Chapter 7Data Subject Rights
As the global digital landscape evolves, protecting personal data has become paramount for individuals, organizations, and regulators. At the heart of modern data protection laws are the data subject rights (DSRs)—a set of rights that empower individuals to control how their data is collected, processed, stored, and shared. These rights are enshrined in key regulatory frameworks such as the European Union’s General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and China’s Personal Information Protection Law (PIPL), among others. DSRs reflect the growing demand for individual privacy and signal a shift in how businesses approach data governance, necessitating transparency, accountability, and responsiveness.
The principle behind DSRs is straightforward: individuals should have a fundamental say in using their personal information. In practice, however, managing and respecting these rights can be complex. Data subjects are granted specific legal rights, including the right to access their data, correct inaccuracies, request deletion, limit processing, transfer data to another service, and even object to certain types of Processing. These rights vary across jurisdictions, creating significant challenges for multinational organizations striving for compliance. In this chapter, we will explore the key DSRs in detail, examining their scope, the implications of exercising them, and the obligations they impose on organizations. ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access