Data Protection Commission issued fines of €652m in 2024

The Data Protection Commission (DPC) issued fines totalling €652m in 2024, dealing with 11,091 cases from individuals, its 2024 report published on Thursday reveals.
In October 2024, the DPC fined networking site LinkedIn €310m as part of a probe into its processing of users' data for behavioural analysis and targeted advertising, while in December 2024, the DPC fined Facebook owner Meta €251m over a data breach.
There were 7,781 data breaches confirmed in 2024, representing an 11% increase on 2023. Around half of these breaches were a result of correspondence being sent to the wrong recipient.
The DPC concluded 145 valid cross-border complaints as the EU's lead supervisory authority during 2024.
A total of 146 electronic direct marketing investigations were concluded in 2024 and the DPC prosecuted eight companies for the sending of unsolicited marketing communications without consent.
Meanwhile AI technology must be introduced in a way that protects individuals, especially children and the vulnerable, the Data Protection Commission warned in the report.
The introduction of AI will require further safeguarding, and new technological developments must be introduced in a way that protects individuals, especially children and the vulnerable, Commissioner for Data Protection commmissioner and chair Des Hogan said.
'The protection of our personal data is more important than ever as our daily transactions now routinely occur through technologies," Mr Hogan said.
"The DPC's wide range of activities during the last year points to how fair, consistent regulation can lead to individuals across Europe trusting that their personal data is being used in a lawful and safe manner and that they have control over their data.'
An independent survey of public attitudes carried out in May 2025 on behalf of the DPC found that 61% of people in Ireland are concerned with the use of AI.
It also found 77% of respondents are concerned with how children's personal data is being shared and used online while 76% of people were concerned with how personal data is used to create a digital profile of themselves which could can be shared, sold or traded.
Concerns over technology and safety of personal data were highest in those aged over 55 while people aged 18-34 were generally less concerned. Just over half of those surveyed believe that data protection laws ensure companies using information do so responsibly, with one in five not aware of how the law effects them.
"The findings indicate strong levels of awareness and recognition of the importance of data protection, particularly in the context of emerging technologies, products and services," said DPC commissioner Dale Sunderland. "This insight is critical as we undertake the mid-term review of the DPC Regulatory Strategy."

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

The Irish Sun

2 days ago

• The Irish Sun

Sky Ireland in fresh ‘consequences' dodgy box warning to thousands of Irish households amid illegal streaming clampdown

SKY Ireland is warning thousands of households that dodgy box users and distributors will face "consequences" if caught illegally streaming content. It's believed that at least 400,000 people in Ireland use a dodgy box to access content. Dodgy boxes allow people to illegally stream It is If caught, it could lead to fines of up to €127,000 or Sky Ireland and other industry bodies will shortly appear before the READ MORE IN IRISH NEWS The appearance comes after an injunction and search order was issued against a potential operator of an illegal streaming service in Two others linked to the dodgy box operation were issued cease-and-desist orders. Issued by Federation Against Copyright Theft, it warned them they would face criminal prosecution if they failed to stop 'illicit streaming activities'. Sky Ireland CEO JD Buckley told the MOST READ IN THE IRISH SUN "We continuously evolve our investigative strategies to crack down on illegal streaming and protect consumers from risks including malware, "Further action will follow with consequences for those identified as operating illegal services and for those who watch them." The Data Protection Commission confirmed that it has been engaging with USE OF PERSONAL DATA This relates to Sky's use of personal data in an effort to clamp down on the issue. DPC Chairperson Dr Des Hogan told RTE: "There are legitimate reasons why companies might decide that they want to take action against fraud. "However, the use of personal data would be the question for us, and whether that's been done in an appropriate, ethical manner." He revealed that both parties have been in talks for some time, and will have a meeting in two weeks. Hogan added: "Any sharing of personal data, or processing of that personal data outside a company has to be done in a lawful manner under the GDPR. "So that will be the focus of our discussions, and has been the focus of our discussions with Sky and we're hopeful we'll see a successful landing point from those discussions." It's understood that Sky has confirmed it has been in talks with the DPC regarding this issue for some time. A spokesperson said: "We look forward to continuing our discussions with them on this important matter." 1 It's believed around 400,000 people use dodgy boxes in Ireland Credit: Getty Images - Getty

