RegSol Blog


Data Protection Commission publishes Annual Report for 2021

May 2022

On 24th February, the Data Protection Commission(the “DPC”) published their annual report (here). It details the activities completed in 2021 together with information on the DPC’s Regulatory Strategy for 2022-2027. As with prior reports, there is detailed information on the number of issues they dealt with and details of specific case studies.

In that regard, the PDC noted the most frequent complaints received by individuals included:

Access requests: The DPC noted individual had communicated with the data controller but either did not receive an acknowledgement/response to their request or was dissatisfied with the response issued and as a result lodge a complaint with the DPC.

The DPC found that on investigating these complaints, it often transpires that the data controller has either (a) not performed an adequate search for the personal data (b) has not advised the individual they are withholding data and the exemption they are relying on for same, or (c) will not respond within the required timeframe to the access request.

Cookies Investigations: throughout 2021 the DPC carried out cookies investigations, examining a significant number of websites to assess compliance with the relevant legislation where consent must be obtained for placing any information on a user’s device, or accessing information already stored on their device.

Issues highlighted by the DPC on foot of their investigations included the setting of tracking and advertising cookies without consent, the use of cookie banners that obscured the text of the cookies and privacy notices on websites, and the use of pre-ticked boxes or toggles to signal consent for cookies.

Such continued complaints emphasise the need by intermediaries as Data Controllers to comply with the data protection legislation in a competent and timely manner, particularly in circumstances where individuals are alive to their rights and will seek to enforce them.

Furthermore, the DPC confirmed that investigations and enforcement will continue to be a key element of its activities in 2022 and in the coming years. The DPC however intends to publish more guidance including more regular case studies of issues it has decided and work to support Data Protection Officers in their critical on-the-ground roles within organisations

The DPC also referred to pending pieces of legislation at an EU level, the NIS2 Directive, the Digital Markets Act, the Digital Services Act, the E-Privacy Regulation, the Artificial intelligence Act, and the Data Governance Act, highlighting the ever-evolving nature of data protection.

To keep up to speed with all the latest developments in this area, our Data Protection Full Day webinar takes places on Thursday 26th May 2022. To sign up, please go to the link below:

Data Protection Full Day (2 Half Day Sessions) Tickets, Thu 26 May 2022 at 09:30 | Eventbrite