Peter Craddock Quoted in MLex Article on EU Court Data Request Ruling

Keller and Heckman Partner Peter Craddock was quoted in the MLex article, “EU court data request ruling seen lowering bar for privacy law damages.” The article describes a ruling from the EU’s top court, stating that companies can refuse a request for access to personal data only in limited cases of abuse, which could make it easier for individuals to claim damages under the General Data Protection Regulation (GDPR).

According to Peter, the judgment confirmed that even a first access request could be deemed excessive and refused if there was demonstrable abusive intent.

Pointing to the court’s finding that EU law “cannot be relied on for abusive or fraudulent ends,” Peter also noted that controllers may reject requests where they can show the data subject acted to “artificially” create conditions for compensation or otherwise pursue purposes unrelated to verifying the lawfulness of data processing.

Peter also said that the ruling embedded the broader EU law doctrine of abuse of rights into GDPR practice, noting that requests made for purposes other than verifying data processing, such as gaining an advantage or preparing claims, may fall outside the scope of protection.

To read the full article, please click here (subscription required).