Decisions
Decisions
Explore summaries and full text of Decisions published by the Data Protection Commission.
Fines Explained
In addition to imposing corrective measures, over €4 billion in fines have been levied against organisations as a result of DPC inquiries. To date, approximately €20 million in fines has been collected.
The law provides that fines imposed by the DPC do not become payable until they are confirmed in Court. If no appeal is made against the DPC’s decision, the DPC must apply to the Circuit Court to confirm the fine under the Data Protection Act 2018.
If an appeal is made against the DPC’s decision, the fine cannot be collected pending that appeal. Such appeals are brought either in the Circuit Court or in the High Court, depending on the monetary value of the fine.
Inquiry concerning the University of Limerick
This Decision arises from an own-volition inquiry into the University of Limerick (‘UL’) following a series of personal data breaches that occurred between November 2018 and January 2020…
See More InformationInquiry into City of Dublin Education and Training Board (CDETB)
This decision arises from an own-volition inquiry that the DPC commenced in July 2019. The inquiry related to a personal data breach notified by City of Dublin Education and Training Board …
See More InformationInquiries into Meta Platforms Ireland Limited (Token Breach)
On 12 December 2024, the Irish Data Protection Commission (‘DPC’) adopted final decisions in two own-volition statutory inquiries reprimanding Meta Platforms Ireland Limited (‘MPIL’) and…
See More InformationInquiry into Maynooth University
This decision arises from an own-volition inquiry that the DPC commenced in July 2019. The inquiry related a personal data breach notified by Maynooth University in November 2018. The…
See More InformationInquiry into Meta Platforms Ireland Limited
On 26 September 2024, the Irish Data Protection Commission (DPC) adopted a final decision in an own-volition statutory inquiry, concerning the processing of user passwords on the Facebook…
See More InformationInquiry into Bank of Ireland 365
The inquiry was commenced after BOI notified the DPC of a series of 10 data breaches relating to the BOI365 banking app. The data breach notifications concerned individuals gaining…
See More InformationInquiry into Centric Health Ltd
The DPC commenced the Inquiry following a ransomware attack affecting patient data held on Centric’s patient administration system which was notified to the DPC on 5 December 2019. As a…
See More InformationInquiry into A&G Couriers Limited T/A Fastway Couriers (Ireland)
This inquiry was commenced in respect of a personal data breach that A&G Couriers Limited T/A Fastway Couriers, Ireland (Fastway) notified to the DPC on 4 March 2021. Fastway is a…
Article(s): 32
Inquiry into Virtue Integrated Elder Care Ltd (VIEC)
The inquiry was commenced after VIEC notified a personal data breach to the DPC on 19 August 2020. VIEC operates and manages five nursing homes on the Southside of Dublin and in County…
See More InformationInquiry into Ark Life Assurance Company dac
This decision arose from an own-volition inquiry commenced by the DPC pursuant to section 110 of the Data Protection Act 2018 to consider whether Ark Life had complied with the GDPR in…
Article(s): 32
Inquiry into Allianz plc
This decision arose from an own-volition inquiry commenced by the DPC pursuant to section 110 of the Data Protection Act 2018 to consider whether Allianz had complied with the GDPR in…
Article(s): 32
Inquiry concerning 12 Facebook personal data breaches
The DPC has adopted a decision, imposing a fine of €17 million on Meta Platforms Ireland Limited (formerly Facebook Ireland Limited) (“Meta Platforms”). The decision followed an inquiry by…
See More InformationInquiry into Bank of Ireland Group plc
This inquiry was commenced in respect of 22 personal data breach notifications that Bank of Ireland Group plc (“BOI”) made to the Data Protection Commission (“DPC”) between 9 November 2018…
See More InformationInquiry into Slane Credit Union
This inquiry was commenced in respect of a personal data breach that Slane Credit Union notified to the DPC on 30 November 2018. Slane Credit Union was established on 16 February 1968 as a…
See More InformationInquiry into a Consultancy Provider
This inquiry was commenced in respect of a personal data breach that the Personal Injuries Assessment Board (‘PIAB’) reported to the Data Protection Commission on 10 December 2019. PIAB is…
Article(s): 32
Inquiry into the Personal Injuries Assessment Board
This inquiry was commenced in respect of a personal data breach that the Personal Injuries Assessment Board (‘PIAB’) notified to the DPC on 10 December 2019. PIAB is an independent…
Inquiry into the Teaching Council
This inquiry was commenced in respect of a personal data breach that the Teaching Council (the Council) notified to the DPC on 9 March 2020. The Council is the professional standards body…
See More InformationInquiry into MOVE (Men Overcoming Violence) Ireland
This inquiry was commenced in respect of a personal data breach that MOVE notified to the DPC on 3 February 2020. MOVE is a registered charity, which works in the area of domestic violence,…
See More InformationInquiry into the Irish Credit Bureau DAC
This inquiry was commenced in respect of a personal data breach that the Irish Credit Bureau (‘ICB’) notified to the DPC on 31 August 2018. The ICB is a credit reference agency that…
See More InformationInquiry Concerning Twitter International Company (‘TIC’)
This Inquiry, which was commenced by the Data Protection Commission (‘the Commission) on 22 January 2019, examined whether Twitter International Company (‘TIC’) had complied with its…
See More InformationDecision concerning Ryanair DAC
Acting in its capacity as lead supervisory authority, the DPC commenced an examination of a complaint originally received by the U.K. Data Protection Authority. The complaint concerned…
See More InformationInquiries concerning the Health Service Executive
Date of Decisions: 18 August 2020 & 29 September 2020 The DPC commenced inquiry IN-19-9-1 in respect of one personal data breach notified by the HSE to the DPC. The personal data breach…
See More InformationInquiry into Tusla Child and Family Agency
This inquiry was commenced in respect of 71 personal data breaches notified by Tusla to the DPC. The decision considered a broad range of Tusla’s processing operations and the findings…
See More InformationInquiry into University College Dublin
This inquiry was commenced in respect of 7 personal data breaches that University College Dublin (‘UCD’) notified to the DPC between 8 August 2018 to 21 January 2019. The personal data…
See More InformationInquiry into Tusla Child and Family Agency
This inquiry was commenced in respect of one personal data breach notified by Tusla to the DPC. The personal data breach occurred when a social worker for Tusla wrote a safeguarding letter…
See More InformationInquiry into Tusla Child and Family Agency
This inquiry was commenced in respect of three personal data breaches notified by Tusla to the DPC. All three personal data breaches occurred in circumstances where Tusla failed to redact…
Article(s): 32