ABSTRACT
In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals’ control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers’ data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.
Supplemental Material
Available for Download
- Serge Abiteboul, Benjamin André, and Daniel Kaplan. 2015. Managing your digital life with a Personal information management system. ACM. https://doi.org/10.1145/2670528Google ScholarDigital Library
- Gregory D. Abowd. 2012. What next, ubicomp?: celebrating an intellectual disappearing act. In Proceedings of the 2012 ACM Conference on Ubiquitous Computing, 31–40. https://doi.org/http://dx.doi.org/10.1145/2370216.2370222Google ScholarDigital Library
- Gregory D Abowd and Elizabeth D Mynatt. 2000. Charting Past, Present, and Future Research in Ubiquitous Computing. Retrieved January 24, 2019 from https://www.cc.gatech.edu/fce/pubs/abowd-mynatt-tochi-millenium.pdfGoogle ScholarDigital Library
- Fatemeh Alizadeh, Timo Jakobi, Jens Boldt, and Gunnar Stevens. 2019. GDPR-reality check on the right to access data. In ACM International Conference Proceeding Series, 811–814. https://doi.org/10.1145/3340764.3344913Google ScholarDigital Library
- Robert Andrews. 2005. GTD: A New Cult for the Info Age. Wired. Retrieved from https://www.wired.com/2005/07/gtd-a-new-cult-for-the-info-age/Google Scholar
- Emma Arfelt, David Basin, and Søren Debois. 2019. Monitoring the GDPR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 681–699. https://doi.org/10.1007/978-3-030-29959-0_33Google ScholarDigital Library
- Atebits.com. 2020. The GDPR: Does it Benefit Consumers in Any Practical Way? Retrieved from https://www.atebits.com/the-gdpr-does-it-benefit-consumers-in-any-practical-way/Google Scholar
- Jef Ausloos. 2019. GDPR Transparency as a Research Method. SSRN Electronic Journal, May: 1–23. https://doi.org/10.2139/ssrn.3465680Google ScholarCross Ref
- Jef Ausloos and Pierre Dewitte. 2018. Shattering one-way mirrors-data subject access rights in practice. Retrieved March 5, 2019 from www.irissproject.euGoogle Scholar
- Jef Ausloos and Michael Veale. 2021. Researching with Data Rights. Technology and Regulation: 136–157.Google Scholar
- Jennifer Baker. 2018. What's a GDPR complaint? No one really knows. Retrieved from https://iapp.org/news/a/whats-the-definition-of-a-gdpr-complaint-spoiler-alert-no-one-knows/Google Scholar
- Gordon Baxter and Ian Sommerville. 2011. Socio-technical systems: From design methods to systems engineering. Interacting with Computers 23, 1: 4–17. https://doi.org/10.1016/j.intcom.2010.07.003Google ScholarDigital Library
- BBC R&D. 2017. Human Data Interaction - BBC R&D. Retrieved April 28, 2020 from https://www.bbc.co.uk/rd/projects/human-data-interactionGoogle Scholar
- Gordon Bell and Jim Gemmell. 2007. A digital life. Scientific American 296, 58–65. https://doi.org/10.1038/scientificamerican0307-58Google ScholarCross Ref
- Irish Statute Book. 1988. Data Protection Act, 1988. L. Connolly.Google Scholar
- Alex Bowyer. 2018. Free Data Interfaces: Taking Human- Data Interaction to the Next Level. CHI Workshops 2018. Retrieved from https://eprints.ncl.ac.uk/273825Google Scholar
- Alex Bowyer. 2021. Human-Data Interaction has two purposes: Personal Data Control and Life Information Exploration. CHI Workshops 2021. Retrieved from https://eprints.ncl.ac.uk/273832#.Google Scholar
- Alex Bowyer, Kyle Montague, Stuart Wheater, Ruth McGovern, Raghu Lingam, and Madeline Balaam. 2018. Understanding the Family Perspective on the Storage, Sharing and Handling of Family Civic Data. In Conference on Human Factors in Computing Systems - Proceedings, 1–13. https://doi.org/10.1145/3173574.3173710Google ScholarDigital Library
