Derek Mooney writes: The Irish Data Protection Commission (DPC) has just published its 2022 annual report (HERE). The DPC is pursuing a case at the ECJ/CJEU against the European Data Protection Board (EDPB) saying that the EDPB does not have a general supervision role akin to national courts (as outlined in BEERG newsletter #1 of 2023).
This fact may explain why the report and the accompanying statement highlights the DPC’s robust approach to achieve the highest standards of personal data protection processing and the DPC’s willingness to apply sanctions “where warranted”. Both the report and statement strongly make the point that the DPC issued two-thirds of all fines issued across Europe last year. See extract from the statement below, with our emphasis in bold.
“2022 was a year that saw significant outputs from the DPC…
While the DPC encourages and guides organisations in achieving highest standards of protection in their processing of personal data, the DPC has also demonstrated it does not shy away from enforcing the law and applying sanctions where warranted. Two-thirds of the fines issued across Europe last year, including the EU, EEA and UK, were issued by the DPC on foot of detailed and comprehensive investigations, a fact that underlines both the outsized role, and exceptional performance, of the organisation in effectively holding those guilty of non-compliance to account.”
Download BEERG Newsletter Issue #08 2023 as a PDF