Data Protection Commission publishes 2020 Annual Report

25th February 2021

Commissioner for Data Protection, Helen Dixon, today launched the Irish Data Protection Commission’s Annual Report for 2020.

Highlights of the 2020 Annual Report include:

  • 10,151 cases handled in 2020, up 9% on 2019 figures (9,337).
  • 4,660 complaints under the GDPR received in 2020.
  • 4,476 complaints in total were concluded in 2020.
  • 6,628 valid data security breaches were notified in 2020.
  • Over 35,000 contacts were received through the DPC’s Information and Assessment Unit, including 10,000 telephone calls and 23,200 emails.
  • On 31 December 2020, the DPC had 83 statutory inquiries on hand, comprising 56 domestic inquiries and 27 cross-border inquiries.
  • In May 2020, the DPC sent Europe’s first major platform Article 60 Draft Decision to all other EU Data Protection Authorities.
  • In the same month, the DPC issued its first fines under the GDPR, levying two separate fines against an Irish state agency.
  • The DPC triggered the EDPB’s Article 65 Complaint Resolution Mechanism, becoming the first supervisory authority to do so.
  • In December 2020, the DPC issued its first fine in a cross-border case, fining Twitter International Company €450,000.
  • 354 cross-border processing complaints were received by the DPC through the One-Stop-Shop mechanism.
  • 147 new complaints were investigated under S.I. No. 336 of 2011 in respect of various forms of electronic direct marketing: 66 related to email marketing; 73 related to SMS (text message) marketing; and five related to telephone marketing. Prosecutions were concluded against six entities in respect of offences under the E-Privacy Regulations.
  • The DPC opened an extensive consultation on its draft guidance on the rights of children as data subjects — Children Front and Centre: Fundamentals for a Child-Oriented Approach to Data Processing.
  • New guidance in relation to the use of cookies and tracking technologies was published and the DPC conducted an extensive public awareness campaign signalling its intention to begin follow-up enforcement action during Q4 of 2020. Enforcement Notices were served on seven organisations for non-compliance in December 2020.
  • The DPC received 570 new Data Protection Officer notifications, bringing the total number to 2,166 at year end.
  • Staff numbers increased to 145 and budget increased to €16.9 million (€19.1 million in 2021).

The Commissioner for Data Protection, Helen Dixon, commented:

“The progress the DPC has made in 2020 provides a solid platform on which to build across our enforcement and complaint-handling functions in particular. The GDPR must be understood as a project for the now, but equally for the longer-term. The DPC intends to continue as a leader in its full implementation.”

DPC 2020 Annual Report