- David Brooks. 2013. The Philosophy of Data. The New York Times. Retrieved from https://www.nytimes.com/2013/02/05/opinion/brooks-the-philosophy-of-data.htmlGoogle Scholar
- Luca Bufalieri, Massimo la Morgia, Alessandro Mei, and Julinda Stefa. 2020. GDPR: When the right to access personal data becomes a threat. arXiv. https://doi.org/10.1109/icws49710.2020.00017Google ScholarCross Ref
- Matt Burgess. 2021. Why Amazon's £636m GDPR fine really matters. Wired. Retrieved August 23, 2021 from https://www.wired.co.uk/article/amazon-gdpr-fineGoogle Scholar
- Carphone Warehouse. 2017. Social Impact of Smartphones. Retrieved August 9, 2021 from https://lowdown.carphonewarehouse.com/social-impact-smartphones/index.htmlGoogle Scholar
- Jamie Carter. 2015. Who are the digital disruptors redefining entire industries? TechRadar. Retrieved March 23, 2021 from https://www.techradar.com/uk/news/world-of-tech/who-are-the-digital-disruptors-redefining-entire-industries-1298171Google Scholar
- Michelle Caruthers. 2018. World Password Day: How to Improve Your Passwords. Dashlane. Retrieved from https://blog.dashlane.com/world-password-day/Google Scholar
- CitizenMe. 2021. Become a Citizen and unlock the value of your data. Retrieved August 23, 2021 from https://www.citizenme.com/for-citizens/Google Scholar
- Niamh Clarke, Gillian Vale, Emer P Reeves, Mary Kirwan, David Smith, Michael Farrell, Gerard Hurl, and Noel G McElvaney. 2019. GDPR: an impediment to research? Irish Journal of Medical Science (1971-) 188, 4: 1129–1135.Google Scholar
- CMS Hasche Sigle Partnerschaft von Rechtsanwälten und Steuerberatern mbB. 2020. GDPR Enforcement Tracker - list of GDPR fines. GDPR Enforcement Tracker. Retrieved August 23, 2021 from https://www.enforcementtracker.com/Google Scholar
- Giovanni Comandè and Giulia Schneider. 2021. Can the GDPR make data flow for research easier? Yes it can, by differentiating! A careful reading of the GDPR shows how EU data protection law leaves open some significant flexibilities for data protection-sound research activities. Computer Law \& Security Review 41: 105539.Google Scholar
- Council Directive 95/46/EC. 1995. EUR-Lex - 31995L0046 - EN - EUR-Lex. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Retrieved August 9, 2021 from https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:31995L0046Google Scholar
- Council of the European Union. 2015. Proposal for a Regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). 2015, 201. Retrieved from http://data.consilium.europa.eu/doc/document/ST-9565-2015-INIT/en/pdfGoogle Scholar
- Andy Crabtree and Richard Mortier. 2016. Personal Data, Privacy and the Internet of Things: The Shifting Locus of Agency and Control. SSRN Electronic Journal: 1–20. https://doi.org/10.2139/ssrn.2874312Google ScholarCross Ref
- Data to AI Lab at MIT. 2020. The “Human Data Interaction” project - a project by Data to AI Lab, MIT. Retrieved April 28, 2020 from https://hdi-dai.lids.mit.edu/about/Google Scholar
- Paul-Olivier Dehaye. 2018. Post-hearing questions by Senator Blumenthal to Mark Zuckerberg. Retrieved from https://wiki.personaldata.io/wiki/Item:Q1800Google Scholar
- Paul-Olivier Dehaye. 2021. HestiaLabs. Retrieved August 23, 2021 from https://hestialabs.org/en/Google Scholar
- José van Dijck. 2014. Datafication, dataism and dataveillance: Big data between scientific paradigm and ideology. Surveillance and Society 12, 2: 197–208. Retrieved June 19, 2018 from https://ojs.library.queensu.ca/index.php/surveillance-and-society/article/view/4776Google ScholarCross Ref
