Data Protection Commissioner Helen Dixon accuses lawyers of ‘digital ambulance chasing’

Data Protection Commission spending time on ‘volumes of cases’ of no real importance

Lawyers have been accused of "digital ambulance chasing" by Data Protection Commissioner Helen Dixon, who has suggested certain firms are tying up her office's resources by presenting it with "volumes of cases" that are of no systemic importance in privacy terms.

In a speech to a conference hosted by the Irish Centre for European Law at the Royal Irish Academy in Dublin last week, Ms Dixon said the "most resource-intensive" element of her regulatory role was hearing individual complaints.

All of them had to do with “relationship breakdowns” of one kind or another.

She had recently issued five formal decisions in matters “as mundane as individuals being copied on group emails by an organisation from whom they obtained services”.

The commissioner noted this could, in particular circumstances, be “embarrassing and distressing”, but she wondered whether “it is one that needs to occupy the resources of a data protection authority in terms of investigation and decision that it is a contravention of the Data Protection Acts”.

Ms Dixon said there could be “power asymmetries” at play in the various scenarios, but these imbalances “often don’t turn on the personal data element per se”.

She noted that in some cases organisations had already apologised profusely for what might be a technical breach of the Acts and had offered compensation.

“On this note, I think we are starting to see the rise in digital ambulance chasers in terms of certain legal firms presenting volumes of cases to the office where essentially their goal is to obtain a formal determination of the data protection commissioner that organisation x,y,z is in breach of data protection legislation,” the commissioner said.

“I wonder if this type of digital ambulance chasing really represents anyone’s interests well. It ties up the time of the data protection authority investigating and writing up determinations in cases where the controller has already acknowledged the contravention and attempted to right the wrong.”

Effective regulation

Ms Dixon said she believed there was a “huge divergence” between the strategic and systemic issues that data protection regulators spend a lot of time talking about and what they spend their time investigating in terms of what individuals complained about.

She said the Irish DPC wanted to play its part in “effective regulation of what we know is a jealously guarded fundamental right of individuals”.

It had prevented many “major instances of unacceptable interference with privacy rights” through its “engaged” approach with the internet giants, she insisted.

The office opened 932 complaints in 2015 and the commissioner issued formal decisions in 52 cases. It dealt with 14,427 email queries, more than 16,000 calls to its helpdesk, 855 queries by post and 1,050 queries through its online complaints form.