UAB Whitebridge.ai – Complaint Upheld (Lithuania, 2026)

UAB Whitebridge.ai (the controller) is a company that provides AI powered reports of the “online presence” and monitoring of data subjects. In 2025, a data subject filed a complaint with the DPA on the grounds that the controller did not provide them with access under Article 15 GDPR. The controller argued that the data subject sent their access request to its general email address, and that the request had not been noticed due to the high volume of emails received for that address. Therefore, the controller was not able to process the request within the time frame under Article 12(3) GDPR. In addition, the controller stated it had introduced additional measures to respond to access requests in the future (including updating their privacy policy with the email address of their Data Protection Officer). Finally, the controller stated it would respond to the data subject’s access request. The DPA found a violation of Articles 12(3) and 15(1) GDPR, as the controller failed to respond to the data subject’s access request. The DPA ordered the controller to provide the data subject with access to their data, in accordance with Article 15(1) GDPR.