- European Parliament. 2016. Regulation 71, General Data Protection Regulations (EU) 2016/679. EUR-Lex. Retrieved July 19, 2019 from https://eur-lex.europa.eu/eli/reg/2016/679/ojGoogle Scholar
- Eurostat. 2020. First population Estimates: EU population in 2020. Retrieved August 23, 2021 from https://ec.europa.eu/eurostat/documents/2995521/11081093/3-10072020-AP-EN.pdf/d2f799bf-4412-05cc-a357-7b49b93615f1Google Scholar
- Emma Firth. 2019. Personal data has value in so many different ways. digi.me blog. Retrieved from https://blog.digi.me/2019/09/04/personal-data-has-so-much-more-value-than-pure-cash/Google Scholar
- Barton Gellman. 2013. Edward Snowden, after months of NSA revelations, says his mission's accomplished. The Washington Post 23. Retrieved from http://www.washingtonpost.com/world/national-security/edward-snowden-after-months-of-nsa-revelations-says-his-missions-accomplished/2013/12/23/49fc36de-6c1c-11e3-a523-fe73f0ff6b8d_story.html%5Cnhttp://www.washingtonpost.com/world/national-security/edward-Google Scholar
- Gener8. 2021. Gener8. Retrieved August 23, 2021 from https://gener8ads.com/Google Scholar
- Andy Gilmore. 2014. How Smartphones Have Unleashed Humanity's Creative Potential | WIRED. Wired. Retrieved August 9, 2021 from https://www.wired.com/2014/07/smart-phone-creativity/Google Scholar
- Boris Glavic, Alexandra Meliou, Sudeepa Roy, and others. 2021. Trends in Explanations: Understanding and Debugging Data-driven Systems. Foundations and Trends®in Databases 11, 3: 226–318.Google Scholar
- Susan Gonscherowski and Felix Bieker. 2018. Who You Gonna Call When There's Something Wrong in Your Processing? Risk Assessment and Data Breach Notifications in Practice. In IFIP International Summer School on Privacy and Identity Management, 35–50.Google Scholar
- Michael B. Gurstein. 2011. Open data: Empowering the empowered or effective data use for everyone? First Monday 16, 2. https://doi.org/10.5210/fm.v16i2.3316Google ScholarCross Ref
- Ronan Hamon, Henrik Junklewitz, Gianclaudio Malgieri, Paul De Hert, Laurent Beslay, and Ignacio Sanchez. 2021. Impossible Explanations? Beyond explainable AI in the GDPR from a COVID-19 use case scenario. In Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency, 549–559.Google ScholarDigital Library
- William Hart-Davidson, Mark Zachry, and Clay Spinuzzi. 2012. Activity streams: Building context to coordinate writing activity in collaborative teams. In SIGDOC’12 - Proceedings of the 30th ACM International Conference on Design of Communication, 279–287. https://doi.org/10.1145/2379057.2379109Google ScholarDigital Library
- Iain Henderson. 2020. Customer — Supplier Engagement Framework Explained. Retrieved from https://me2ba.org/wp-content/uploads/2020/09/customer-supplier-engagement-framework-updated-9-28.pdfGoogle Scholar
- William Hoffman. 2010. Rethinking Personal Data. Retrieved from https://web.archive.org/web/20110220013300/http://www.weforum.org/issues/rethinking-personal-dataGoogle Scholar
- William Hoffman. 2011. Personal data: The emergence of a new asset class. Retrieved March 13, 2019 from http://www3.weforum.org/docs/WEF_ITTC_PersonalDataNewAsset_Report_2011.pdfGoogle Scholar
- William Hoffman. 2013. Unlocking the Value of Personal Data: From Collection to Usage Prepared in collaboration with The Boston Consulting Group Industry Agenda.Google Scholar
- William Hoffman. 2014. Rethinking personal data: Trust and context in user-centred data ecosystems. Retrieved December 21, 2018 from http://www3.weforum.org/docs/WEF_RethinkingPersonalData_TrustandContext_Report_2014.pdfGoogle Scholar