Irish Examiner

2 days ago

• Irish Examiner

Data Protection Commission issued fines of €652m in 2024

The Data Protection Commission (DPC) issued fines totalling €652m in 2024, dealing with 11,091 cases from individuals, its 2024 report published on Thursday reveals. In October 2024, the DPC fined networking site LinkedIn €310m as part of a probe into its processing of users' data for behavioural analysis and targeted advertising, while in December 2024, the DPC fined Facebook owner Meta €251m over a data breach. There were 7,781 data breaches confirmed in 2024, representing an 11% increase on 2023. Around half of these breaches were a result of correspondence being sent to the wrong recipient. The DPC concluded 145 valid cross-border complaints as the EU's lead supervisory authority during 2024. A total of 146 electronic direct marketing investigations were concluded in 2024 and the DPC prosecuted eight companies for the sending of unsolicited marketing communications without consent. Meanwhile AI technology must be introduced in a way that protects individuals, especially children and the vulnerable, the Data Protection Commission warned in the report. The introduction of AI will require further safeguarding, and new technological developments must be introduced in a way that protects individuals, especially children and the vulnerable, Commissioner for Data Protection commmissioner and chair Des Hogan said. 'The protection of our personal data is more important than ever as our daily transactions now routinely occur through technologies," Mr Hogan said. "The DPC's wide range of activities during the last year points to how fair, consistent regulation can lead to individuals across Europe trusting that their personal data is being used in a lawful and safe manner and that they have control over their data.' An independent survey of public attitudes carried out in May 2025 on behalf of the DPC found that 61% of people in Ireland are concerned with the use of AI. It also found 77% of respondents are concerned with how children's personal data is being shared and used online while 76% of people were concerned with how personal data is used to create a digital profile of themselves which could can be shared, sold or traded. Concerns over technology and safety of personal data were highest in those aged over 55 while people aged 18-34 were generally less concerned. Just over half of those surveyed believe that data protection laws ensure companies using information do so responsibly, with one in five not aware of how the law effects them. "The findings indicate strong levels of awareness and recognition of the importance of data protection, particularly in the context of emerging technologies, products and services," said DPC commissioner Dale Sunderland. "This insight is critical as we undertake the mid-term review of the DPC Regulatory Strategy."

RTÉ News​

2 days ago

• RTÉ News​

Data watchdog engaging with Sky on 'dodgy box' clampdown

The Data Protection Commission (DPC) said it has been engaging with Sky on the company's efforts to clampdown on so-called TV 'dodgy boxes'. These are devices used to illegally stream content such as sports and movies. The DPC's contact with Sky relates to the company's use of personal data to take action against illegal streaming. "There are legitimate reasons why companies might decide that they want to take action against fraud," said DPC Chairperson Dr Des Hogan. "However, the use of personal data would be the question for us, and whether that's been done in an appropriate, ethical manner. "We have been in engaging with Sky for some time, and we're going to be meeting them in two weeks time, and I expect that we'll be bringing things forward with them at that point in time. "Any sharing of personal data, or processing of that personal data outside a company has to be done in a lawful manner under the GDPR," Dr Hogan said. "So that will be the focus of our discussions, and has been the focus of our discussions with Sky and we're hopeful we'll see a successful landing point from those discussions," he added. DPC engaging with WhatsApp on ads WhatsApp announced this week that it will begin rolling out advertising features on the messaging app. The Data Protection Commissioner said his office is engaging with the company on the matter, and that the ads will not be rolled out in the European Union until 2026. "We have been engaging with WhatsApp and we will be engaging with WhatsApp during the year, with our with our fellow European data protection regulators," Dr Hogan said. "It's an ongoing conversation and if we have concerns, we will, of course, talk to WhatsApp about that. "We've only been informed that they that they are going to roll this out in 2026 so it is very, very early in terms of keeping an eye on that," he added. Doorbell cameras a challenge The Data Protection Commission said there has been an increase in complaints relating to domestic CCTV and doorbell cameras. "I think obviously there's awareness of what CCTV does, doorbell cameras, perhaps not the same consciousness. It's an ongoing challenge for the DPC in dealing with these issues," said Dale Sunderland, Data Protection Commissioner. "The bottom line is the case law. The European courts are very clear here that if the cameras point into public areas and capture people in public spaces, those individuals who operate them are subject to data protection requirements," Mr Sunderland said. The DPC said it will be soon be developing additional guidance for the public on domestic CCTV and doorbell cameras. Increase in data breaches last year There was increase in the number of data breach notifications received by the DPC last year. According to its annual report for 2024, the DPC received 7,781 valid data breaches last year, which was an 11% increase 2023. 50% of notified cases arose as a result of correspondence being sent to the wrong recipient. In keeping with the trend of previous years, public sector bodies and banks accounted for the top ten organisations with the highest number of breach notifications recorded against them. Insurance and telecom companies featured prominently in the top 20. The DPC issued 11 finalised inquiry decisions resulting in administrative fines totalling €652 million during 2024. Significant decisions included a fine of €310 million imposed on LinkedIn, and fines totalling €251 million for Meta. Since the introduction of the General Data Protection Regulation (GDPR) in May 2018, the DPC has imposed fines of more than €4 billion on big tech firms. Just €20 million of that has been paid, as most of the rulings are under appeal. Last year, the DPC received 11,091 new cases from individuals and concluded 10,510 cases. The commission said that so far this year, there has been a 17% increase in complaints. Also in 2024, the DPC led efforts to provide greater clarity to the application of data protection requirements in artificial intelligence (AI) model training and development. Public attitudes survey To coincide with the publication of its 2024 Annual Report, the Data Protection Commission has also released the results of an independent public attitudes survey. The research showed that almost three-quarters of respondents believe it to be either quite or very important that organisations designing, developing or using innovative new technologies, products and services comply with data protection requirements, even if it might mean a delay in implementation. When asked about concerns around technology and data protection, 77% of respondents said they were concerned with how children's personal data is being shared and used online. A similar number said they were concerned with how personal data is used to create a digital profile of themselves which could can be shared, sold or traded.