Highlights of the Annual Report of the Data Protection Commission

The Data Protection Commission (“DPC”) recently published its first Annual Report, detailing its activities between 25 May 2018 (the day it came into being as a successor to the Office of the Data Protection Commissioner) and 31 December 2018 (the “Report”). The period was marked by the application of the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) across the EU and the commencement of the Data Protection Act 2018 (the “2018 Act”) in Ireland.  Over the course of 2019, the DPC is expected to conclude high-profile inquiries into the data processing activities of Facebook, Whatsapp, Instagram, Apple, Twitter and LinkedIn and to adjudicate on key issues affecting not only multinational tech companies headquartered in Ireland but all controller and processors who are subject to the jurisdiction of the Data Protection Commission. It remains to be seen whether the DPC will levy any administrative fines or exercise other corrective powers in connection with these inquiries or otherwise.