| 12.2°C Dublin

Irish data watchdog promises GDPR decisions into tech multinationals 'this summer'


Helen Dixon, Irish Data Protection Commissioner

Helen Dixon, Irish Data Protection Commissioner

Helen Dixon, Irish Data Protection Commissioner

The Irish Data Protection Commissioner says that the first batch of major investigations by her office under GDPR into companies like Facebook and LinkedIn will “conclude over the summer of 2019”.

Speaking to the US Senate, Helen Dixon said that there are currently 51 “large scale”  investigations underway.

“17 relate to the large tech platforms and span the services of Apple, Facebook, LinkedIn, Twitter, WhatsApp and Instagram,” she said.

“The first sets of investigations will conclude over the summer of 2019.”

Of the 17 cases, 11 relate to Facebook or its subsidiary firms, Instagram and Whatsapp.

The most recent investigation to be opened occurred last week, when the data privacy watchdog opened a new case into Facebook.

The probe will aim to uncover how millions of passwords were stored in insecure “plain text” format by the tech giant.

Under GDPR law, the Irish Data Protection Authority can fine companies up to €20m or 4pc of global turnover.

Ms Dixon also outlined some examples of how Irish people have seen their data privacy violated.

“In one case, a multinational agent dealing by web chat about a customer service complaint took note of the consumer’s personal details including mobile phone number she used to verify her account. The agent then contacted the user asking her on a date.”

7 Things: Adrian Weckler on Tech

Tech’s stars and turkeys rounded up and served to you every Friday by Ireland’s No. 1 technology writer.

This field is required

Independent of the complaint received by the DPC, the agent was fired from the job, Ms Dixon said.

“A further complaint dealt with was lodged by an individual who had suffered a family bereavement,” she said.

“A tombstone company issued immediate correspondence to her family advertising cheap headstones in respect of the dead relative. The tombstone company had taken data from an online death notice website and recreated the full address from multiple other sources.

"The actions of the company were not only distasteful but in breach of the purpose limitation requirements of data protection law.”

Ms Dixon is one of four witnesses appearing before the US Senate Committee on commerce, science and transportation. She is there to give testimony on the topic of “Consumer Perspectives: Policy Principles for a Federal Data Privacy Framework”.

US legislators are currently debating whether or not to tighten privacy rules that might replicate some of the principles of Europe’s GDPR.