On 7th March 2023, the Irish Data Protection Commission (‘DPC’) published its annual report for 2022, which includes details of regulatory activity including inquiries and fines imposed during the year.
The DPC reported that it received a total of 2,700 complaints last year over alleged infringements of the GDPR. Of these complaints, the majority concerned Access Requests (accounting for a considerable 42%) with the remaining relating to Fair Processing, the Right to Erasure, Direct Marketing and Disclosure. As well as this, most breach notifications came from the private sector, ahead of the public sector and voluntary and charity sector. Nevertheless, the DPC observed that the number of valid GDPR breaches in 2022 (5,695) decreased by 13% when compared to the same figure for 2021.
More than €1 billion in punitive fines were imposed on companies and administrative fines of up to €17 million were confirmed before the Dublin Circuit Court. Amongst the recipients of these fines were multinationals, such as Meta, TikTok and Twitter.
125 cross-border complaints were received in 2022 and amongst the 17 large scale inquiries conducted by the DPC last year, many of these were cross-border. Whilst successful international investigation is very much dependent on the co-operation of regulatory authorities from other jurisdictions, as well as the interpretation of relevant EU law, this ability should only serve to enhance the DPC.
About the author: Ciarán Leavy, Partner, Commercial Litigation.
Search site
Contact our office
Make an enquiry
