The Court of Justice of the European Union (CJEU) has clarified the rules around the right to obtain a copy of personal data under Article 15(3) EU General Data Protection Regulation (GDPR). In its judgment of Case C-487/21, the CJEU ruled the data subject "must be given a faithful and intelligible reproduction of all those data."
The case relates to a legal challenge brought by an individual after the business consulting agency, CRIF, processed the personal data of the individual in order to provide information on his creditworthiness to a client. The individual subsequently asked for a copy of the information about him “in a standard technical format,” but instead, CRIF only provided a list summarising the data.
In an article about the ruling, NOYB honorary chair Max Schrems said, "We are pleased that the CJEU emphasises the importance of the right of access. Without the context of the processing, it is often impossible for data subjects to understand what is being stored about them." He went on to say, "The ruling puts an end to the unlawful practice of simply providing a dump of data without any further explanations. Especially in the case of more complex processing, companies must ensure full comprehensibility of the processed data - if necessary also by providing a database extract or a copy of documents."
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.