Trends from the 2020 Data Protection Commission Annual Report


The recent Annual Report 2020 from the Data Protection Commission (DPC) highlights a number of trends in data protection within an Irish context. We summarise the trends from the report below: Complaints In respect of complaints received, Access Requests continue to make up almost a third of all complaints received under the GDPR. Common issues […]

What changes to expect in the ePrivacy Regulation

eprivacy regulation

On 10 February 2021, EU member states agreed on the final position for the highly anticipated ePrivacy Regulation. After three years of arduous negotiations, organisations can now plan with certainty how and when they will prepare to meet these new obligations. Upcoming ePrivacy Regulation The ePrivacy Regulation seeks to protect the confidentiality of electronic communications […]

WhatsApp: Why you must get your privacy notice right

privacy notice

Could a privacy notice cause a data-protection concern so massive to trigger the loss of millions of customers within a few weeks, draw the attention of governments and supervisory authorities across the world, and lead to major reputational damage? The answer is yes, and it recently happened to WhatsApp. This scenario highlights how data protection documentation is an essential part of the governance of personal data and the impacts […]

The Carrefour case study – Common errors in data protection and cookie compliance

Bavarian DPA resized

CNIL has fined Carrefour France €2.25M for GDPR and e-Privacy violations and Carrefour Banque €800,000 for similar breaches. The fines included violations related to the placement of cookies on user’s devices as well as their processing of personal data contrary to the requirements of the GPDR. This article looks at the specific practices that were […]

Data governance and data protection compliance within the social enterprise, charity and the third-sector

data Protection and social enterprise

Social enterprises, charities and other third-sector organisations are doing important work safeguarding vulnerable individuals and providing essential services. However, they face unique challenges when it comes to data protection compliance. In fact, the person-centred approach of these organisations, though essential for providing services, means that data protection may not always be prioritised. How can we […]

Irish DPC updates cookie guidance on foot of cookie sweep report

The Irish Data Protection Commission (DPC) has issued a guidance note on cookies and other tracking technologies. This guidance accompanies the release of a report outlining the results of a cookie sweep conducted on 40 website operators. It is the most significant and detailed guidance that the DPC has issued to date on the processing […]

DPC draws line in the sand with cookie sweep report, six months given to comply

Following a sweep of 40 websites, the Irish Data Protection Commission (DPC) has published a report on the use of cookies and other tracking technologies. The sweep assessed the cookie and tracking practices of website operators against the relevant ePrivacy Regulation (S.I. 336/2011 in Ireland) and, where applicable, the consent standard as defined in the […]