The Data Protection Commissioner in Ireland has a statutory obligation to follow up on all complaints received regarding abuse of someone’s personal data.

Under section 10 of the Data Protection Acts, 1988 and 2003, the Commissioner must investigate any complaints which he receives from individuals who feel that personal information about them is not being treated in accordance with the Act, unless he is of the opinion that such complaints are “frivolous or vexatious”.

Damien Mulley recently complained to the Data Protection Commissioner about unsolicited commercial emails (spam) he received from Thinkhouse PR despite asking that his email address be removed from their database.

Bizarrely, Jane McDaid of Thinkhouse PR in a comment on James‘ site said that the Data Protection Office had apologised for having to follow up the complaint!

the DAta Protection AGency has reverted to THPR on the matter to which you refer. THey have confirmed that no further action will be taken against THinkhouse. They also apologied for having to follow the complaint up.

I’m sorry, what? The Data Protection Commissioner apologised for having to follow up on a complaint from a member of the public? Really? Oh, I’d love to hear the reason for that apology or see documentary evidence of the apology. Not that I doubt Jane’s word that they did apologise, I’m just curious to see what the grounds for the apology were to a company which had sent unsolicited emails.

If this is the case (and I am not calling Jane or Thinkhouse PR liars – if Jane said the Data Protection Commissioner apologised, then I’m sure they did), just who is the Data Protection Commissioner acting for?