|
Olivia speaks at Data Protection Forum conference
On 4th December, I spoke at the Data Protection Forum conference, which had the theme of ‘Enforcing Data Subject Rights’.
After an introduction by Kevin Parle (Deputy Chair of the DP Forum), I was up first and spoke about ‘Challenges in addressing data subjects’ rights’. A big challenge: the amount of data organisations hold! (Unless, of course, the data subject is Milton from the film Office Space.)
I highlighted the importance of considering the purposes of the rights in determining how far to go in addressing them (and how far the courts will go in enforcing them). I then considered the different perspectives: controllers wanting to do the right thing, but maybe finding it hard, versus controllers trying to avoid their obligations. On the other side, we have data subjects genuinely wanting to exercise their rights versus those who have an ulterior motive.
I went through some challenges from the perspective of controllers, and how to address them, including using the purpose of the rights to guide their approach, and using the rules to help (such as clarifying requests, ‘reasonable and proportionate searches’ and ‘manifestly unfounded of excessive requests’). I suggested that data protection by design can also assist ease the process, though some aspects of this may be easier said than done.
I also considered some challenges for data subjects, including the lack of visibility on what the controller is doing and how it approaches searches and exemptions. I started along the track of suggestions to address these (including focusing on the purpose of the rights, using ICO tools and complaints procedures), knowing that the next speakers would be taking us deeper into the world of enforcement of rights for the individual!
Two excellent speakers followed: Ravi Naik from AWO, and Duncan McCann from the Good Law Project. Ravi spoke about his work and experiences in assisting data subjects to enforce their rights, and drilled into the specifics of extensive uses of data in some industries. Duncan spoke about the difficulties for data subjects in seeking redress via the ICO or through the courts, and his view that the DUA Act changes don’t help with this.
To finish off, I sat with all the speakers for a panel discussion. We debated the ‘proportionality’ concept more (including in consideration of use of AI tools), and responded to some interesting audience questions, including on international data transfers (in light of UK DUA Act and EU proposed GDPR reforms), consent or pay models, litigation funding, and the new recognised legitimate interest lawful basis.
Olivia Whitcroft, principal of OBEP, 8 December 2025
This article provides general information on the subject matter and is not intended to be relied upon as legal advice. If you would like to discuss this topic, please contact Olivia Whitcroft using the contact details set out here: Contact Details
