Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

Alex Bowyer; Jack Holt; Josephine Go Jefferies; Rob Wilson; David Kirk; Jan David Smeddinck

doi:10.1145/3491102.3501947

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

Alex Bowyer, Jack Holt, Josephine Go Jefferies, Rob Wilson, David Kirk, Jan David Smeddinck

Entrepreneurship, Innovation and Strategy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

26 Citations (Scopus)

17 Downloads (Pure)

Abstract

In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Original language	English
Title of host publication	CHI '22
Subtitle of host publication	CHI Conference on Human Factors in Computing Systems
Place of Publication	New York, US
Publisher	ACM
Pages	1-19
Number of pages	19
ISBN (Electronic)	9781450391573
DOIs	https://doi.org/10.1145/3491102.3501947
Publication status	Published - 28 Apr 2022
Event	ACM CHI Conference on Human Factors in Computing Systems 2022 (CHI22) - New Orleans Ernest N. Morial Convention Center, New Orleans, United States Duration: 30 Apr 2022 → 5 May 2022 https://chi2022.acm.org/

Publication series

Name	Conference on Human Factors in Computing Systems - Proceedings

Conference

Conference	ACM CHI Conference on Human Factors in Computing Systems 2022 (CHI22)
Abbreviated title	CHI22
Country/Territory	United States
City	New Orleans
Period	30/04/22 → 5/05/22
Internet address	https://chi2022.acm.org/

Keywords

data collection
data portability
digital rights
GDPR
HDI
human-data interaction
information access
information literacy
open data
participatory action research
personal data
privacy
trust
user empowerment

Access to Document

10.1145/3491102.3501947Licence: CC BY-NC-SA

chi22-129Final published version, 1.4 MBLicence: CC BY-NC-SA

Cite this

@inproceedings{ee615c1ca2a143f08aae8368e85bb07b,

title = "Human-GDPR Interaction: Practical Experiences of Accessing Personal Data",

abstract = "In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.",

keywords = "data collection, data portability, digital rights, GDPR, HDI, human-data interaction, information access, information literacy, open data, participatory action research, personal data, privacy, trust, user empowerment",

author = "Alex Bowyer and Jack Holt and {Go Jefferies}, Josephine and Rob Wilson and David Kirk and Smeddinck, {Jan David}",

note = "Funding information: This work was funded by the EPSRC CDT in Digital Civics (EP/L016176/1). Data supporting this publication is available at https://doi.org/10.25405/data.ncl.c.5759216.v1. Please contact Newcastle Research Data Service at [email protected] for further information or access requests.; ACM CHI Conference on Human Factors in Computing Systems 2022 (CHI22), CHI22 ; Conference date: 30-04-2022 Through 05-05-2022",

year = "2022",

month = apr,

day = "28",

doi = "10.1145/3491102.3501947",

language = "English",

series = "Conference on Human Factors in Computing Systems - Proceedings",

publisher = "ACM",

pages = "1--19",

booktitle = "CHI '22",

address = "United States",

url = "https://chi2022.acm.org/",

}

Bowyer, A, Holt, J, Go Jefferies, J, Wilson, R, Kirk, D & Smeddinck, JD 2022, Human-GDPR Interaction: Practical Experiences of Accessing Personal Data. in CHI '22: CHI Conference on Human Factors in Computing Systems., 106, Conference on Human Factors in Computing Systems - Proceedings, ACM, New York, US, pp. 1-19, ACM CHI Conference on Human Factors in Computing Systems 2022 (CHI22), New Orleans, Louisiana, United States, 30/04/22. https://doi.org/10.1145/3491102.3501947

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data. / Bowyer, Alex; Holt, Jack; Go Jefferies, Josephine et al.
CHI '22: CHI Conference on Human Factors in Computing Systems. New York, US: ACM, 2022. p. 1-19 106 (Conference on Human Factors in Computing Systems - Proceedings).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Human-GDPR Interaction

T2 - ACM CHI Conference on Human Factors in Computing Systems 2022 (CHI22)

AU - Bowyer, Alex

AU - Holt, Jack

AU - Go Jefferies, Josephine

AU - Wilson, Rob

AU - Kirk, David

AU - Smeddinck, Jan David

N1 - Funding information: This work was funded by the EPSRC CDT in Digital Civics (EP/L016176/1). Data supporting this publication is available at https://doi.org/10.25405/data.ncl.c.5759216.v1. Please contact Newcastle Research Data Service at [email protected] for further information or access requests.

PY - 2022/4/28

Y1 - 2022/4/28

N2 - In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

AB - In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

KW - data collection

KW - data portability

KW - digital rights

KW - GDPR

KW - HDI

KW - human-data interaction

KW - information access

KW - information literacy

KW - open data

KW - participatory action research

KW - personal data

KW - privacy

KW - trust

KW - user empowerment

UR - http://www.scopus.com/inward/record.url?scp=85130517005&partnerID=8YFLogxK

U2 - 10.1145/3491102.3501947

DO - 10.1145/3491102.3501947

M3 - Conference contribution

AN - SCOPUS:85130517005

T3 - Conference on Human Factors in Computing Systems - Proceedings

SP - 1

EP - 19

BT - CHI '22

PB - ACM

CY - New York, US

Y2 - 30 April 2022 through 5 May 2022

ER -

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this