Companies can only deny data access if request is abusive, EU court opinion says

( September 18, 2025, 08:32 GMT | Official Statement) -- MLex Summary: Companies can only refuse an access request under the EU's General Data Protection Regulation if they prove the request was abusive, Maciej Szpunar, the Advocate General of the Court of Justice of the EU, said in a legal opinion on Thursday. Abuse may exist where someone consents to data use only to make a request and claim damages, but a history of lawsuits alone is not enough, he said. Damages can be claimed for any breach of the law, even if no unlawful processing of personal data took place, Szpunar said.The opinion is attached. The case reference is C-526/24....

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Companies can only deny data access if request is abusive, EU court opinion says

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections