Court of Justice of the EU Decides that GDPR Right of Access Allows Data Subjects to Request the Identity of Each Data Recipient

By Kristof Van Quathem & Anna Oberschelp de Meneses on January 16, 2023

On January 12, 2023, the Court of Justice of the EU (“Court”) decided that the GDPR’s right of access gives a data subject the choice between asking a controller for (i) the identity of each data recipient to whom the controller will or has disclosed the data subject’s personal data or (ii) only the categories of data recipients. The controller must comply with the data subject’s request, unless it is impossible to identify those recipients (e.g., because they are not yet known) or the controller demonstrates that the data subject’s access request is “manifestly unfounded or excessive.”…

Continue Reading Court of Justice of the EU Decides that GDPR Right of Access Allows Data Subjects to Request the Identity of Each Data Recipient

CJEU’s Advocate General Issues Opinions on the GDPR’s Right of Access to Personal Data

By Dan Cooper, Anna Oberschelp de Meneses & Evangelos Sakiotis on December 23, 2022

Posted in EU Data Protection, GDPR Rights

On December 15, 2022, the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”) issued two separate opinions in cases C‑487/21 and C‑579/21 on the right of access, pursuant to Article 15 GDPR. The first case concerns the proper interpretation and application of Article 15(3), which permits a data subject to obtain a “copy” of their personal data, among other things. The second case concerns whether the right of access includes the right to receive the identity of the controller’s employees, who are processing the data subject’s personal data in the scope of their employment.…

Continue Reading CJEU’s Advocate General Issues Opinions on the GDPR’s Right of Access to Personal Data

Inside Privacy

GDPR Rights

About this Blog