{"id":1145,"date":"2026-04-02T07:00:03","date_gmt":"2026-04-02T05:00:03","guid":{"rendered":"https:\/\/pavleas-avocats.com\/?p=1145"},"modified":"2026-05-01T07:09:33","modified_gmt":"2026-05-01T05:09:33","slug":"automating-the-right-of-access-to-personal-data-held-by-public-bodies","status":"publish","type":"post","link":"https:\/\/pavleas-avocats.com\/en\/automating-the-right-of-access-to-personal-data-held-by-public-bodies\/","title":{"rendered":"Automating the Right of Access to Personal Data Held by Public Bodies"},"content":{"rendered":"\n

The automation of the right of access to personal data held by public bodies is no longer a distant prospect, it is a legal evolution currently being consolidated. This is a defining issue, sitting at the intersection of the GDPR, civil law, European data law… and a technical reality in which public administration is already, to a large extent, API-compatible. The legal framework is already in place.<\/p>\n\n\n\n

The GDPR enshrines a fundamental right of access to data. Civil law allows this right to be exercised by proxy. European law, through the Data Governance Act (DGA), has institutionalised a trusted intermediary: the PSID (Personal Data Intermediation Service Provider). The Digital Omnibus package, currently being adopted at European level, goes further still: it enshrines a logic of automation and machine-readable formats for the exercise of rights, in line with the Data Act.<\/p>\n\n\n\n

The real obstacle is no longer legal, it is operational. The one-month deadline set out in Article 12 of the GDPR was designed for manual processing. But when identification is secured (eIDAS), the request is carried by a regulated PSID, and public administration already has APIs in place (open data, interoperability), maintaining manual processing becomes difficult to justify.<\/p>\n\n\n\n

Regulators themselves confirm this trajectory, though with caution. In their opinion on the Digital Omnibus, the EDPB and the EDPS:<\/p>\n\n\n\n