Personally, I’ve had quite the week in terms of data protection. Two years ago, shortly after the EU’s General Data Protection Regulation (GDPR) came into force, I decided to try and leave the Catholic church through data protection law. Just last week, it was national news and I even got a spin out on Kildare FM too. Naturally, I was rather excited to see the Data Protection Commission’s Annual Report for 2019 land in my inbox today. Here’s what it has to say.
Own Volition Investigation Into The Catholic Church
In what was the first full year of GDPR, the DPCs 2019 report highlights some of the higher-profile cases they are investigating. Sure enough, they’ve also included their digging into how the Catholic church handles personal data. In case you’ve missed me ranting about this, the “inquiry relates to the lawful basis for processing the personal data of individuals who no longer want to have
their personal data so processed”.
It comes as absolutely no surprise that I’m not alone in this, as “the DPC received a number of complaints from individuals who were members of the Catholic Church and many of whom no longer wish to remain as members”. Rather strangely, considering my complaint surrounds the Diocese of Ossory, as per communications sent to myself, the DPC further stated they had “opened an own-volition inquiry pursuant to section 110(1) of the Data Protection Act 2018, directed to the Archdiocese of Dublin”.
The goal of this inquiry is to decide whether or not there “is a lawful basis for the processing of the personal data of individuals who no longer want to have their personal data so processed” by the church.
Public Services Card Inquiry
Another area of public attention the DPC assisted with was the Public Services Card controversy. The card was introduced in 2011 with the goal of making services like social welfare easier to access through a single card. For the government, the PSC card would become quite the headache, eventually becoming the focus of a DPC investigation.
On 15 August 2019, the DPC delivered its report in relation to the first part of its investigation into the processing of personal data carried out by the Department of Employment Affairs and Social Protection. Ultimately, the Data Protection Commissioner ruled that there was no lawful basis for anyone to be required to get the card for anything other than social welfare payments and benefits.
More Highlights From The DPC’s 2019 Annual Report
So it’s not all about the church I guess and the sexy headlines. The DPC has been very busy indeed over the past year. 7,215 complaints were received by the DPC in 2019. That’s a 75% increase in the total number of complaints of 4,113 received in 2018.
There were almost 48,500 contacts were made through the DPC’s Information and Assessment Unit, including 22,200 telephone calls and 22,300 emails. On 31 December 2019, the DPC had 70 statutory inquiries on hand, including 49 domestic inquiries. Six statutory inquiries were opened in relation to multinational technology companies’ compliance with the GDPR, bringing the total number of cross-border inquiries to 21.
increased awareness on the part of individuals and organisations alike as to the importance of protecting personal data
The Commissioner for Data Protection, Helen Dixon, commented: “2019 has been the first full calendar year of the GDPR. There have been many positive changes, including organisations across Ireland appointing Data Protection Officers who can assist the public in exercising their data protection rights and also increased awareness on the part of individuals and organisations alike as to the importance of protecting personal data”.
2019 Data Protection Commission Report: Facts and Figures