The Data Protection Commission (DPC) has published its Annual Report for 2020. The Report looks back on the span of regulatory work completed by the DPC over the past year, and reveals some interesting trends and statistics. It discusses the complaints and breach notifications received; case-studies; the 83 domestic and cross-border inquiries it has open; and the fines, reprimands, and compliance orders it has issued for infringements of the GDPR and Law Enforcement Directive (LED). This briefing note considers some of the key highlights of the Report.

Continue Reading DPC publishes Annual Report for 2020

The EU Commission looks set to adopt two adequacy decisions in favour of the UK, which will allow businesses to continue to freely transfer personal data from the EU/EEA to the UK.  On 19 February 2021, the EU Commission published two draft adequacy decisions permitting transfers of personal data to the UK under the GDPR, and under the Law Enforcement Directive (LED).

Once adopted, the decisions will replace the interim solution agreed under the EU-UK Trade and Cooperation Agreement (previously discussed here). That agreement allows businesses to transfer personal data from the EU/EEA to the UK, without putting in place additional safeguards, until 30 June 2021 or an adequacy decision comes into effect, whichever is sooner.

Next steps

The EU Commission will next obtain an opinion from the EDPB. It will then need to obtain the green light from a committee of representatives of the EU Member States.  Once this procedure is completed, the EU Commission may adopt the UK adequacy decisions. In line with Article 45(3) of the GDPR and Article 36 of the LED, the UK adequacy decisions will be reviewed every four years to ensure the UK continues to offer an adequate level of protection.

The UK Government’s Press Release welcoming the draft adequacy decisions is available here.

On 10 February 2021, the EU Member States agreed on the EU Council’s negotiating mandate for the draft ePrivacy Regulation. The new Regulation will repeal and replace the existing ePrivacy Directive 2002/58/EC. The text approved by the EU Member States allows the EU Council to start negotiations with the European Parliament on the final text of the ePrivacy Regulation.

Key Highlights

The EU Council’s Press Release sets out the key highlights of the draft ePrivacy Regulation, which include:

• The rules will apply when end-users are in the EU. This also covers cases where the processing takes place outside the EU or the service provider is established or located outside the EU.
• The Regulation will cover electronic communications content and metadata (such as information on location, time and recipient of a communication).

Continue Reading EU Council agrees its position on draft ePrivacy Regulation

On 15 December 2020, the Minister for Health announced Ireland’s National COVID-19 Vaccination Strategy. The first vaccine was approved for use on 21 December 2020, with the first dose administered in Ireland on 29 December 2020. A second vaccine was approved for use on 6 January 2021 and the approval of additional vaccines is anticipated in the coming months.

In light of the rapidly deteriorating public health situation and the widespread prevalence of COVID-19 in the community, it is clear that the prompt implementation of Ireland’s vaccination strategy is the only viable way out of this pandemic. With this in mind, employers need to get to grips with some novel and complex issues that will arise this year as some, but perhaps not all, of their workforce is vaccinated. In this publication we consider some of the key issues (including data protection concerns), that employers are likely to encounter as the vaccination strategy is ramped up and more of the working population become eligible for vaccination.

Go to publication