C037-312 Microsoft Ireland Operations Limited

cookie banner
Case project
Controller
Microsoft Ireland Operations Limited
Case status
Pending (3 - 4 years)
Filed: (3 years 3 months ago)

One of our series of complaints on cookie banners.

Protocol
Data Podsumowanie
19.04.2023
Letter to DPC about scope

Pointing out to the DPC that they should investigate in full and take into account the legal provisions mentioned in the complaints.

19.04.2023
Receipt by DPC
14.03.2023
DPC Letter to noyb
17.02.2023
Letter to DPC for Clarification
25.01.2023
DPC Inquiry

DPC has commenced an Inquiry under Section 110 1 of the Act 18

If we wish to make any further submissions/comments or provide any further information/material to the DPC in relation to this GDPR complaint, these can be provided to the Lead Investigator for this Inquiry by 5.30 pm on Friday 17 February 2023.

25.01.2023
DPC commencement of inquiry
29.11.2022
DPC non amicable resolution letter

The DPC tried to resolve the case amicably but we disagreed because some violations were outstanding. Accordingly, the DPC will now proceed in accordance with the provisions of section 109(4) of the Act.

17.11.2022
Submission by noyb sent

They cannot authenticate the complainant because she was not logged in; they only processed "browser serial number" at the time; violation type K not remedied.

10.11.2022
DPC forwarded

DPC forwarded the controller's response to the complaint.

10.11.2022
Controller submission
11.08.2022
noyb responded

noyb responded to the DPC that they excluded one case from their list of complaints and requested that all complaints be covered.

10.08.2022
DPC will investigate

DPC confirmed they will start the investigation of 17 complaints.

05.08.2022
DPC will respond

DPC one-liner they will respond in the coming days

02.08.2022
noyb responded

noyb responded that the DPC is competent to investigate the cases under the GDPR and that it does not make sense to forward them to the telecoms authorities abroad. noyb provided evidence that personal data was processed when submitting complaints.

29.07.2022
DPC letter

DPC letter insisting they are not competent to investigate

19.07.2022
DPC will respond

DPC worte that they will respond in the coming days.

12.07.2022
noyb responded on competence

noyb responded that that (1) this does not make sense under Irish ePrivacy law and (2) the complaint is brought also under GDPR and their own ePrivacy guidance says that if there is personal data in cookie, GDPR applies too. We told them to get back by 19

11.07.2022
DPC may not be competent

DPC wrote that their assessment suggests that the DPC may not be the competent authority to carry out investigations under Regulation 17 of S.I. No. 336 of 2011 because the complainant's device was outside of Ireland at the time of the violation.

07.03.2022
DPC wrote to us

DPC wrote ""The purpose of this letter is to inform you that the DPC is still considering these complaints and the appropriate legislative framework under which to deal with them.""

07.03.2022
noyb asked to provide an update date

noyb asked to indicate a specific date when the next update can be expected and when we can get access to the submissions, if any were made.

10.09.2021
DPC acknowledged receipt

DPC acknowledged receipt of the complaint and is assessing it.

10.08.2021
Complaint