The Irish Data Protection Commissioner Helen Dixon has warned of a growing threat posed by “Digital Ambulance Chasers”, as she noted a dramatic increase in the volume of complaints submitted for investigation where the primary motive bore little apparent relation to genuine concerns of privacy.
The Data Protection Commission recently received an annual funding increase to 5m, as it gears up to deal with the far-reaching impacts expected following the adoption of the new GDPR.
However In a speech to a conference hosted by the Irish Centre for European Law, Commissioner Dixon noted an upturn in the volume of questionable cases, and questioned the motivations of certain complainants.
“I think we are starting to see the rise in digital ambulance chasers in terms of certain legal firms presenting volumes of cases to the office where essentially their goal is to obtain a formal determination of the data protection commissioner that organisation XYZ is in breach of data protection legislation,” the commissioner said.
Speculating that such complaints might come with a hostile commercial motivation, or reflect other kinds of relationship breakdown or “power asymmetry”, she commented : “I wonder if this type of digital ambulance chasing really represents anyone’s interests well. It ties up the time of the data protection authority investigating and writing up determinations in cases where the controller has already acknowledged the contravention and attempted to right the wrong.”
GDPR allows for significant fines up to €20m or 4% of global turnover, for firms that are found not to have complied with the regulation. Commentators have speculated that it may become commercially worthwhile for hostile businesses to attempt to lodge allegations of data breaches against other, perhaps competing, organisations.