Everyone who offers proof of identity has the right to have rectifications made to information about them in the case of unlawful, unnecessary, or inaccurate entries.
- Personal data shall be: (...) (d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’).
- In order to have the most effective protection of his private life, every individual should have the right to ascertain in an intelligible form, whether, and if so, what personal data is stored in automatic data files, and for what purposes. Every individual should also be able to ascertain which public authorities or private individuals or bodies control or may control their files. If such files contain incorrect personal data or have been collected or processed contrary to the provisions of the law, every individual should have the right to request rectification or elimination.
- Individuals should have the right: a) to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to them; b) to have communicated to them, data relating to them i. within a reasonable time; ii. at a charge, if any, that is not excessive; iii. in a reasonable manner; and iv. in a form that is readily intelligible to them; c) to be given reasons if a request made under subparagraphs (a) and (b) is denied, and to be able to challenge such denial; and d) to challenge data relating to them and, if the challenge is successful to have the data erased, rectified, completed or amended.
- Everyone who offers proof of identity has the right to know whether information concerning him is being processed and to obtain it in an intelligible form, without undue delay or expense, and to have appropriate rectifications or erasures made in the case of unlawful, unnecessary or inaccurate entries, and when it is being communicated, addresses. Provision should be made for a remedy, if need be with the supervisory authority specified in principle 8 below. The cost of any rectification shall be borne by the person responsible for the file. It is desirable that the provisions of this principle should apply to everyone, irrespective of nationality or place of residence.
- Individuals should be able to: a) obtain from the personal information controller confirmation of whether or not the personal information controller holds personal information about them; b) have communicated to them, after having provided sufficient proof of their identity, personal information about them; i. within a reasonable time; ii. at a charge, if any, that is not excessive; iii. in a reasonable manner; iv. in a form that is generally understandable; and, c) challenge the accuracy of personal information relating to them and, if possible and as appropriate, have the information rectified, completed, amended or deleted.
- The Committee of Ministers therefore, under the terms of Article 15.b of the Statute of the Council of Europe, recommends that member States, in consultation with private sector actors and civil society, develop and promote coherent strategies to protect freedom of expression, access to information and other human rights and fundamental freedoms in relation to search engines in line with the Convention for the Protection of Human Rights and Fundamental Freedoms (...), in particular by engaging with search engine providers to carry out the following actions: (...) – enhance transparency in the collection of personal data and the legitimate purposes for which they are being processed; – enable users to access easily, and, where appropriate, to correct or delete their personal data processed by search engine providers; – develop tools to minimise the collection and processing of personal data, including enforcing limited retention periods, adequate irreversible anonymisation, as well as tools for the deletion of data.
- Principle of respect for privacy 1. Public authorities shall have respect for privacy, particularly when processing personal data. 2. When public authorities are authorised to process personal data or files, particularly by electronic means, they shall take all necessary measures to guarantee privacy. 3. The rules relating to personal data protection, notably as regards the right to have access to personal data and secure the rectification or removal of any data that is inaccurate or shall not have been recorded, shall apply to personal data processed by public authorities.
- Users have the right to access their personal data and to obtain correction, deletion and blocking of it. Intermediaries should therefore provide them with relevant information at all stages of processing, using clear and plain language, especially where such information is addressed to children. Moreover, intermediaries should inform users clearly about the conditions under which they may exercise the right to personal data erasure, to object to the processing of data and to withdraw consent provided for the processing of personal data, following which all processing based on the consent of the user should be terminated.
- There are effective processes enabling every individual to obtain, on request, information on the processing of his or her personal data and the reason underlying processing; to object to processing; to obtain, on request, rectification or erasure of the personal data; and to consent to, object to or withdraw consent to personal data processing or profiling.
- Personal data that are processed must be adequate, relevant, correct and, if necessary, up to date; all reasonable measures must be taken to complete, correct, block or erase data that are incomplete or incorrect.