DSAR - DPO Hub

noyb win: 🇳🇱 Dutch DPA fines Netflix €4.75m for lack of information

members – 1 min read

noyb gets their first big win in their streaming services complaint project, filed in January 2019 against eight companies: Amazon Prime, Apple Music, DAZN, Flimmit, Netflix, SoundCloud, Spotify and YouTube. Unsurprisingly, Netflix has already objected.

Dec 19, 2024

Rights: Access (DSAR)

members – 3 min read

Added: From 🇩🇪 Berlin DPA's 2023 annual report: DSARs should include "TIA summary or result". Also see 🇩🇰 DPA: no fees allowed, and 🇫🇮 DPA: using a proxy is fine. Got a DSAR? Start here for all things right of access: Article 15 elements table, access request flowchart and key CJEU rulings!

Nov 9, 2024

Italy: bank fined €1m and rental company €250k for unclear DPAg and no legal basis

members – 4 min read

The 🇮🇹 Garante fined a bank €1 million for anti-fraud checks as a processor on behalf of a group company without a legal basis, breaching both Articles 28(3) and 5(1)(a). The rental company was separately fined €250,000, also for an insufficient privacy notice. Here are your key takeaways! 💡

Aug 21, 2024

CJEU C-154/21 RW v Österreichische Post (recipients)

members – 3 min read

You have the right to know to whom your personal data have been disclosed, with the actual identity of the recipients. (2023 ruling added to Right of access Topic page.)

Aug 16, 2024

EDPB Guidelines 1/2022 Right of access

members – 3 min read

A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.

Jul 19, 2024

Rights: Access (DSAR) - examples

members – 40 min read

Right of access examples from the EDPB and ICO.

Jul 17, 2024

CJEU C-461/22 MK (legal guardian)

members – 1 min read

A former legal guardian who acted in a professional capacity is a controller and must comply with the GDPR, including the right of access.

Jul 14, 2024

CJEU C-487/21 Österreichische Datenschutzbehörde v CRIF (right to copy)

members – 5 min read

You have the right to a faithful and intelligible copy of all your personal data, even full documents or extracts from documents or databases, if that's crucial for your rights and while respecting others' rights and freedoms.

Jun 14, 2024

CJEU C-579/21 Pankki S

members – 4 min read

You have the right of access to data processed before the GDPR took effect, if you requested it after that date, and to know when and why it was accessed—but not by whom, unless crucial for your rights and while respecting others' rights and freedoms.

May 27, 2024

CJEU C-307/22 Copies du dossier médical

members – 1 min read

You have the right to a full copy of your medical journal, free of charge!

Nov 6, 2023

Norway DPA fines fitness chain NOK 10m following DSARs

members – 2 min read

…

Feb 8, 2023

CJEU: You must inform people about the names of all recipients

members – 1 min read

…

Jan 12, 2023