- Chris Jay Hoofnagle, Bart van der Sloot, and Frederik Zuiderveen Borgesius. 2019. The European Union general data protection regulation: What it is and what it means. Information and Communications Technology Law 28, 1: 65–98. https://doi.org/10.1080/13600834.2019.1573501Google ScholarCross Ref
- Soheil Human and Florian Cech. 2021. A human-centric perspective on digital consenting: The case of GAFAM. In Smart Innovation, Systems and Technologies, 139–159. https://doi.org/10.1007/978-981-15-5784-2_12Google ScholarCross Ref
- Euijin Hwang. 2021. Sketching Dialogue: Incorporating Sketching in Emphatic Semi-structured Interviews for HCI.Google Scholar
- Information Commissioner's Office. What is personal data? Retrieved December 9, 2021 from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/Google Scholar
- Information Commissioner's Office. How do we find and retrieve the relevant information? Retrieved December 9, 2021 from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/right-of-access/how-do-we-find-and-retrieve-the-relevant-information/Google Scholar
- Information Commissioner's Office. 2018. Your data matters - Your rights. Retrieved from https://ico.org.uk/your-data-matters/Google Scholar
- Information Commissioner's Office. 2021. Your right of access. Retrieved August 23, 2021 from https://ico.org.uk/your-data-matters/your-right-to-get-copies-of-your-data/Google Scholar
- Information Commissioner's Office. 2021. Your right to data portability.Google Scholar
- Information Commissioner. 2021. What is personal data? | ICO. Information Commissioner's Office. Retrieved August 9, 2021 from https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/what-is-personal-data/what-is-personal-data/Google Scholar
- Michael Jelly. 2021. The Mission. Retrieved March 31, 2021 from https://www.ethi.me/the-missionGoogle Scholar
- William Jones. 2011. The Future of Personal Information Management Part I: Our Information, Always and Forever. 21–33.Google Scholar
- Atoosa Kasirzadeh and Damian Clifford. 2021. Fairness and Data Protection Impact Assessments. Association for Computing Machinery. https://doi.org/10.1145/3461702.3462528Google ScholarDigital Library
- Jane Kaye, Edgar A Whitley, David Lund, Michael Morrison, Harriet Teare, and Karen Melham. 2015. Dynamic consent: a patient interface for twenty-first century research networks. European Journal of Human Genetics 23, 2: 141–146. https://doi.org/10.1038/ejhg.2014.71Google ScholarCross Ref
- Kevin Kelly and Gary Wolf. 2007. What is the quantified self. Retrieved from https://web.archive.org/web/20100507215130/http://www.kk.org/quantifiedself/2007/10/what-is-the-quantifiable-self.phpGoogle Scholar
- Ross Kelly. 2020. The Biggest ICO Fines Ever Issued. Digit.FYI | Data Protection Summit 2020. Retrieved from https://digit.fyi/data-protection-2020-the-biggest-fines-ever-issued-by-the-ico/Google Scholar
- Joanna Kessler. 2019. Data protection in the wake of the gdpr: California's solution for protecting “the world's most valuable resource.” Southern California Law Review 93, 1: 99–128. Retrieved from https://heinonline.org/HOL/P?h=hein.journals/scal93&i=111Google Scholar
- Aimun Khan, Benson Huang, John Koelling, Matthew Barondeau, and Nimay Kumar. 2018. The Impact of Cloud Computing on Technology and Society.Google Scholar
- Stefan Larsson. 2018. Algorithmic governance and the need for consumer empowerment in data-driven markets. Internet Policy Review 7, 2. https://doi.org/10.14763/2018.2.791Google ScholarCross Ref
