Mobile phone carrier Three is providing the aggregated movement data of its 2.4m Irish customers to the Department of Health and the CSO in order to monitor compliance with Covid-19 public health and movement restrictions.
The Irish DPC finds itself in this position because of the way that the GDPR works: when there are privacy problems, the cases are brought by the data protection authority of the EU nation in which the company concerned is based.
Today, we at the ICCL [Irish Council for Civil Liberties] submitted evidence to the DPC that show the consequence of failure to enforce the GDPR to stop the vast RTB data breach at the heart of the online advertising industry.
With its public statement, the Irish DPC is trying to signal that it is working hard on these big cases, but Schrems doesn’t think it is making enough progress.
In November 2019, BEUC sent another letter to the DPC, noting: “One year after these complaints were filed, it has yet not been decided whether Google infringed the GDPR.” As Monique Goyens, Director General of BEUC, said: Considering the scale of the problem, which affects millions of European consumers, this investigation should be a priority for the Irish data protection authority.
In an announcement of the seizure of the domain posted Thursday by the US Justice Department, the DOJ alleged that WeLeakInfo allowed its users to access "a search engine to review and obtain the personal information illegally obtained in over 10,000 data breaches containing over 12 billion indexed records—including, for example, names, email addresses, usernames, phone numbers, and passwords for online accounts."
The Irish government department at the heart of the plans for the PSC and associated database, the Department of Social Protection, suffered hundreds of privacy breaches a few years back; widespread use of the identity card would give tens of thousands of public servants and contractors ready access to highly personal data – a recipe for disaster.
The Irish regulator, which takes the lead in overseeing Facebook in Europe, said it’s already looking at similar data processing by Google, Apple and Microsoft.
The probe was the result of a number of submissions against the company, the Irish Data Protection Commissioner (DPC) said, including from privacy-focused web browser Brave, which complained last year that Google and other digital advertising firms were playing fast and loose with people’s data.
 See “Ryan report on behavioral advertising and personal data” (URL: ) and “Examples of data in a bid request from IAB OpenRTB and Google Authorized Buyers’ specification documents” (URL: ); and “Google’s publisher verticals list” (URL: ), evidence submitted to the Irish Data Protection Commission, and UK Information Commissioner’s Office, 12 September 2018 and 20 February 2019.
The statutory inquiry into Google’s adtech that’s being opened by the Irish Data Protection Commission (DPC), cites section 110 of Ireland’s Data Protection Act 2018, which means that the watchdog suspects infringement — and will now investigate its suspicions.
Privacy watchdogs also voice concerns about the 2014 appointment of Dixon, an Irish civil servant with no prior experience in regulatory enforcement, to replace Billy Hawkes, the regulator who initially presided over the finding of Facebook’s over-sharing of data with researchers and developers of third-party apps.
Facebook’s plan to merge WhatsApp, Instagram and Facebook Messenger could raise significant data protection concerns, according to the Irish commission that regulates the social network in the EU.
Speaking to The Irish Times at the Web Summit in Lisbon recently, Collins said that laws such as the children’s online privacy protection Act (COPPA) in the US and its European cousin GDPR-K, which both legally prevent data capture on kids, is triggering a seismic structural change in the internet.