Ireland’s data protection authority – the Data Protection Commission (DPC) – has published frequently asked questions (‘FAQs’) on data subject access requests (SARs). The FAQs highlight the circumstances in which an individual is entitled to make a SAR, the information an individual is entitled to when making a SAR, and the method an individual should follow in order to make a valid SAR. FAQs also outline when controllers who receive a valid SAR must respond, how this time can be extended, and when a controller may refuse to act on the request.
Recommendations 2/2025 on the legal basis for requiring the creation of user accounts on e-commerce websites
The EDPB clarifies that mandatory user accounts are only lawful under the GDPR when they are strictly necessary and respect […]