- Daphne Leprince-Ringuet. 2021. GDPR: Fines increased by 40% last year, and they're about to get a lot bigger. ZDNet. Retrieved from https://www.zdnet.com/article/gdpr-fines-increased-by-40-last-year-and-theyre-about-to-get-a-lot-bigger/Google Scholar
- Robert Levine. 2011. How the internet has all but destroyed the market for films, music and newspapers. The Guardian. Retrieved March 23, 2021 from https://www.theguardian.com/media/2011/aug/14/robert-levine-digital-free-rideGoogle Scholar
- Ian Li. 2009. Designing Personal Informatics Applications and Tools that Facilitate Monitoring of Behaviors. UIST. Retrieved from http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.232.8536Google Scholar
- Ian Li, Anind Dey, and Jodi Forlizzi. 2010. A stage-based model of personal informatics systems. Proceedings of the 28th international conference on Human factors in computing systems CHI 10: 557. https://doi.org/10.1145/1753326.1753409Google ScholarDigital Library
- Ian Li, Anind K. Dey, and Jodi Forlizzi. 2011. Understanding my data, myself. In Proceedings of the 13th international conference on Ubiquitous computing - UbiComp ’11, 405. https://doi.org/10.1145/2030112.2030166Google ScholarDigital Library
- Natasha Lomas. 2020. UK's ICO faces legal action after closing adtech complaint with nothing to show for it. TechCrunch. Retrieved from https://techcrunch.com/2020/11/05/uks-ico-faces-legal-action-after-closing-adtech-complaint-with-nothing-to-show-for-it/Google Scholar
- Ewa Luger and Tom Rodden. 2013. An informed view on consent for ubicomp. In UbiComp 2013 - Proceedings of the 2013 ACM International Joint Conference on Pervasive and Ubiquitous Computing, 529–538. https://doi.org/10.1145/2493432.2493446Google ScholarDigital Library
- Mariano Di Martino, Pieter Robyns, Winnie Weyts, Peter Quax, Wim Lamotte, and Ken Andries. 2019. Personal information leakage by abusing the GDPR “right of access.” Proceedings of the 15th Symposium on Usable Privacy and Security, SOUPS 2019: 371–386.Google Scholar
- John McCarthy and Peter Wright. 2004. Technology as experience. Interactions 11, 5: 42–43. https://doi.org/10.1145/1015530.1015549Google ScholarDigital Library
- Microsoft. 2021. Project Bali. Retrieved August 23, 2021 from https://www.microsoft.com/en-us/research/project/bali/Google Scholar
- Matthew B. Miles, A. M. Huberman, and Johnny. Saldaña. 2014. Qualitative Data Analysis: A Methods Sourcebook. Retrieved October 12, 2018 from https://books.google.co.uk/books?hl=en&lr=&id=3CNrUbTu6CsC&oi=fnd&pg=PR1&dq=Qualitative+Data+Analysis+a+methods+sourcebook&ots=Lh42klSN5c&sig=Z6cfYTTHZbgmlNWF0SgXLvL6kU4#v=onepage&q=Qualitative Data Analysis a methods sourcebook&f=falseGoogle Scholar
- Stuart Millar. 2002. UK singled out for criticism over protection of privacy. The Guardian. Retrieved from https://www.theguardian.com/technology/2002/sep/05/security.humanrightsGoogle Scholar
- Mayo Fuster Morell. 2014. Digital commons. Routledge.Google Scholar
- Jackson Morgan. Making your Solid Apps interoperable with ShapeRepo.com. Retrieved from https://medium.com/@JacksonMorgan/making-your-solid-apps-interoperable-with-shaperepo-com-8da512936073Google Scholar
- Richard Mortier, Hamed Haddadi, Tristan Henderson, Derek Mcauley, and Jon Crowcroft. 2013. Challenges & opportunities in human-data interaction. University of Cambridge, Computer Laboratory. https://doi.org/10.5210/fm.v17i5.4013Google ScholarCross Ref
- Richard Mortier, Hamed Haddadi, Tristan Henderson, Derek McAuley, and Jon Crowcroft. 2014. Human-data interaction: The human face of the data-driven society. Available at SSRN 2508051. https://doi.org/10.2139/ssrn.2508051Google ScholarCross Ref
