Ireland GDPR I

“I worry that we are caught in a DPA (Data Protection Authority) beauty contest of who issues the bigger fine,” said Ireland Data Protection Commissioner Helen Dixon in her keynote for Daniel Solove’s Privacy+Security Academy Fall Forum Keynote.

Additional Key Takeaways
  • I am hesitant to list our enforcement priorities because I don’t feel that we are in control of setting the agenda and are reacting to complaints and to issues that arise, like the pandemic and the Schrems II judgment.
  • Schrems II didn’t create uncertainty, rather it created too much certainly that isn’t palatable for many.
  • “Let it rip.” Let us first build up a corpus of cases requiring international cooperation between DPAs before we can see if the harmonization mechanism is problematic.
  • In reality, cookie consent ends up as just an inconvenience on the person’s way to get the content. Putting more and more elusive control on individuals is not really achieving what we want to achieve.
  • The Data Protection Commissioner doesn’t have a bias against legitimate interest. Provided that all the other elements are met, including balancing, transparency and fairness, it provides better protection.
  • Legitimate interest could theoretically be used as a legal basis for targeted advertising. EDPB says it’s unlikely but you should do a case-by-case analysis.