The number of data breaches reported in Ireland rose by 11% last year, with half of these being due to misdirected correspondence accidentally going to the wrong person.
The figures were published on Wednesday as part of the DPC’s Annual Report for 2024, alongside the results of a new Public Attitudes Survey. The report found that around half of all breaches reported in 2024 involved correspondence being sent to the wrong recipient.
The Commission received 7,781 valid breach notifications over the course of the year, and concluded 81% of them by year’s end. The number represents a marked 11% rise on the previous year, when 7,008 breaches were reported.
The DPC also issued €652 million in administrative fines through 11 inquiry decisions in 2024. Among the largest was a €310 million fine on LinkedIn in October, after the Commission found the platform’s targeted advertising practices were not lawful or transparent. LinkedIn was also ordered to bring its operations into compliance with EU law.
Meta Platforms Ireland was similarly hit with fines totalling €251 million in December, following two inquiries into data breaches dating back to 2018.
A further fine of €22,500 was issued to the Department of Health, which was later confirmed in the Dublin Circuit Court. Eight companies were prosecuted for sending marketing communications without consent, with the courts directing a combined €9,725 in charitable contributions in lieu of conviction.
Dr Des Hogan, Chairperson and Commissioner for Data Protection, said the report showed that fair regulation was crucial for public trust in the digital age.
“The protection of our personal data is more important than ever,” he said.
“The DPC’s wide range of activities during the last year points to how fair, consistent regulation can lead to individuals across Europe trusting that their personal data is being used in a lawful and safe manner and that they have control over their data.”
According to the report, the DPC handled 11,091 new cases in 2024, resolving 10,510 by year end. Of these, 2,673 progressed to formal complaint handling, with 2,357 resolved – over half of which had been received in previous years.
The DPC also played a key role in European regulation around artificial intelligence. Following a 14-week process with EU/EEA counterparts, the DPC requested and helped shape a formal opinion from the European Data Protection Board on how AI model training should be governed. The opinion was adopted in December.
The Public Attitudes Survey published alongside the report found that 3 in 4 people believe compliance with data protection rules should take precedence over the rapid rollout of new technologies. Two-thirds of respondents said they would trust an organisation “a lot less” if it misused personal data.
Survey respondents expressed strong concern over the sharing of children’s data (77%), the use of personal data to create digital profiles (76%), and artificial intelligence (61%).
However, younger people were significantly less concerned overall. According to the findings, those aged 55 and over were far more likely to express concern about data use and technology than those aged 18–34.
Just over half of people surveyed believed data protection laws ensured companies used data responsibly, though one in five were unaware of how the law affected them. Seventy percent said they trusted the DPC to uphold their rights.
Commenting on the findings, Commissioner Dale Sunderland said the results offered “valuable insight” into the public mindset.
“The results of this public attitudes survey provide valuable insight into how the public views data protection and the role of the Data Protection Commission,” he said.
“The survey also highlights public concerns and expectations around how personal data is used by organisations, while revealing notable differences in perspectives across age groups and regions.”
The DPC was first established under the Data Protection Act 1988 and became the lead regulator for many major tech companies after the GDPR came into effect in 2018. Since then, it has led dozens of cross-border investigations into privacy breaches and compliance failures by multinational firms operating in the EU.