09 03 2018 Insights Cyber and Data Protection

Key Takeaways from the Data Protection Commissioner’s 2017 Annual Report

Dataprotectionreport

By Bryan McCarthy and Sarah Slevin
9 March, 2018

Introduction

It may be the last such report produced before the Office of the Data Protection Commissioner (“ODPC”) evolves into the Data Protection Commission, but Helen Dixon’s fourth Annual Report on the activities of the office during 2017 (the “Report”) is certainly of no less significance. In fact, the Report gives us a useful insight into the ever-increasing public awareness of the importance of data protection and, consequently, provides a not-so-subtle hint as to the expanded and central role that the Data Protection Commission will play in European data protection in a post-GDPR society.

Generating media headlines in the immediate aftermath of the Report’s publication were the figures on the increase in complaints to the ODPC last year, which rose by almost 80% on the previous year. However, these figures, whilst revealing, are not the only interesting element of the Report; much more of its contents should be examined in order to draw conclusions on the current status of data protection in Ireland.

Queries and Complaints to the ODPC

Firstly, however, to those complaints. The Report states that there were 2,642 complaints lodged with the ODPC last year, up from 1,479 in 2016. As has been the case in previous years, complaints about denied access to records made up the majority of these referrals, 1,372 (52%) in total.

Type of Complaint

Number of Complaints

Access rights

1,372

Disclosure

351

Unfair processing of data

312

Direct electronic marketing

215

Use of CCTV footage

77

Failure to secure data

46

Internet search-result delisting

44

Accuracy

43

Excessive data

43

Retention

41

Right of rectification

39

Specified purpose

18

Unauthorised access

14

Postal direct marketing

6

Biometrics

4

Miscellaneous

17

Total

2,642