Data Protection in the Workplace – What you need to know in 2020

In the past two years since the GDPR became law, we have published dozens and dozens of news items on data protection developments in Ireland – mainly in our fortnightly review of developments’ emails we send out every other Friday. Here is a list of updates so far from 2020:

Data Protection Commission Publishes 2019 Annual Report

Highlights of the 2019 Annual Report include:

• 7,215 complaints were received in 2019 representing a 75% increase on the total number of complaints (4,113) received in 2018.
• 5,496 complaints in total were concluded in 2019.
• 6,069 valid data security breaches were notified representing a 71% increase on the total number of valid data security breaches (3,542) recorded in 2018.

Download the report here

Courts Service Loses Appeal Against Finding That It Breached Pre-GDPR Data Protection Legislation

The Courts Service has lost an appeal against the Data Protection Commissioner’s finding that it breached pre-GDPR legislation by publishing the name of a notice party who had been granted anonymity.  Dismissing the appeal, Judge Francis Comerford said the Courts Service was obviously a data controller, and agreed with the Data Protection Commissioner that it was unnecessary to have “complete control” over all aspects of the process in order to fall within the definition of data controller. 

More on this from IrishLegal.com

Data Protection Commission launches Statutory Inquiry into Tinder

Since the GDPR came into effect, the Data Protection Commission has been actively monitoring complaints received from individuals in order to identify thematic and possible systemic data protection issues.  A number of issues have been identified from concerns raised by individuals both in Ireland and across the EU.  The identified issues pertain to MTCH Technology Services Limited’s ongoing processing of users’ personal data with regard to its processing activities in relation to the Tinder platform, the transparency surrounding the ongoing processing, and the company’s compliance with its obligations with regard to data subject right’s requests.

As such, the DPC has commenced an own- volition Statutory Inquiry, with respect to MTCH Technology Services Limited, pursuant to section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests. 

Swipe right here for more details

Data Protection Commission Launches Statutory Inquiry into Location Data Uses

The Data Protection Commission, in its role as Lead Supervisory Authority for Google, has received a number of complaints from various Consumer Organisations across the EU, in which concerns were raised with regard to Google’s processing of location data. The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing. As such the DPC has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.

Click here to read more

Opinions - Everyone’s Got One, But Does Data Protection Law Apply To Them?

Something that the Data Protection Commission (DPC) comes across from time to time are disputes over ‘opinions’ about a person that have been recorded or used in some way.

People can have strong views over whether opinions are fair or correct, and they can involve issues such as freedom of expression and confidentiality – so disputes in these cases can become both contentious and complicated. Therefore, in this blog post the DPC aims to cover some of the basic issues which can arise where opinions come into contact with data protection law. 

Read more here

A Guide to Using Artificial Intelligence In The Public Sector

The Government Digital Service (GDS) and the Office for Artificial Intelligence have published joint guidance on how to build and use artificial intelligence (AI) in the public sector.

The guide is available here

Privacy Shield

The DPC has welcomed the publication of the AG’s opinion on case # C-311/18 CJEU [Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems]. The opinion illustrates the levels of complexity associated with the kinds of issues that arise when EU data protection laws interact with the laws of third countries, to include the laws of the United States. Equally, the opening section of the opinion recognises the significant tensions that arise between, on the one hand, the need to show pragmatism, and on the other, “the need to assert the fundamental values recognised in the legal orders of the Union and its member states, and in particular, the Charter.”

Find out more here

CJEU Press Release

Click here to read this

Data Protection developments and the impact of the GDPR will continue to grow and we’ll bring you all the latest important updates in our Friday reviews.

In the meantime, you might also be interested all-staff data protection and cyber security training. A combination of human error and cyber attacks are often at the heart of data breach incidents. Annual data protection and cyber security training are essential and recommended by the DPC to raise awareness amongst staff, to help them identify and avoid potentially harmful online risks such as phishing, ransomware and email scams. Find out more below about our eLearning courses.

Training Resources

Did you know Legal Island offer eLearning training courses in Data Protection in the Irish Workplace and Cyber Security in the Irish Workplace?

Data Protection in the Irish Workplace

Legal Island’s Data Protection in the Workplace eLearning course is tailored specifically to provide your employees with comprehensive training and you with an evidence trail for the DPC, should a data breach occur.

Click here to learn more about this course

Click here to view a free demo

Cyber Security in the Irish Workplace

It is vital that your employees have an understanding of the importance of cyber security and the dangers which may be present in your workplace. Legal Island’s Cyber Security in the Workplace eLearning course is tailored specifically to Irish law and provides comprehensive compliance training for all employees on cyber security practices in the workplace.

Click here to learn more about this course

Click here to view a free demo