraints in dedicating staff to audit functions, alongside maintaining the Office's day-to-day functions.
Continued 'hands on' approach
The 2014 Report details the extensive consultation and interaction that the DPC had with companies and organisations during 2014, particularly in the tech sector. The DPC acknowledges her position as "lead" regulator for the many multinational tech companies having headquarters or a significant presence in Ireland. Details of the DPC's interactions...