- MyData. 2017. Declaration - MyData.org. Retrieved November 8, 2019 from https://mydata.org/declaration/Google Scholar
- MyData.org. 2018. MyData - Who we are. Retrieved from https://mydata.org/about/Google Scholar
- Mydex CIC. 2010. The Case for Personal Information Empowerment: The rise of the personal data store. World: 1–44.Google Scholar
- Dale Neef. 2015. Digital exhaust: what everyone should know about big data, digitization and digitally driven innovation. Pearson Education.Google Scholar
- Bob O'Donnell. 2020. Zoom, the office and the future: What will work look like after coronavirus? Retrieved from https://eu.usatoday.com/story/tech/columnist/2020/09/07/zoom-work-from-home-future-office-after-coronavirus/5680284002/Google Scholar
- Organisation for Economic Co-operation and Development. 1980. OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Retrieved from https://www.oecd.org/digital/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htmGoogle Scholar
- Aare Puussaar, Adrian K. Clear, and Peter Wright. 2017. Enhancing Personal Informatics Through Social Sensemaking. Proceedings of the 2017 CHI Conference on Human Factors in Computing Systems - CHI ’17 2017-May: 6936–6942. https://doi.org/10.1145/3025453.3025804Google ScholarDigital Library
- Amon Rapp and Maurizio Tirassa. 2017. Know Thyself: A Theory of the Self for Personal Informatics. Human-Computer Interaction 32, 5–6: 335–380. https://doi.org/10.1080/07370024.2017.1285704Google ScholarDigital Library
- Răzvan Rughiniș, Cosima Rughiniș, Simona Nicoleta Vulpe, and Daniel Rosner. 2021. From social netizens to data citizens: Variations of GDPR awareness in 28 European countries. Computer Law & Security Review 42: 105585. https://doi.org/10.1016/j.clsr.2021.105585Google ScholarCross Ref
- September. 2021. WhatsApp issued second-largest GDPR fine of €225m. BBC News. Retrieved December 2, 2021 from https://www.bbc.co.uk/news/technology-58422465Google Scholar
- SITRA. 2021. #digipower investigation. Sitra.fi. Retrieved December 2, 2021 from https://www.sitra.fi/en/projects/digipower-investigation/Google Scholar
- Dayana Spagnuelo, Ana Ferreira, and Gabriele Lenzini. 2019. Accomplishing Transparency within the General Data Protection Regulation. In ICISSP, 114–125.Google Scholar
- Nili Steinfeld. 2016. “I agree to the terms and conditions”:(How) do users read privacy policies online? An eye-tracking experiment. Computers in human behavior 55: 992–1000.Google Scholar
- Tom Symons, Theo Bass, Pau Balcells Alegre, Francesca Bria, Oleguer Sagarra, Gijs Boerwinkel, Tom Demeyer, and Job Spierings. 2017. Me, my data and I: The future of the personal data economy. DECODE (DEcentralised Citizen Owned Data Ecosystems) Report, 732546: 88. Retrieved from https://media.nesta.org.uk/documents/decode-02.pdf%0Ahttps://decodeproject.eu/publications/me-my-data-and-ithe-future-personal-data-economy%0Ahttps://media.nesta.org.uk/documents/decode-02.pdf%0Ahttps://decodeproject.eu/publications/me-my-data-and-ithe-fuGoogle Scholar
- The European Parliament and the Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. Retrieved from https://eur-lex.europa.eu/eli/reg/2016/679/ojGoogle Scholar
- Peter Tolmie and Andy Crabtree. 2018. The practical politics of sharing personal data. Personal and Ubiquitous Computing 22, 2: 293–315. https://doi.org/10.1007/s00779-017-1071-8Google ScholarDigital Library
