Right of access to personal data

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Right of Access is one of the most fundamental rights in data protection laws around the world.


This right is enshrined as part of the fundamental right to data protection in the Charter of Fundamental Rights of the European Union. It is in fact the only one of the practical rights relating to personal data that is listed there.

This right is defined in various sections of Article 15 of the GDPR. [1]

In the current Member State United Kingdom the website of the Information Commissioner's Office states regarding Subject Access Requests (SARs)[2]: "You have the right to find out if an organisation is using or storing your personal data. This is called the right of access. You exercise this right by asking for a copy of the data, which is commonly known as making a ‘subject access request". Before the General Data Protection Regulation (GDPR) came into force on 25 May 2018 organisations could charge a specified fee for responding to a SAR, of up to £10 for most requests. Following the GDPR: "A copy of your personal data should be provided free. An organisation may charge for additional copies. It can only charge a fee if it thinks the request is ‘manifestly unfounded or excessive’. If so, it may ask for a reasonable fee for administrative costs associated with the request."

United States[edit]

Five federal laws include a right of access to personal data:

In addition, some state laws like the CCPA California_Consumer_Privacy_Acthave started to include this right.

Transatlantic data flows[edit]

Transatlantic data flows (or at least those going West, towards the US) are governed by the EU–US Privacy Shield. One of the Privacy Shield principles is the right of access.[3] Indeed, it is most fundamental in enabling accountability mechanisms around personal data processing. This example demonstrates that a European-style conception of privacy does not necessarily have to be perceived by American actors as unduly imposing new restrictions on free speech by data subjects.

Further reading[edit]


  1. ^ https://en.wikipedia.org/wiki/General_Data_Protection_Regulation#Right_of_access
  2. ^ "Your right of access". Information Commissioner's Office. Archived from the original on 26 May 2018. Retrieved 25 May 2018.
  3. ^ "Privacy Shield Framework". U.S. government. Retrieved 11 January 2019.