Data Protection Commission, ‘Limiting Data Subject Rights and the Application of Article 23 of the GDPR Guidance Note’

“The essence of a fundamental right means that interference with the right should not be such that the right is in effect emptied of its basic content and the individual cannot exercise the right. In other words the limitation may not go so far as to completely reduce the right of its core elements and thus prevent the exercise of the right. If the essence of the right is adversely affected by the measure, then the restriction is likely to be unlawful. As such legislation not providing for any possibility for an individual to pursue legal remedies in order to uphold their data protection rights may not be permissible if it does not respect the essence of the fundamental right to effective protection. Similarly,a legal provision may prove unlawful if it fails to apply certain principles of data protection or inadequately addresses data security by not ensuring that appropriate technical and organisational measures are adopted against, for example accidental or unlawful destruction, accidental loss or alteration of the data.”

European Data Protection Board, ‘Statement on restrictions on data subject rights in connection to the state of emergency in Member States’, June 2020

“The processing of personal data should be designed to serve humankind and, within this context, one of the main objectives of data protection law is to enhance data subjects’ control over their data.”

European Data Protection Supervisor,  ‘The EDPS quick-guide to necessity and proportionality’, January 2020

“Processing of personal data – be it collection, storage, use or disclosure – constitutes a limitation on the right to the protection of personal data and must comply with EU law. This requires ensuring that it is both necessary and proportional.”