noyb
Our Take: This analysis from noyb (who may have a particular point to make) shows companies – not data subjects – are the real problem: 83.5% of access requests tied to noyb cases were either incomplete or unanswered, including many from big tech, who one would have imagined would have sophisticated enough systems to automate such a process. Noyb suggest this indicates that proposals in the Digital Omnibus to restrict access rights are misdirected.
Your Takeaway: it’s true that data subject access requests can be misused, but they are a vital check and balance for data protection. If responding to a subject access request is hard, you may wish to consider whether that shows some weakness in your overall data governance practices. Give us a call – we can help!
Most companies do not properly answer requests for access to personal data, with 83.5% of such requests ignored or incomplete. Big tech firms often fail to provide full replies, making it hard for people to check their data use. The European Commission wants to limit these access rights, but experts warn this would harm people’s privacy protections.
Highlights
**Access Requests not a relevant workload.** At the same time, a recently published *noyb* survey made clear that the majority (over 70%) of Data Protection Officers (DPOs) working in companies think that data subject rights – and the Right of Access in particular – don’t create a significant workload, while being a useful tool for protecting people’s rights.
**Real-life data: 83.5% of access requests not properly answered.** In practice, however, the primary problem concerning the right of access is not “abusive” complaints, but the huge amount of requests that don’t receive a proper answer. This also explains why a significant number of complaints before authorities concern the lack of a full reply to access requests. To gain more insight into how companies deal with the right of access, *noyb* analysed 121 access requests that have been filed in relation to *noyb* cases since 2018*. The results are clear: only 16.5% of those requests received a satisfying reply, while 53.7% were incomplete – and almost 30% were not answered at all. Overall, 83.5% of requests were not responses in line with the law.
**The most commonly exercised right under the GDPR is the right of access to one’s personal data that is being processed by companies. After all, it’s often the prerequisite to know if there is inaccurate or unlawful personal data that needs to be corrected or deleted. However, a new** **analysis of** ***noyb*** **cases shows: Only 16.5% of all access requests** ***noyb*** **has sent to companies in the past 8 years received a satisfactory reply, while 53.7% of replies were incomplete – and almost 30% were not answered at all. In other words: while companies are lobbying Brussels to limit people’s right of access because of an alleged “abuse”, the real problem is non-compliance by these exact companies.**