Data rights have existed in Europe for more than fifty years, beginning regionally with the Datenschutzgesetz in Hessen (1970), then nationally with the French Loi Informatique et Libertés (1978), at the European level through Convention 108 of the European Convention on Human Rights (1981), and finally harmonized through the General Data Protection Regulation (GDPR) (2016). Despite these strong protections, study after study shows that data controllers—those responsible for processing personal data—are failing to uphold them.
The majority of controllers demonstrate a lack of understanding and awareness of these rights. Most do not respond within the 30-day deadline, and even when they do, they often fail to provide the required information. These statistics are concerning in themselves, but even more so when we consider that one of the European Commission’s explicit goals with the GDPR was to “strengthen the rights of individuals” and “improve control over one's own data.” The GDPR is built on the premise that official institutions—such as data protection authorities—will collaborate with authorized individuals to enforce the regulation. In other words, the widespread failure to uphold data rights is not just an unfortunate byproduct but a fundamental weakness in the law’s intended function.
This project aims to develop a digital service that helps Danish citizens exercise their right of access, right to be forgotten, and right to rectification. The service—datarettigheder.dk—will assist users in drafting their requests, contacting data controllers, verifying compliance with legal requirements, and reporting non-compliant controllers to the data protection authority. datarettigheder.dk consists of two core components:
