Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

Alex Bowyer, Jack Holt, Josephine Go Jefferies, Rob Wilson, David Kirk, Jan David Smeddinck

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

1 Downloads (Pure)

Abstract

In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals' control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers' data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Original languageEnglish
Title of host publicationCHI '22
Subtitle of host publicationCHI Conference on Human Factors in Computing Systems
Place of PublicationNew York, US
PublisherACM
Pages1-19
Number of pages19
ISBN (Electronic)9781450391573
DOIs
Publication statusPublished - 28 Apr 2022
EventACM CHI Conference on Human Factors in Computing Systems: CHI22 - New Orleans, United States
Duration: 30 Apr 20226 May 2022
https://chi2022.acm.org/

Publication series

NameConference on Human Factors in Computing Systems - Proceedings

Conference

ConferenceACM CHI Conference on Human Factors in Computing Systems
Country/TerritoryUnited States
CityNew Orleans
Period30/04/226/05/22
Internet address

Fingerprint

Dive into the research topics of 'Human-GDPR Interaction: Practical Experiences of Accessing Personal Data'. Together they form a unique fingerprint.

Cite this