Data Protection, Privacy and Technology
As the EU GDPR celebrates its fourth anniversary since coming into force on 25 May 2018, the European Data Protection Board ("EDPB") has been busy publishing guidelines in an effort to ensure the consistent application of the GDPR by national data protection authorities ("DPAs").
To date, the EDPB have adopted 58 Guidelines, and 6 recommendations. Enforcement activity by DPAs across the EU, including Ireland, has also ramped up with cumulative fines adding up to €1.55 billion at the end of 2021. Following the imposition of its record €225 million fine on WhatsApp for breach of its transparency obligations under the GDPR, the Irish Data Protection Commission ("DPC") recently issued a hefty €17 million fine on Meta for breach of its data security obligations, reflecting a move towards a more aggressive approach by the Regulator.
“From now on, DPAs across the EEA will follow the same methodology to calculate fines. This will boost further harmonisation and transparency of the fining practice of DPAs".
Andrea Jelinek, EDPB Chair.