The Data Protection Commissioner has been given the green light to investigate Max Schrems’ complaint against Facebook. The Office of the Data Protection Commissioner (ODPC) had initially refused to investigate the complaint based on a view that Commission Decision 2000/520/EC (the Safe Harbour Decision) was both valid and binding on the ODPC.
On 1 October, the Court of Justice of the European Union (CJEU) handed down its judgement in the Weltimmo case (Case C‑230/14), a decision which could have important ramifications for the data protection obligations of companies operating across multiple EU member states. The CJEU effectively held that where a company has a representative in a country and operates services directed at that country, the company can be held accountable by that country’s data protection authority despite not being formally established in that country.
Last month the Department of Communications, Energy and Natural Resources published the Government’s National Cyber Security Strategy 2015-2017 (the Strategy).
In 2013 the World Economic Forum classified cyber related threats as one of the highest of all global risks from the perspective of impact and likelihood. This assessment was echoed at a national level in the Government’s 2014 National Risk Assessment. The development and proliferation of Information and Communications technology (ICT) has transformed the way in which society operates. There are few sectors of both society and the economy which do not rely on some form of ICT for their continued operation. This increased dependence has led to increased risk with threats such as hacking, cyber-crime, hacktivism, cyber espionage, software failures and even human error posing a direct threat not only to the daily lives of Irish citizens but also to the economy and the State.