Questions tagged [subject-access-request]
The subject-access-request tag has no usage guidance.
19
questions
1
vote
1
answer
73
views
What does "reasonable and proportionate" mean wrt GDPR SAR ID requirements?
When one makes a GDPR Subject Access Request (SAR) the data controller should confirm that the request is really coming from the data subject. From here Recital 64 of GDPR states;
“The controller ...
- 7,700
1
vote
1
answer
151
views
Is Cameron a data controller?
Cameron doesn’t take greatly thoughtful pains in defining himself with respect to his street and online activities. Some may consider him a political activist, some a citizen and/or amateur journalist,...
1
vote
1
answer
56
views
Are data controllers required to acquire the means to appropriately redact data for disclosure to subjects?
Bob appears in CCTV footage that is held by all of ACME, BCME & CCME, but also features Alice and Charles. He requests access to the footage from all of the companies and receives three different ...
-2
votes
1
answer
119
views
Are deleted comments left by U.K. based users retained and subject to subject access under U.K. GDPR?
Meet Bob; Bob left some comments on a post on stack exchange and some over zealous moderators decided that they were not needed and so to delete them. Bob wishes to access these comments for the ...
-4
votes
1
answer
95
views
Does the right to “face [or at least know] one’s accuser” apply in effect to data protection contexts?
Karl the data controller writes to Adam their data subject, declaring that they have received “multiple complaints” about his behaviour from unnamed fellow data subjects, including of threatening to ...
1
vote
1
answer
128
views
SARing received text messages from a lost phone
Al loses his phone and it runs out of battery. He then is sent 10 SMS from various people. He then recovers his phone and switched it on and the messages are all received.
Bob loses his phone but ...
-3
votes
1
answer
104
views
Is compensation available for requested data improperly withheld and deleted against data subject’s wishes?
Bob requests data from ACME. They ask him for identification according to very unreasonable and onerous requirements. He objects to these on grounds of infeasibility and inaccessibility. They bicker ...
6
votes
2
answers
658
views
Is a sent email in someone else’s inbox subject to data subject rights of the sender?
Suppose Bob emails Alice, and both use Hotmail for their e-mail provider. Bob then deletes the message from his sent mail folder. Could Bob issue a subject access request (SAR) to Hotmail for the ...
0
votes
0
answers
51
views
What is the legality and consequence of blocking one who submits a SAR? [duplicate]
Alice submits a subject access request to Bob via WhatsApp, Bob responds to this by blocking Alice, but otherwise ignores her. What is the legality and consequences of Bob’s response to her SAR?
3
votes
2
answers
143
views
Access rights to professional photographs
An independent professional photographer uses a sales tactic of candidly taking photos of others in public and then approaching them and offering them copies for a price. Suppose one of these ...
-1
votes
1
answer
58
views
SAR before claim: tactical and legal considerations [closed]
A claimant C intends to sue a business B, which is also a data controller. Independently of the prospect of any civil action, C is entitled to make a SAR (Subject Access Request) to B under the Data ...
11
votes
2
answers
2k
views
Are users' personal notes about other users subjected to the GDPR right of access?
Some applications, like Discord or Mastodon, allow a user A to put private notes (only accessible to A) next to the profile of another user B. This data is very probably Personal Identifiable ...
- 113
-2
votes
1
answer
67
views
Why do some data controllers require two forms of ID and others only one?
Meet Bob. Bob has submitted a number of subject access requests to various data controlling bodies, including businesses and several police forces.
Some police forces simply require scan of id with ...
1
vote
1
answer
98
views
Incomplete/unserviceable SAR submissions and deletion timeframes
Bob was party to an incident in a shop that keeps CCTV footage for 30 days. 28 days later he submits a request for this responsive footage, but neglects to include with it adequate selfidentification ...
2
votes
1
answer
217
views
How can data received in online subject access request form be used by ACRO?
Meet Bob. Bob has requested his PNC file from ACRO Criminal Records Office
under the Data Protection Act.
Their online request form solicits much intrusive information. What purposes may information ...