Helen Dixon: Compliance on data protection needs ‘constant vigilance’

Watchdog stresses engagement over enforcement with large firms like Facebook

Helen Dixon: “Other privacy regulators in Europe now are asserting jurisdiction over Facebook in certain cases.”  Photograph: Cyril Byrne / THE IRISH TIMES

Helen Dixon: “Other privacy regulators in Europe now are asserting jurisdiction over Facebook in certain cases.” Photograph: Cyril Byrne / THE IRISH TIMES

 

Engagement with Irish-based multinationals such as Facebook and LinkedIn remains a “constant task for vigilance” and engagement on the new products and services they roll out, Data Protection Commissioner Helen Dixon has said.

Publishing her annual report for 2015 this week, Ms Dixon said her office's interaction with both companies had resulted in changes to products, either through design or how they were presented to customers.

In relation to Facebook, the report said the company announced additional functionality in September 2015, following “intense engagement” over a number of months. This allowed users opt out of online behavioural advertising through the Facebook service itself.

Asked if her office had considered any enforcement action against either company over products and services, particularly in light of actions taken by other data protection authorities in the EU, Ms Dixon said: “We are very committed to this approach of engaging with the multinationals, not simply waiting for them to arrive at a point of contravention where we have to chase after them retrospectively. We do firmly believe the way in which we work with them produces much better safeguards for data subjects.”

Facebook is currently appealing a ruling in Belgium that ordered it to stop storing data from people who don’t have an account with the social network, or face a €250,000 daily fine. At issue is the consent required for the company’s use of the so-called Datr cookie, which Facebook says it uses to protect its platform and users’ data against “malicious attacks”.

Ms Dixon said her office had seen a number of “wins” with Facebook and LinkedIn last year. “In terms of whether they’re in compliance, these multinationals are acquiring other companies at a rate of knots.”

They were constantly amending their services and their privacy policies.

“I don’t think anyone at any moment in time can ever say an organisation is in compliance.

“This is a constant task for vigilance,” Ms Dixon said.

On how frequent the office’s contact with the multinationals was, Ms Dixon said: “It’s daily, it’s weekly. They’re in and out and they are proactively seeking our engagement because their services are not static.”

“Other privacy regulators in Europe now are asserting jurisdiction over Facebook in certain cases, or in particular the Belgian regulator has been looking at that Datr cookie.

“I suppose it remains to be seen arising out of that investigation whether the Datr cookie passes the test for necessity under the e-privacy regulations and therefore doesn’t require notice in the same way or whether notice is required and it’s appropriate to what Facebook is offering. We’ll never be saying ‘they’re all in compliance – tick’.”

Deputy Data Protection Commissioner John O’Dwyer said the office did not yet know whether issues would arise from the acquisition by Microsoft of LinkedIn.

“All those are constantly discussed in our interactions with the multinationals.”

Among the companies and organisations targeted for audit by the office last year were Adobe, Aer Lingus, Allianz, Zurich Insurance, the State Claims Agency, Bank of Ireland, Axa Insurance, Aviva Insurance, Ulster Bank, AIB, Start Mortgages, Marks and Spencer, Woodies DIY and the Dublin Bikes scheme.

The office also took part in the third Global Privacy Enforcement Network privacy sweep in 2016, examining 18 apps and websites either targeted at or popular among children.

Ms Dixon said the Schrems case before the Court of Justice of the European Union had caused her office to deploy “significant” resources to a “lengthy and complex” investigation that was still ongoing.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.