The Irish Data Protection Commissioner (the "DPC") has stated his intention to carry out scheduled audits of major social media companies that have operations in Ireland. Commissioner Billy Hawkes said that many such companies had their European headquarters in Ireland and therefore they fell under his jurisdiction as Irish Data Protection Commissioner He added that Ireland had a significant responsibility to the rest of Europe in this regard.
Under the Data Protection Acts 1998 and 2003, the DPC has powers to carry out data protection audits and inspections to ensure compliance with the law and to identify possible breaches. Each year the Commissioner decides the office's target sectors for audit for that year. Scheduled audits are intended to provide some forewarning to the operators in the sector and to give them an opportunity to address any perceived issues and perhaps to commence engagement with the DPC's office.
The DPC plans to conduct a scheduled audit of a leading international social media company this year and we understand the DPC is in discussions with the company in relation to when that will commence and the scope of that audit. Whilst the DPC's staff numbers and budget have increased in anticipation of more audits, we would nonetheless anticipate that the audits will be undertaken one at a time rather than in parallel with each other.
The DPC's comments come in the wake of the widely-publicised Facebook audit undertaken by his office. Facebook has clearly benefited from the DPC audit because it has given it a "clean bill of health" from a data protection perspective. The DPC's audit of Facebook also demonstrated that their business model is sustainable from a data protection perspective, thus underlining the importance of data protection compliance as a driver of shareholder value.
In our recent e-zine, which we dedicated to data protection to coincide with Global Data Protection Day on 28 January, we referenced the Facebook audit, DPC audits in general, the forthcoming Data Protection Regulation and more. You can view our full ezine here. We also marked Global Data Protection Day with a breakfast seminar on 28 January featuring guest speaker Irish Data Protection Commissioner Billy Hawkes.
You can view video excerpts from the seminar here.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.