Since the entry into force of the GDPR, data protection authorities (DPAs) have closely cooperated to adopt a growing number of one-stop-shop decisions on the right of access, as shown by the large volume of decisions available in the EDPB register on this matter. The one-stop-shop case digest provides useful examples on the exercise of the right of access in various contexts, for instance in the event of fake profiles or accounts which impersonate data subjects. It summarises how DPAs interpret the different components of the right of access in different cases. The case digest also refers to the available guidance at EU level, and in particular, EDPB Guidelines 01/2022 on data subject rights - Right of access, adopted on 28 March 2023. Relevant cases before the Court of Justice of the EU are also mentioned.
The EDPB commissioned the one-stop-shop case digest as part of the Support Pool of Experts programme, which aims to support cooperation among DPAs by providing expertise and tools related to enforcement.
Project conducted by external expert Prof. Dr. Hanne Marie Motzfeldt and completed in November 2024.
Objective: Thematic one-stop-shop case digests are drafted on the basis of one-stop-shop decisions taken from the EDPB’s public register (based on Article 60 of the GDPR). Such case digests complement the EDPB's public register by selecting and presenting the most important decisions on a given theme and providing an overview and aggregate results of relevant decisions on this theme.
