GDPR-Reality Check on the Right to Access Data

Autor: Fatemeh Alizadeh, Timo Jakobi, Gunnar Stevens, Jens Boldt
Rok vydání: 2019
Zdroj: Mensch & Computer
Popis: Loyalty programs are early examples of companies commercially collecting and processing personal data. Today, more than ever before, personal information is being used by companies of all types for a wide variety of purposes. To limit this, the General Data Protection Regulation (GDPR) aims to provide consumers with tools to control data collection and processing. What this right concretely means, which types of tools companies have to provide to their customers and in which way, is currently uncertain because precedents from case law are missing. Contributing to closing this gap, we turn to the example of loyalty cards to supplement current implementations of the right to claim data with a user perspective. In our hands-on approach, we had 13 households request their personal data from their respective loyalty program. We investigate expectations of GDPR in general and the right to access in particular, observe the process of claiming and receiving, and discuss the provided data takeouts. One year after the GDPR has come into force, our findings highlight the consumer's expectations and knowledge of the GDPR and in particular the right to access to inform design of more usable privacy enhancing technologies.
Databáze: OpenAIRE