datarequests.org @datarequestsorg@mastodon.social

Some of these policies may seem obvious to us. But for all of them, we've encountered companies with differing interpretations that have denied us or our users their rights.

With the official guidelines from the EDPB, you now have a great argument in your pocket for such cases, with which you can hopefully enforce your rights after all.

We want to say thank you to the EDPB and the data protection authorities for standing up for our rights! 7/7

In the case of “excessive [esp. frequently repeated] requests”, companies are allowed to charge a fee or refuse to act on them (Art. 12(5) GDPR). Fortunately, we've only rarely experienced this.

The EDPB now clarifies that the allowed interval between requests depends on the situation. If the data a company collects changes frequently (e.g. in the case of social media platforms or even credit agencies), you are also allowed to make requests more frequently without them being excessive. 6/7

Sometimes companies offer their services in many languages, but respond to requests only in English. However, the #GDPR says that the answer has to be in an “intelligible and easily accessible form” (Art. 12(1) GDPR).

According to the EDPB, this means that if companies offer their services in a country, they must also respond in the corresponding language. 5/7

Another frequent issue: companies of course have to be able to clearly identify you for requests. However, they may only request additional identification data when actually necessary.

If you for example have an account with them, this should be used for identification.

ID documents, on the other hand, may only be requested in very rare cases.

And if a company doesn't know your actual identity but only identifies you via cookie IDs, these are also sufficient for an access request. 4/7

Sometimes companies that save lots of data want you to specify what data your request concerns in particular before answering.

In such cases, the company is supposed to help you by providing a list of data types they actually hold on you.

And the guidelines clearly state that they cannot restrict your right of access in these cases: You can also answer that you want *all* your data. 3/7

The guidelines answer a number of questions and differing interpretations that we have encountered from companies in the past.

For one, companies are not able to dictate how you send your requests. You can for example, simply address them to a company's customer service (although we still recommend privacy-specific contacts where available; our company database lists many of those: https://www.datarequests.org/company/).

Companies are also not allowed to force you to use specific forms or online tools. 2/7

The European Data Protection Board (EPDB) has published new guidelines on the right of access according to the #GDPR (https://edpb.europa.eu/system/files/2022-01/edpb_guidelines_012022_right-of-access_0.pdf). These guidelines are meant to provide clarity on how companies have to react to access requests.

We've read the guidelines for you and submitted a statement on them (https://static.dacdn.de/docs/edpb-consultation-right-of-access.pdf) to the EDPB. Good news: The guidelines are very consumer-friendly! We want to share some excerpts from them with you in this thread. 1/7

October is the time for #Hacktoberfest. We are participating again this year. Receive a free sticker pack for your contribution to our project. And the 10 best contributions will even get a t-shirt.

Hack with us—we're excited for your PRs!

https://www.datarequests.org/blog/hacktoberfest-2021/

Our website is now also available in Spanish: https://www.solicituddedatos.es/

That is our fifth language already! Another big step towards our goal of making the #GDPR accessible to everyone. Huge thanks to @fmisle for the help.

Two of our members have used the #GDPR to request access to their data from the coupon extension Honey. Our analysis of the responses shows that Honey collects browser history data, contrary to own their privacy policy. Thus, we have submitted complaints.

https://www.datarequests.org/blog/honey-data-collection/

It's that time again: We are excited to announce that we are again participating in the #Hacktoberfest!

If you contribute something to the project, we will give you a free sticker set. In addition, we are awarding ten t-shirts for the best contributions.

https://www.datarequests.org/blog/hacktoberfest-2020

Did you know that you can also send GDPR requests to companies outside the EU in many cases? Learn more in Ani Karini's explanation of the territorial scope of the GDPR: https://www.datarequests.org/blog/gdpr-territorial-scope/

We did want to also upload the talk to @YouTube but unfortunately they blocked us almost instantly and with no explanation. :/ We are trying our best to fix this but unfortunately can't promise anything.

The recording for Lorenz' talk at the Open Knowledge Lab Berlin (@codeforbe) is now online. Unfortunately, we had some technical problems, so the recording isn't perfect. We have added subtitles though, which should hopefully help.
https://www.datarequests.org/verein/event/okl-berlin-05-2020/

On Monday (May 11), Lorenz will hold a talk on http://datarequests.org for the Open Knowledge Lab Berlin (@codeforbe). The talk will be held online. Come join us!
https://www.meetup.com/OK-Lab-Berlin/events/cnrqbqybchbpb/

In the interest of accessibility: The image shows a person with a big floating heart in front of it. Next to that is the text: "On #ilovefs day, we want to say thank you!". The footer text says: "http://datarequests.org loves [as a heart icon instead of the word] Open Source".

On #ilovefs day, we want to say thank you! Thanks to everyone contributing to http://datarequests.org, to all authors of libraries we use and to all people releasing their software freely. Without you, our project wouldn't be possible. @fsfe #freesoftware

We are joining the #hacktoberfest2019!

Submit a PR to any of our repositories and get some free stickers. The 10 best contributions will be awarded with a t-shirt.
https://www.datarequests.org/blog/hacktoberfest-2019/