What is the right to access?

The right to access, also known as the right of access, is the right of individuals to request and receive a copy of any personal data held about them by a given company or organization. They are also entitled to supplementary information to help them understand how and why their data is being used.

Why is the right to access so important?

The right to access is critical to the exercise of other privacy rights, like those guaranteed by state legislature such as the California Consumer Protection Act (CCPA) and the EU’s General Data Protection Regulation (GDPR). It would be difficult if not impossible to exercise other rights without the right of access.

For example, you can’t exercise your right to deletion or your right to opt out if you don’t know at least the first of two things: does the company in question even have your data, and, if so, what exactly does it have on you? It’s the right of access that lets you inspect, correct, and have your personal data deleted.

What is the right to access in the United States?

With no comprehensive federal data protection law in the United States, there is no one definition of “right to access.” The right to access is similar across the handful of state data privacy laws and what little federal legislation there is, though. Most Americans have no general right of access.

However, individual laws may grant Americans some right to access under certain conditions. For example, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires covered entities to give individuals access to their protected health information (PHI) upon request. This is a necessary condition for the exercise of the right to portability, not to mention correcting inaccuracies.

States with data protection laws in place—like California, Virginia, Colorado or New York—also honor the right to access for individuals whose personal information is being collected, held, and processed by companies like data brokers.

What is the right to access in the European Union?

The right to access is pivotal to the establishment of other privacy rights laid out in the European Union’s (EU’s) General Data Protection Regulation (GDPR). Without guaranteed access to personal data held by companies, a data subject can’t exercise their rights of rectification or erasure, among others.

To ensure this right, Art. 15 of the GDPR states that “[t]he data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and the following information.

Updated on: July 28, 2023

Is this article helpful?
Scroll to Top