One goal of the GDPR is to empower individuals (“data subjects”), and give them control over their personal data. These rights include:
- right of access, allowing to understand what data is processed in which way,
- the right to rectification, if data is incorrect,
- the right to erasure, if data was unlawfully processed,
- the right to restrict processing,
- the right to data portability, to switch to other services,
- the right to object, if users fell that their individual situation was not taken into account in a companies‘ legitimate interest assessment, or in the case of direct marketing and
- and the right not to be subject to a decision based solely on automated processing.
These rights impose positive obligations on data controllers and are enforceable before independent data protection authorities and courts. In reality, many controllers do not fully comply with these rights or make it extremely hard for users to exercise their rights. The main goal of these projects is
- to encourage users to exercise their fundamental right to privacy and provide information on how to do so
- to gain a deeper understanding of processing and usage of data by different industries through filing access requests (Article 15 GDPR) and
- to make sure that companies respect data subjects’ rights and consistently comply with the requests of users.
| Case | Controller | DPA | Status | Duration |
|---|---|---|---|---|
| C057 | AZ Direct | DSB (Austria) | Pending (2 - 3 years) | Filed:
(2 years 1 month ago) |
| C064 | CRIF GmbH (Austria) | DSB (Austria) | Pending (6 - 12 months) | Filed:
(10 months 3 weeks ago) |
| C066-01 | Fitbit International Limited | Garante per la protezione dei dati personali (Italy) | Pending (6 - 12 months) | Filed:
(7 months 3 weeks ago) |
| C066-02 | Fitbit International Limited | DSB (Austria) | Pending (6 - 12 months) | Filed:
(7 months 3 weeks ago) |
| C066-03 | Fitbit International Limited | AP (The Netherlands) | Pending (6 - 12 months) | Filed:
(7 months 3 weeks ago) |
| C067 | KSV 1870 | DSB (Austria) | Pending (0 - 6 months) | Filed:
(3 months 3 weeks ago) |
| C068 | SCHUFA Holding AG | HBDI (Hesse) | Pending (0 - 6 months) | Filed:
(2 months 1 week ago) |
| C074 | SumUp Payments Limited | Garante per la protezione dei dati personali (Italy) | Pending (0 - 6 months) | Filed:
(5 months 4 weeks ago) |
| C077 | IMY (Sweden) | Pending (0 - 6 months) | Filed:
(1 month 1 week ago) |
