Brussels, 28 February - The European Data Protection Board has kicked off its Coordinated Enforcement Framework (CEF) action for 2024. Throughout the year, 31 Data Protection Authorities (DPAs), including 7 German State-level DPAs, across the EEA will take part in this initiative on the implementation of the right of access.
During its October 2023 plenary, the EDPB selected the right of access for its third coordinated enforcement action, as it is at the heart of data protection and one of the most frequently exercised data protection rights, and one which DPAs receive many complaints about. In particular, it enables individuals to check whether their personal data is processed in a compliant manner by organisations. In addition, it often enables the exercise of the other data protection rights, such as the right to rectification and erasure.
In 2023, the EDPB adopted Guidelines on data subject rights - Right of access to help organisations respond to data access requests from individuals in line with the requirements set out in the GDPR. To gauge how organisations are complying with the right of access in practice, participating DPAs will implement the CEF in a number of ways:
- organisations will be sent questionnaires to aid fact-finding exercises or to identify if a formal investigation is warranted;
- commencement of a formal investigation; and/or
- follow-up of ongoing formal investigations.
The results of the joint initiative will be analysed in a coordinated manner and the DPAs will decide on possible further supervision and enforcement actions. In addition, all results will be aggregated, generating deeper insight into the topic and allowing targeted follow-up at EU level. The EDPB will publish a report on the outcome of this analysis once the actions are concluded.
This series of actions is the third initiative under the Coordinated Enforcement Framework (CEF), which aims to streamline enforcement and cooperation among DPAs.
Previous coordinated actions looked into the use of cloud services by the public sector, in 2022, and the designation and position of Data Protection Officers, in 2023.
For further information:
- AT DPA: Schwerpunktverfahren 2024 – Recht auf Auskunft
- BG DPA: Започва координирано действие по изследване на приложението на правото на достъп
- CZ DPA: Zahájena společná dozorová akce CEF 2024
- DE DPAs: Deutsche Datenschutzaufsichtsbehörden beteiligen sich an CEF 2024: Beginn der koordinierten Aktion zum Auskunftsrecht
- DE DPA, LfD Niedersachsen : Niedersächsische Datenschutzaufsicht beteiligt sich an europaweit koordinierten Prüfungen zum Recht auf Auskunft
- DE DPA, Saarland: Presseinformation der Landesbeauftragten für Datenschutz und Informationsfreiheit vom 29.02.2024
- DK DPA: Koordineret indsats om dataansvarliges overholdelse af indsigtsretten
- EDPS: Coordinated Enforcement Action: the right of access to personal data
- EL DPA: Έναρξη συντονισμένης δράσης του ΕΣΠΔ 2024 σχετικά με το δικαίωμα πρόσβασης
- ES DPA: La AEPD participa en una acción europea para analizar la aplicación del derecho de acceso
- FI DPA: Tietosuojavaltuutetun toimisto selvittää tarkastusoikeuden toteutumista osana Euroopan laajuista toimenpidettä
- FR DPA: Droit d’accès: la CNIL et ses homologues européens procèdent à une série de contrôles
- HU DPA: Közlemény az Európai Adatvédelmi Testület által a 2024. évre prioritásként meghatározott, a hozzáférési jog érvényesítésére fókuszáló összehangolt fellépés tényleges megkezdéséről
- IE DPA: Launch of coordinated enforcement action on the right of access (EN), Seoltar gníomh forfheidhmithe chomhordaithe ar an gceart rochtana (GA)
- IT DPA: CEF 2024: Avvio al Quadro di attuazione coordinata sul diritto di accesso
- LI DPA: Europäische Initiative zum Auskunftsrecht
- LU DPA: Comment votre organisation met-elle en oeuvre le droit d'accès ? Vos retours d'expérience sont importants ! (FR), Wie setzt Ihre Organisation das Recht auf Auskunft um? Ihr Feedback zählt! (DE), How is your organisation implementing the right of access? Your feedback is important! (EN)
- LV DPA: EDAK uzsāk koordinētu pārbaudi par piekļuves tiesību īstenošanu
- NL DPA: Europese privacytoezichthouders gaan recht op inzage onderzoeken
- SI DPA: IP začenja usklajeno akcijo sodelovanja 2024 na temo pravice do dostopa do lastnih osebnih podatkov
- PT DPA: CNPD participa no CEF 2024