Paper Info
Title
GDPR-Reality Check on the Right to Access Data: Claiming and Investigating Personally Identifiable Data from Companies
Abstract
Loyalty programs are early examples of companies commercially collecting and processing personal data. Today, more than ever before, personal information is being used by companies of all types for a wide variety of purposes. To limit this, the General Data Protection Regulation (GDPR) aims to provide consumers with tools to control data collection and processing. What this right concretely means, which types of tools companies have to provide to their customers and in which way, is currently uncertain because precedents from case law are missing. Contributing to closing this gap, we turn to the example of loyalty cards to supplement current implementations of the right to claim data with a user perspective. In our hands-on approach, we had 13 households request their personal data from their respective loyalty program. We investigate expectations of GDPR in general and the right to access in particular, observe the process of claiming and receiving, and discuss the provided data takeouts. One year after the GDPR has come into force, our findings highlight the consumer's expectations and knowledge of the GDPR and in particular the right to access to inform design of more usable privacy enhancing technologies.
Year
DOI
Venue
2019
10.1145/3340764.3344913
Proceedings of Mensch und Computer 2019
Keywords
DocType
ISBN
Claim personal data, Data takeout, GDPR, Usable Privacy
Conference
978-1-4503-7198-8
Citations 
PageRank 
References 
0
0.34
0
Authors
4
Name
Order
Citations
PageRank
Fatemeh Alizadeh100.34
Timo Jakobi200.34
Jens Boldt300.34
Gunnar Stevens443350.81