Menu
Judges gavel in court

CJEU: Right of Access Allows Data Subjects to Request the Identity of Each Data Recipient

, , , ,

On January 12, 2023, the Court of Justice of the European Union (CJEU) declared that under the General Data Protection Regulation (GDPR), an individual has the right to request the identity of each entity to whom the data controller has disclosed their personal data. Unless it is impossible to determine exactly who these entities are, or if the controller can prove that this request is “manifestly unfounded or excessive,” they must comply with the consumer’s wishes.

This decision is in line with the principle of transparency laid out in the GDPR. It grants individuals the capacity to exercise further rights, such as rectification, deletion, and objection. Article 19 GDPR also ensures that when a person exercises these rights, they may receive from the controller a list of all recipients of said personal data.

The conclusion of the Court holds only for a right of access; it remains unknown whether it applies to similar provisions in Articles 13 and 14 GDPR that mention both “recipients and categories of recipients”.

Source: Court of Justice of the EU Decides that GDPR Right of Access Allows Data Subjects to Request the Identity of Each Data Recipient | Inside Privacy

  • Save

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Facebook
Twitter
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap