Bank of Ireland Group plc March 2022

Document

Cited authorities 11

Cited in

Year	2022
Date	14 March 2022
Section	Decisions made under data protection act 2018

In the matter of the General Data Protection Regulation and the Data Protection Act 2018

DPC Case Reference: IN-19-9-5

In the matter of Bank of Ireland

Decision of the Data Protection Commission made pursuant to Section 111 of the Data

Protection Act 2018

Further to an own-volition inquiry commenced pursuant to Section 110 of the Data Protection

Act 2018

DECISION

Decision-Maker for the Data Protection Commission:

Helen Dixon

Commissioner for Data Protection

14 March 2022

Contents

1. Introduction ........................................................................................................................... 3

2. Legal Framework for the Inquiry and the Decision ............................................................... 3

i. Legal Basis for the Inquiry ................................................................................................... 3

ii. Legal Basis for the Decision ................................................................................................ 3

3. Findings of Fact ...................................................................................................................... 4

4. Scope of the Inquiry ............................................................................................................... 5

5. Issues for Determination ....................................................................................................... 5

6. Preliminary Issue: Article 4(12) of the GDPR ......................................................................... 5

7. Issue 1: Article 33 of the GDPR ............................................................................................ 17

8. Issue 2: Article 34 of the GDPR ............................................................................................ 26

9. Issue 3: Article 32 of the GDPR ............................................................................................ 39

10. Decision on Corrective Powers .......................................................................................... 46

A. Reprimand ........................................................................................................................ 46

B. Order ................................................................................................................................ 48

C. Administrative Fine .......................................................................................................... 49

i. Decision to Impose Administrative Fines .......................................................................... 57

ii. Total Value of the Administrative Fine ............................................................................. 60

11. Right of Appeal ................................................................................................................... 61

Appendix: Schedule of Materials Considered for the Purposes of this Decision .................... 63

1. Introduction

1.1 This document is a decision (the “Decision” or the “Final Decision”) made by the Data

Protection Commission (the “DPC”) in accordance with section 111 of the Data

Protection Act 2018 (the “2018 Act”). I make this Decision having considered the

information obtained in the separate own volition Inquiry (the “Inquiry”) conducted

by authorised officers of the DPC pursuant to section 110 of the 2018 Act (the “Case

Officers”). The Case Officers provided Bank of Ireland Group plc (“BOI”, the “data

controller” or the “controller”) with the Draft Inquiry Report and the Final Inquiry

Report.

1.2 BOI was provided with the draft decision in this Inquiry on 12 January 2022 (the “Draft

Decision”) to provide it with a final opportunity to make submissions. This Decision is

being provided to BOI pursuant to Section 116(1)(a) of the 2018 Act in order to give

BOI notice of the Decision, the reasons for it, and the corrective powers that I have

decided to exercise.

1.3 This Decision contains corrective powers under section 115 of the 2018 Act and Article

58(2) of the General Data Protection Regulation (Regulation (EU) 2016/679) (the

“GDPR”) arising from the infringements that have been identified herein. In this

regard, BOI is required to comply with these corrective powers and it is open to this

office to serve an enforcement notice on BOI in accordance with section 133 of the

2018 Act.

2. Legal Framework for the Inquiry and the Decision

i. Legal Basis for the Inquiry

2.1 The GDPR is the legal regime covering the processing of personal data in the European

Union. As a regulation, the GDPR is directly applicable in EU member states. The 2018

Act gives the GDPR further effect in Irish law. As stated above, the DPC commenced

the Inquiry pursuant to section 110 of the 2018 Act. By way of background in this

regard, under Part 6 of the 2018 Act, the DPC has the power to commence an Inquiry

on several bases, including on foot of a complaint, or of its own volition.

2.2 Section 110(1) of the 2018 Act provides that the DPC may, for the purpose of section

109(5)(e) or section 113(2) of the 2018 Act, or of its own volition, cause such Inquiry

as it thinks fit to be conducted, in order to ascertain whether an infringement has

occurred or is occurring of the GDPR or a provision of the 2018 Act, or regulation

under the Act that gives further effect to the GDPR. Section 110(2) of the 2018 Act

provides that the DPC may, for the purposes of section 110(1), where it considers it

appropriate to do so, cause any of its powers under Chapter 4 of Part 6 of the 2018 Act

(excluding section 135 of the 2018 Act) to be exercised and / or cause an investigation

under Chapter 5 of Part 6 of the 2018 Act to be carried out.

ii. Legal Basis for the Decision

2.1 The decision-making process for this Inquiry is provided for under section 111 of the

2018 Act, and requires that the DPC must consider the information obtained during the

Inquiry; to decide whether an infringement is occurring or has occurred; and if so, to

To continue reading

Request your trial

Subscribers can access the reported version of this case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the cited cases and legislation of a document.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a list of all the documents that have cited the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the revised versions of legislation with amendments.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see any amendments made to the case.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see a visualisation of a case and its relationships to other cases. An alternative to lists of cases, the Precedent Map makes it easier to establish which ones may be of most relevance to your research and prioritise further reading. You also get a useful overview of how the case was received.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Subscribers are able to see the list of results connected to your document through the topics and citations Vincent found.

You can sign up for a trial and make the most of our service including these benefits.

Request your trial

Why Sign-up to vLex?

Over 100 Countries

Search over 120 million documents from over 100 countries including primary and secondary collections of legislation, case law, regulations, practical law, news, forms and contracts, books, journals, and more.
Thousands of Data Sources

Updated daily, vLex brings together legal information from over 750 publishing partners, providing access to over 2,500 legal and news sources from the world’s leading publishers.
Find What You Need, Quickly

Advanced A.I. technology developed exclusively by vLex editorially enriches legal information to make it accessible, with instant translation into 14 languages for enhanced discoverability and comparative research.
Over 2 million registered users

Founded over 20 years ago, vLex provides a first-class and comprehensive service for lawyers, law firms, government departments, and law schools around the world.

Bank of Ireland Group plc March 2022

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users

You can sign up for a trial and make the most of our service including these benefits.

Why Sign-up to vLex?

Over 100 Countries

Thousands of Data Sources

Find What You Need, Quickly

Over 2 million registered users