C037-213 Microsoft Ireland Operations Limited

Pointing out to the DPC that they should investigate in full and take into account the legal provisions mentioned in the complaints.

DPC has commenced an Inquiry under Section 110 1 of the Act 18

The DPC tried to resolve the case amicably but we disagreed because some violations were outstanding. Accordingly, the DPC will now proceed in accordance with the provisions of section 109(4) of the Act.

violation type K not remedied.

DPC forwarded the controller's submission

noyb responded to the DPC that they excluded one case from their list of complaints and requested that all complaints be covered.

DPC confirmed they will start the investigation of 17 complaints.

DPC one-liner they will respond in the coming days

noyb responded that the DPC is competent to investigate the cases under the GDPR and that it does not make sense to forward them to the telecoms authorities abroad. noyb provided evidence that personal data was processed when submitting complaints.

DPC letter insisting they are not competent to investigate

DPC worte that they will respond in the coming days.

noyb responded that that (1) this does not make sense under Irish ePrivacy law and (2) the complaint is brought also under GDPR and their own ePrivacy guidance says that if there is personal data in cookie, GDPR applies too.

DPC wrote that their assessment suggests that the DPC may not be the competent authority to carry out investigations under Regulation 17 of S.I. No. 336 of 2011 because the complainant's device was outside of Ireland at the time of the violation.

DPC is still considering complaints and the appropriate legislative framework under which to deal with them.

noyb asked DPC to indicate a specific date when the next update can be expected and when we can get access to the submissions, if any were made.

DPC acknowledged receipt of the complaint and is assessing it.