Skip to content
Lavelle Partners Image
The Data Protection Commission’s 2022 Annual Report
News, Litigation & Dispute Resolution

The Data Protection Commission’s 2022 Annual Report

Published on 30 Mar 2023

Share This post

On 7th March 2023, the Irish Data Protection Commission (‘DPC’) published its annual report for 2022, which includes details of regulatory activity including inquiries and fines imposed during the year.

General Data Protection Regulation (GDPR)

The DPC reported that it received a total of 2,700 complaints last year over alleged infringements of the GDPR. Of these complaints, the majority concerned Access Requests (accounting for a considerable 42%) with the remaining relating to Fair Processing, the Right to Erasure, Direct Marketing and Disclosure. As well as this, most breach notifications came from the private sector, ahead of the public sector and voluntary and charity sector. Nevertheless, the DPC observed that the number of valid GDPR breaches in 2022 (5,695) decreased by 13% when compared to the same figure for 2021.

Fines

More than €1 billion in punitive fines were imposed on companies and administrative fines of up to €17 million were confirmed before the Dublin Circuit Court. Amongst the recipients of these fines were multinationals, such as Meta, TikTok and Twitter.

Cross-border inquiries

125 cross-border complaints were received in 2022 and amongst the 17 large scale inquiries conducted by the DPC last year, many of these were cross-border. Whilst successful international investigation is very much dependent on the co-operation of regulatory authorities from other jurisdictions, as well as the interpretation of relevant EU law, this ability should only serve to enhance the DPC.

Key stats from the 2022 report

  • 5828 valid data breach notifications received by the DPC, 5695 of which were valid GDPR breaches. This is a decrease on 2021 6549 valid data breach queries reported in 2021.

  • 17 large-scale inquiries concluded by the DPC in 2022 with administrative fines in excess of €1billion and multiple reprimands and compliance orders imposed.

  • 9,370 new cases were processed (6,660 queries and 2,710 complaints) from individuals in 2022.

  • The DPC produced 7 pieces of substantial new guidance, including 3 short guides for children on their data protection rights, and updated 11 pieces of existing guidance.

  • The DPC received 125 valid cross-border complaints (as Lead Supervisory Authority) and concluded 246 cross-border complaints.

About the author: Ciarán Leavy, Partner, Commercial Litigation.