gerryMy GDPR request to the Belgian gov was refused because the ID card copy that was included with the request was not printed in *color*. Can anyone confirm whether that’s a legit #GDPR requirement? Color prints are like €1/page these days, which would add up and make all my GDPR requests a bit costly. #askFedi #lawFedi #Belgium
aeris@gerry Request for ID card to answer to an article 15 access request is unlawfull by default. The controller can only ask for ID card if identity doubt.
@gerry The controller MUST request only the minimum information to confirm the data subject identity.
And CAN'T ask for more information than the requested information.
Usually email/phone validation is largely enough to ensure the data subject identity.
And CAN'T ask for more information than the requested information.
Usually email/phone validation is largely enough to ensure the data subject identity.
@gerry You can invoke article 12(6) and recital 64
Additional information only allowed if identity doubt (no doubt, no additional) and additional information must be reasonable
https://gdpr-text.com/read/article-12/#para_gdpr-a-12_6
https://gdpr-text.com/read/recital-64/
Additional information only allowed if identity doubt (no doubt, no additional) and additional information must be reasonable
https://gdpr-text.com/read/article-12/#para_gdpr-a-12_6
https://gdpr-text.com/read/recital-64/