Dealing with access requests in practice
members
–
3 min read
Recommendations on how to deal with the Right of access - DSARs - in practice (with grumpy DSARs checklist).
EDPB press release: Right of access CEF 2024 report
members
–
1 min read
30 DPAs participated in EDPB's 2024 CEF action on the Right of access, involving 1185 controllers. 7 identified challenges like lack of documented procedures and requesting excessive ID docs. And more awareness is needed.
noyb win: 🇳🇱 Dutch DPA fines Netflix €4.75m for lack of information
members
–
1 min read
noyb gets their first big win in their streaming services complaint project, filed in January 2019 against Amazon Prime, Apple Music, DAZN, Flimmit, Netflix, SoundCloud, Spotify and YouTube. Unsurprisingly, Netflix has already objected.
Rights: Access (DSAR, Right of access)
members
–
3 min read
Added: From 🇩🇪 Berlin DPA's 2023 annual report: DSARs should include "TIA summary or result". Also see 🇩🇰 DPA: no fees allowed, and 🇫🇮 DPA: using a proxy is fine. Got a DSAR? Start here for all things right of access: Article 15 elements table, access request flowchart and key CJEU rulings!
Italy: bank fined €1m and rental company €250k for unclear DPAg and no legal basis
members
–
4 min read
The 🇮🇹 Garante fined a bank €1 million for anti-fraud checks as a processor on behalf of a group company without a legal basis, breaching both Articles 28(3) and 5(1)(a). The rental company was separately fined €250,000, also for an insufficient privacy notice. Here are your key takeaways! 💡
CJEU C-154/21 RW v Österreichische Post (recipients) 12 Jan 2023
members
–
3 min read
You have the right to know the actual identities of the recipients your personal data has been shared with.
EDPB Guidelines 1/2022 Right of access
members
–
3 min read
A snapshot of the EDPB Guidelines dealing with DSARs: Brief overview, key points, and some advice for data protection pros.
Rights: Access (DSAR) - examples
members
–
40 min read
Right of access examples from the EDPB and ICO.
CJEU C-461/22 MK (Professional guardian) 11 Jul 2024
members
–
1 min read
A former legal guardian who acted in a professional capacity is a controller and must comply with the GDPR, including the right of access.
CJEU C-487/21 Österreichische Datenschutzbehörde v CRIF (right to copy) 4 May 2023
members
–
5 min read
You have the right to a faithful, intelligible copy of all your personal data, including full documents or extracts from documents or databases, if crucial for your rights and while respecting others' rights and freedoms.
CJEU C-579/21 Pankki S 22 Jun 2023
members
–
4 min read
You have the right of access processed before the GDPR took effect if you requested it after that date, and to know when and why it was accessed – but not by whom, unless crucial for your rights and while respecting others' rights and freedoms.
CJEU C-307/22 Copies du dossier médical (Copies of medical records) 26 Oct 2023
members
–
1 min read
You have the right to a full copy of your medical journal, free of charge!