They won't do anything. Had this exact scenario with two Shopify-based sites where my address somehow ended up with the second shop. Reported it, shop 1 investigated themselves and found themselves to be innocent, case closed.
That would be illegal. I doubt Shopify are to blame here, it's more likely one of the gazillion plugins that every shop uses was the vector. Either way, it's highly likely the shop owner is the data controller, from a legal perspective.
(Scenario: E-Mail address A with shop A, address B with shop B, then received a newsletter I did not subscribe to [already illegal] from shop B to address A. Only common data point: PayPal account.)
Just based on my comment the search query "Ireland compliance haven" would work, but for a more specific one, "ireland DPC big tech before:2026". The "before" is needed because else you'll only get news from a week ago exuberantly claiming that they're changing their behaviour.
Handling of their cases [0]. Suing the EU when it instructs them to investigate Meta's breaches, rather than doing the investigation [1].
> Former Meta lobbyist Niamh Sweeney will co-lead the Irish Data Protection Commission from mid-October. [2]
> A corporate lawyer who has worked for Big Tech played a key role in picking [her].
The DPC is the one responsible for going after GDPR violations. On the level of "Saudi Aramco lobbyist will co-lead the Environmental Protection Board". A lobbyist for the single worst offender in the entire world. You couldn't make it up. If you put it in a movie people would say it's too on the nose.
They won't do anything. Had this exact scenario with two Shopify-based sites where my address somehow ended up with the second shop. Reported it, shop 1 investigated themselves and found themselves to be innocent, case closed.
Shopify shares these I think, no?
That would be illegal. I doubt Shopify are to blame here, it's more likely one of the gazillion plugins that every shop uses was the vector. Either way, it's highly likely the shop owner is the data controller, from a legal perspective.
(Scenario: E-Mail address A with shop A, address B with shop B, then received a newsletter I did not subscribe to [already illegal] from shop B to address A. Only common data point: PayPal account.)
They'll just be incorporated in Ireland who are more than happy to be a haven for such criminals.
Where can I read more about this?
Just based on my comment the search query "Ireland compliance haven" would work, but for a more specific one, "ireland DPC big tech before:2026". The "before" is needed because else you'll only get news from a week ago exuberantly claiming that they're changing their behaviour.
Handling of their cases [0]. Suing the EU when it instructs them to investigate Meta's breaches, rather than doing the investigation [1].
> Former Meta lobbyist Niamh Sweeney will co-lead the Irish Data Protection Commission from mid-October. [2]
> A corporate lawyer who has worked for Big Tech played a key role in picking [her].
The DPC is the one responsible for going after GDPR violations. On the level of "Saudi Aramco lobbyist will co-lead the Environmental Protection Board". A lobbyist for the single worst offender in the entire world. You couldn't make it up. If you put it in a movie people would say it's too on the nose.
[0] https://noyb.eu/en/project/dpa/dpc-ireland
[1] https://iapp.org/news/a/court-upholds-edpb-s-authority-after...
[2] https://www.politico.eu/article/big-tech-lawyer-key-in-picki...