In our response to the EDPB’s Guidelines 01/2022 on Data Subject Rights – Right of Access, we highlight several positive elements in how the EDPB guides in relation to the form of Data Subject Access Requests (DSARs), the provision of a copy or the limits to respond to DSARs.
There are, however, many instances where ACCIS considers that the draft guidelines could be improved. In fact, we provide several examples where the guidelines impose either excessive burdens or place unrealistic expectations on data controllers.
Overall, we find that the EDPB makes an expansive interpretation of the right of access. As a result, controllers cannot rely upon a principle of proportionality, thus undermining the balancing test that should be undertaken to assess the rights of the controller against the requestor.