Helen Dixon has confirmed that she will leave her role as the State’s data-protection commissioner in early 2024 after a decade in the job.
Ms Dixon, who was in the final year of her second term at the helm of the most influential data regulator in the European Union, was due to vacate the position next year after the Government reappointed her to the position in 2019.
In a statement published on LinkedIn, Ms Dixon confirmed February 19th as her departure date.
“I look back with great satisfaction at what the Data Protection Commission (the DPC) has achieved over the last nine and a half years,” she said. “I have had the opportunity to transform the DPC from a small regionally-based office of 27 staff into an independent regulatory body today with over 215 committed experts, headquartered in Dublin, and internationally recognised for the quality of its staff and work.”
Will a new direction for RTÉ ensure the broadcaster’s long-term future?
During her tenure, Ms Dixon oversaw the Irish roll-out of the European General Data Protection Regulation (GDPR), a process that she said on Wednesday remained “a work in progress”. She said: “As the larger-scale enforcement cases now conclude, we see in Ireland and beyond that these decisions are often subject to judicial challenge. It will take a further number of years to bottom-out definitive interpretations of applications of this principles-based law but the groundwork is now well laid.”
Ms Dixon and her office have faced stiff criticism and legal challenges from data privacy campaigners over the DPC’s speed of decision-making and enforcement of GDPR rules against some of the world’s biggest technology companies.
In that time, however, the commission has also levied huge fines against some of the largest internet platforms. It has been responsible for four of the five largest penalties handed out under GDPR across the bloc since its adoption in 2018, including the decision in May to penalise Facebook owner Meta and impose a record €1.2 billion fine in relation to the transfer of European user data to the United States.
Most recently, in September her office fined TikTok €345 million for violating children’s privacy on its video-sharing app, after finding adults could enable direct messages for certain teenagers with whom they had no family connection.
The case against the Chinese-owned tech giant also showed how TikTok’s “family pairing” feature could link children’s accounts to “unverified” adults who were not their parents or guardians. The High Court gave TikTok permission last month to challenge the fine, describing it as “disproportionate”.
Ms Dixon was also embroiled in a public stand-off with the Government over aspects of the roll-out of the public services card (PSC). After a two-year investigation, the DPC found, among other things, in 2019 that there was no basis in legislation for State bodies to demand someone register for a PSC in order to avail of services.
The DPC subsequently received less than a third of the additional funding it sought in Budget 2020, although the commission’s annual budget has increased from €1.9 million in 2010 to €26.2 million.
On Wednesday, Ms Dixon said: “I believe Ireland has much to be proud of in terms of its data-protection regime including the consistent support by government since my appointment in 2014 with budgetary increases to facilitate necessary capacity and capability improvements at the DPC.”