This chapter examines the rights of data subjects under GDPR and the role of the state in supervising data controllers. It examines data subject rights, including the subject access right and the right to correct and manage personal data. It deals with the development of the so-called Right to be Forgotten and the Mario Costeja González case. It examines the current supervisory regime, including the role of the Information Commissioner’s Office and the enforcement rights of data subjects. Key cases, including Durant v The Financial Services Authority, Edem v IC & Financial Services Authority, Dawson-Damer v Taylor Wessing, and Ittihadieh v 5–11 Cheyne Gardens are discussed, and the chapter concludes by examining the enhanced enforcement rights awarded to the Information Commissioner’s Office by the General Data Protection Regulation in 2018.
Chapter
This chapter first describes the rationale for the establishment of supervisory agencies for data protection in EU States. This marks a significant divergence in approach from other countries such as the United States and continues to constitute a barrier to harmonisation in the data protection field. Specific attention is paid to the status and role of the United Kingdom’s Information Commissioner and the investigative and enforcement powers conferred on the Commissioner. The evolving nature of the requirements of registration of data controllers is considered as is the role of the Register of Data Controllers. Attention is given also to the appeal mechanisms established under the Act and to the role of the First Tier Tribunal.
Chapter
This chapter examines the rights of data subjects under GDPR (and UK GDPR) and the role of the state in supervising data controllers. It examines data subject rights including the subject access right and the right to correct and manage personal data. It deals with the development of the so-called right to be forgotten in the Mario Costeja González case and its application in cases such as NT1 & NT2 v Google. It examines the current supervisory regime including the role of the Information Commissioner’s Office and the enforcement rights of data subjects. Key cases, including Durant v The Financial Services Authority, Edem v IC & Financial Services Authority, Dawson-Damer v Taylor Wessing, and Ittihadieh v 5-11 Cheyne Gardens are discussed, and the chapter concludes by examining the enhanced enforcement rights awarded to the Information Commisioner’s Office by the General Data Protection Regulation in 2018.
