Data Protection in the Workplace – What you need to know in 2020Posted in : Supplementary Articles ROI on 25 February 2020
In the past two years since the GDPR became law, we have published dozens and dozens of news items on data protection developments in Ireland – mainly in our fortnightly review of developments’ emails we send out every other Friday. Here is a list of updates so far from 2020:
Data Protection Commission Publishes 2019 Annual Report
Highlights of the 2019 Annual Report include:
- 7,215 complaints were received in 2019 representing a 75% increase on the total number of complaints (4,113) received in 2018.
- 5,496 complaints in total were concluded in 2019.
- 6,069 valid data security breaches were notified representing a 71% increase on the total number of valid data security breaches (3,542) recorded in 2018.
Courts Service Loses Appeal Against Finding That It Breached Pre-GDPR Data Protection Legislation
The Courts Service has lost an appeal against the Data Protection Commissioner’s finding that it breached pre-GDPR legislation by publishing the name of a notice party who had been granted anonymity. Dismissing the appeal, Judge Francis Comerford said the Courts Service was obviously a data controller, and agreed with the Data Protection Commissioner that it was unnecessary to have “complete control” over all aspects of the process in order to fall within the definition of data controller.
Data Protection Commission launches Statutory Inquiry into Tinder
Since the GDPR came into effect, the Data Protection Commission has been actively monitoring complaints received from individuals in order to identify thematic and possible systemic data protection issues. A number of issues have been identified from concerns raised by individuals both in Ireland and across the EU. The identified issues pertain to MTCH Technology Services Limited’s ongoing processing of users’ personal data with regard to its processing activities in relation to the Tinder platform, the transparency surrounding the ongoing processing, and the company’s compliance with its obligations with regard to data subject right’s requests.
As such, the DPC has commenced an own- volition Statutory Inquiry, with respect to MTCH Technology Services Limited, pursuant to section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry of the DPC will set out to establish whether the company has a legal basis for the ongoing processing of its users’ personal data and whether it meets its obligations as a data controller with regard to transparency and its compliance with data subject right’s requests.
Data Protection Commission Launches Statutory Inquiry into Location Data Uses
The Data Protection Commission, in its role as Lead Supervisory Authority for Google, has received a number of complaints from various Consumer Organisations across the EU, in which concerns were raised with regard to Google’s processing of location data. The issues raised within the concerns relate to the legality of Google’s processing of location data and the transparency surrounding that processing. As such the DPC has commenced an own-volition Statutory Inquiry, with respect to Google Ireland Limited, pursuant to Section 110 of the Data Protection 2018 and in accordance with the co-operation mechanism outlined under Article 60 of the GDPR. The Inquiry will set out to establish whether Google has a valid legal basis for processing the location data of its users and whether it meets its obligations as a data controller with regard to transparency.
Opinions - Everyone’s Got One, But Does Data Protection Law Apply To Them?
Something that the Data Protection Commission (DPC) comes across from time to time are disputes over ‘opinions’ about a person that have been recorded or used in some way.
People can have strong views over whether opinions are fair or correct, and they can involve issues such as freedom of expression and confidentiality – so disputes in these cases can become both contentious and complicated. Therefore, in this blog post the DPC aims to cover some of the basic issues which can arise where opinions come into contact with data protection law.
A Guide to Using Artificial Intelligence In The Public Sector
The Government Digital Service (GDS) and the Office for Artificial Intelligence have published joint guidance on how to build and use artificial intelligence (AI) in the public sector.
The DPC has welcomed the publication of the AG’s opinion on case # C-311/18 CJEU [Data Protection Commissioner v Facebook Ireland Limited, Maximillian Schrems]. The opinion illustrates the levels of complexity associated with the kinds of issues that arise when EU data protection laws interact with the laws of third countries, to include the laws of the United States. Equally, the opening section of the opinion recognises the significant tensions that arise between, on the one hand, the need to show pragmatism, and on the other, “the need to assert the fundamental values recognised in the legal orders of the Union and its member states, and in particular, the Charter.”
CJEU Press Release
Data Protection developments and the impact of the GDPR will continue to grow and we’ll bring you all the latest important updates in our Friday reviews.
In the meantime, you might also be interested all-staff data protection and cyber security training. A combination of human error and cyber attacks are often at the heart of data breach incidents. Annual data protection and cyber security training are essential and recommended by the DPC to raise awareness amongst staff, to help them identify and avoid potentially harmful online risks such as phishing, ransomware and email scams. Find out more below about our eLearning courses.
Data Protection in the Irish Workplace
Legal Island’s Data Protection in the Workplace eLearning course is tailored specifically to provide your employees with comprehensive training and you with an evidence trail for the DPC, should a data breach occur.
Cyber Security in the Irish Workplace
It is vital that your employees have an understanding of the importance of cyber security and the dangers which may be present in your workplace. Legal Island’s Cyber Security in the Workplace eLearning course is tailored specifically to Irish law and provides comprehensive compliance training for all employees on cyber security practices in the workplace.
More on Data Protection & Freedom of Information
- Use Of CCTV In Disciplinary Processes: New Ruling from The Court Of Appeal
- Court Of Appeal: Use of CCTV Footage In Disciplinary Proceedings
- Doolin v The Data Protection Commissioner 
- The Data Protection Commission’s Annual Report for 2021 - Key Takeaways
- Agnieszka Nowak v The Data Protection Commissioner 
The information in this article is provided as part of Legal-Island's Employment Law Hub. We regret we are not able to respond to requests for specific legal or HR queries and recommend that professional advice is obtained before relying on information supplied anywhere within this article.