Data Subject Rights

Data Subject Rights
One goal of the GDPR is to empower individuals (“data subjects”), and give them control over their personal data. These rights include:

  • right of access, allowing to understand what data is processed in which way,
  • the right to rectification, if data is incorrect,
  • the right to erasure, if data was unlawfully processed,
  • the right to restrict processing,
  •  the right to data portability, to switch to other services,
  •  the right to object, if users fell that their individual situation was not taken into account in a companies‘ legitimate interest assessment, or in the case of direct marketing and
  • and the right not to be subject to a decision based solely on automated processing.
These rights impose positive obligations on data controllers and are enforceable before independent data protection authorities and courts. In reality, many controllers do not fully comply with these rights or make it extremely hard for users to exercise their rights. The main goal of these projects is

  • to encourage users to exercise their fundamental right to privacy and provide information on how to do so
  • to gain a deeper understanding of processing and usage of data by different industries through filing access requests (Article 15 GDPR) and
  •  to make sure that companies respect data subjects’ rights and consistently comply with the requests of users.

Case Controller DPA Status Duration
C057 AZ Direct DSB (Austria) Pending (2 - 3 years) Filed:
(2 years 7 months ago)
C064 CRIF GmbH (Austria) DSB (Austria) Pending (12 - 18 months) Filed:
(1 year 5 months ago)
C066-01 Fitbit International Limited Garante per la protezione dei dati personali (Italy) Pending (12 - 18 months) Filed:
(1 year 2 months ago)
C066-02 Fitbit International Limited DSB (Austria) Pending (12 - 18 months) Filed:
(1 year 2 months ago)
C066-03 Fitbit International Limited AP (The Netherlands) Pending (12 - 18 months) Filed:
(1 year 2 months ago)
C067 KSV 1870 DSB (Austria) Pending (6 - 12 months) Filed:
(10 months 1 week ago)
C068 SCHUFA Holding AG HBDI (Hesse) Pending (6 - 12 months) Filed:
(8 months 3 weeks ago)
C074 SumUp Payments Limited Garante per la protezione dei dati personali (Italy) Pending (12 - 18 months) Filed:
(1 year ago)
C077 Nusvar AB IMY (Sweden) Pending (6 - 12 months) Filed:
(7 months 4 weeks ago)
C078 OpenAI OpCo, LLC DSB (Austria) Pending (6 - 12 months) Filed:
(6 months 1 week ago)
C079-01 Microsoft Corporation DSB (Austria) Pending (0 - 6 months) Filed:
(5 months 1 week ago)
C085 "ΑΛΦΑ-ΒΗΤΑ" ΒΑΣΙΛΟΠΟΥΛΟΣ ΜΟΝΟΠΡΟΣΩΠΗ ΑΝΩΝΥΜΗ ΕΤΑΙΡΙΑ HDPA (Greece) Pending (0 - 6 months) Filed:
(2 months 4 weeks ago)
C088 KSV 1870, Unsere Wasserkraft | easy green energy GmbH & Co KG DSB (Austria) Pending (0 - 6 months) Filed:
(2 months 2 weeks ago)