It may be the last such report produced before the Office of the Data Protection Commissioner ("ODPC") evolves into the Data Protection Commission, but Helen Dixon's fourth Annual Report on the activities of the office during 2017 (the "Report") is certainly of no less significance. In fact, the Report gives us a useful insight into the ever-increasing public awareness of the importance of data protection and, consequently, provides a not-so-subtle hint as to the expanded and central role that the Data Protection Commission will play in European data protection in a post-GDPR society.
Generating media headlines in the immediate aftermath of the Report's publication were the figures on the increase in complaints to the ODPC last year, which rose by almost 80% on the previous year. However, these figures, whilst revealing, are not the only interesting element of the Report; much more of its contents should be examined in order to draw conclusions on the current status of data protection in Ireland.
Queries and Complaints to the ODPC
Firstly, however, to those complaints. The Report states that there were 2,642 complaints lodged with the ODPC last year, up from 1,479 in 2016. As has been the case in previous years, complaints about denied access to records made up the majority of these referrals, 1,372 (52%) in total.
Type of Complaint
Number of Complaints
Unfair processing of data
Direct electronic marketing
Use of CCTV footage
Failure to secure data
Internet search-result delisting
Right of rectification
Postal direct marketing
The Report also describes a commendable level of matter completion within the ODPC, with 2,594 of those 2,642 complaints reaching a conclusion. Also to be noted, however, are the reasons why complaints were not resolved in favour of the complainant: such unsuccessful complaints often, according to the Report, derived from issues emanating from the effects of the financial crash (transfer of loan books, receiverships, etc.) This demonstrated that the data subject's grievance in these matters often related to the underlying action itself rather than data protection issues.
A record number of data breaches were also notified to the ODPC, with 2,973 reported by organisations and members of the public. This represents a 26% increase on the previous year...