C037-10319 Ulster Bank Ireland DAC

The DPC tried to resolve the case amicably but we disagreed because some violations were outstanding. Accordingly, the DPC will now proceed in accordance with the provisions of section 109(4) of the Act.

DPC provides the full answer of the respondent

noyb sends a letter answering that only violation type B has been remedied, type A & K are remaining, therefore no amicable settlement possible

Response from controller is that having no reject button is in line with the GDPR and that they identified the data subject.

noyb responded that that (1) this does not make sense under Irish ePrivacy law and (2) the complaint is brought also under GDPR and their own ePrivacy guidance says that if there is personal data in cookie, GDPR applies too. We told them to get back by 19 July.

DPC wrote that their assessment suggests that the DPC may not be the competent authority to carry out investigations under Regulation 17 of S.I. No. 336 of 2011 because the complainant's device was outside of Ireland at the time of the violation.

DPC wrote 'The purpose of this letter is to inform you that the DPC is still considering these complaints and the appropriate legislative framework under which to deal with them.'

noyb asked to indicate a specific date when the next update can be expected and when we can get access to the submissions - if any were made