(d) “controller” shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; …’
5 In Section I of Chapter II of that directive, entitled ‘Principles relating to data quality’, Article 6 was worded as follows:
‘1. Member States shall provide that personal data must be:
…
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that data which are inaccurate or incomplete, having regard to the purposes for which they were collected or for which they are further processed, are erased or rectified;
…’
6 In Section V of Chapter II of that directive, entitled ‘The data subject’s right of access to data’, Article 12 thereof, itself entitled ‘Right of access’, stated:
‘Member States shall guarantee every data subject the right to obtain from the controller:
…
(b) as appropriate the rectification, erasure or blocking of data the processing of which does not comply with the provisions of this Directive, in particular because of the incomplete or inaccurate nature of the data;
…’
7 In Section VII of Chapter II of Directive 95/46, entitled ‘The data subject’s right to object’, the first paragraph of Article 14 of that directive provided:
‘Member States shall grant the data subject the right:
(a) at least in the cases referred to in Article 7(e) and (f), to object at any time on compelling legitimate grounds relating to his particular situation to the processing of data relating to him, save where otherwise provided by national legislation. Where there is a justified objection, the processing instigated by the controller may no longer involve those data;
…’
The GDPR
8 As provided in Article 94(1) thereof, the GDPR repealed Directive 95/46 with effect from 25 May 2018. By virtue of Article 99(2), the GDPR applies from that date.
9 Recitals 4, 39 and 65 of that regulation state:
‘4. The processing of personal data should be designed to serve mankind. The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality. This Regulation respects all fundamental rights and observes the freedoms and principles recognised in the Charter as enshrined in the Treaties, in particular the respect for private and family life, home and communications, the protection of personal data, freedom of thought, conscience and religion, freedom of expression and information, freedom to conduct a business, the right to an effective remedy and to a fair trial, and cultural, religious and linguistic diversity.
…
39. … Every reasonable step should be taken to ensure that personal data which are inaccurate are rectified or deleted. …