Irish Data Protection Commission Disappointed With 2020 Budget
The data protection commission, one of the world's most vigilant, is disappointed in the government for its smaller-than-expected budget next year.
Ireland's Data Protection Commissioner (DPC) is cautioning the government there that it could be doing damage by not granting it a larger budget increase for 2020.
Helen Dixon, the head of one of the more vigilant data protection commissions in Europe, released a statement last week saying she was disappointed with the government's decision to only increase its budget by €1.6 million next year, roughly less than a third of the €5.9 million it asked for.
The increase brings the department’s total 2020 funding to €16.9 million, about an 11% increase on the 2019 allocation.
Dixon reasons that because of the influx of data protection issues stemming from GDPR and the complexities associated with ensuring compliance, the DPC should have received a higher figure.
“The DPC is disappointed that the additional funding allocated is less than one third of the funding that the DPC requested in its budget submission. The submission reflected a year of experience of regulating under the General Data Protection Regulation (GDPR) and highlighted the increased volumes and complexities involved,” Dixon said last week, “The DPC must now reassess its planned expenditure for 2020, particularly in relation to foreseen “non-pay” expenditure for which the DPC has received a zero increase in allocation.”
With the funding, the DPC was planning on adding to its workforce, from 138 employees to 190 – eventually, at some point, landing on a targeted staff of 248 - but those number will have to be adjusted now, according to Dixon.
The DPC actually wanted to increase its headcount this year but has had difficulty thanks what’s believed to be a shortage in cybersecurity skills. According to a report in The Journal, a publication that’s overseen by the Press Council of Ireland and the Office of the Press Ombudsman, the DPC had hoped to have 180 staff on the books by the end of this year. Per a Freedom of Information request, the DPC will have just 148 employees due to the “highly competitive landscape for specialist skills.”
The DPC’s pleas come as its engaged in a tug of war with the government, specifically the Department OF Employment Affairs and Social Protection, and its ability process personal data related to the Public Services Card. The DPC ruled earlier this year (.PDF) that was unlawful for the State to keep data on more than three million people who have a public services card.
Data protection authorities worldwide have obviously taken on a great deal of additional work following last year's implementation of the General Data Protection Regulation. Ireland's claims it has fielded over 7,000 complaints just this year, issuing nearly 5,000 breach notifications in the same span.
The news highlights a growing trend, not just in the UK and Europe, but elsewhere, as many data protection authorities don't have the staff to keep up with mounting regulations.
We learned last week (.PDF) that California’s Attorney General has budgeted funds into 2021 to hopefully mitigate some of the stress around the CCPA. According to a Notice of Proposed Rulemaking Action last week, the AG will reportedly hire 23 additional full-time staff and expert consultants to enforce and defend the CCPA.