- Joris Toonders. 2014. Data Is the New Oil of the Digital Economy. Wired, 1. Retrieved from https://www.wired.com/insights/2014/07/data-new-oil-digital-economy/Google Scholar
- Udaptor. 2021. Udaptor Assistant. Retrieved August 23, 2021 from https://udaptor.io/assistant.htmlGoogle Scholar
- Sanjana Varghes. 2019. Pokémon Go was a warning about the rise of surveillance capitalism. Wired. Retrieved from https://www.wired.co.uk/article/the-age-of-surveillance-capitalism-facebook-shoshana-zuboffGoogle Scholar
- Carissa Véliz. 2020. Privacy Is Power: Why and How You Should Take Back Control of Your Data. Transworld Publishers Limited. Retrieved from https://b-ok.lat/book/11000161/b53144Google Scholar
- Ari Ezra Waldman. 2020. Data Protection by Design? A Critique of Article 25 of the GDPR. 1239, 2019: 147–168.Google Scholar
- Mark Weiser. 1991. The Computer For The 21st Century. Scientific American. https://doi.org/10.1038/scientificamerican0991-94Google ScholarCross Ref
- wiki.personaldata.io. Subject Access Request Template. Retrieved August 20, 2021 from https://wiki.personaldata.io/wiki/Template:AccessGoogle Scholar
- Janis Wong and Tristan Henderson. 2018. How Portable is Portable? Exercising the GDPR ’ s Right to Data Portability. Acm: 911–920.Google Scholar
- Steve Woolgar. 2014. Configuring the User: The Case of Usability Trials. The Sociological Review 38, 1_suppl: 58–99. https://doi.org/10.1111/j.1467-954x.1990.tb03349.xGoogle ScholarCross Ref
- Peter Wright and John McCarthy. 2008. Empathy and experience in HCI. Conference on Human Factors in Computing Systems - Proceedings: 637–646. https://doi.org/10.1145/1357054.1357156Google ScholarDigital Library
- Mirko Zichichi, Stefano Ferretti, and Gabriele D'Angelo. 2020. On the Efficiency of Decentralized File Storage for Personal Information Management Systems. arXiv.Google Scholar
- S Zuboff. 2019. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. Profile. Retrieved from https://books.google.co.uk/books?id=W7ZEDgAAQBAJGoogle Scholar
- Ethan Zuckerman. 2021. Mistrust: why losing faith in institutions provides the tools to transform them. Italian Political Science Review/Rivista Italiana di Scienza Politica: 1–3.Google Scholar
- The personal computer revolution. In Britannica. Retrieved from https://www.britannica.com/technology/computer/The-personal-computer-revolutionGoogle Scholar
- Data Protection Act 1984. Retrieved August 9, 2021 from https://www.legislation.gov.uk/ukpga/1984/35/contents/enactedGoogle Scholar
- Privacy & Terms – Google. Retrieved August 9, 2021 from https://policies.google.com/Google Scholar
- Privacy. Retrieved August 9, 2021 from https://privacy.linkedin.com/Google Scholar
- Privacy - Apple (UK). Retrieved August 9, 2021 from https://www.apple.com/uk/privacy/Google Scholar
- Facebook - Data Policy. Retrieved August 9, 2021 from https://www.facebook.com/about/privacyGoogle Scholar
- HDI Lab, Heerlen. Retrieved from https://hdilab.com/Google Scholar
- List of target companies’ data at wiki.personaldata.io. Retrieved from https://wiki.personaldata.io/wiki/Item:Q2369Google Scholar
- digi.me. Retrieved August 23, 2021 from https://digi.me/Google Scholar
- datacy - About Us. Retrieved March 22, 2019 from https://www.datacy.com/personal/about-usGoogle Scholar
- ethi. Retrieved from https://www.ethi.me/Google Scholar
- Our Values. Retrieved March 31, 2021 from https://www.citizenme.com/about/our-valuesGoogle Scholar
- exist.io. Retrieved August 23, 2021 from https://exist.io/Google Scholar
- 1998. Data Protection Act 1998. Retrieved August 9, 2021 from https://www.legislation.gov.uk/ukpga/1998/29/contentsGoogle Scholar
- 2014. Facebook–Cambridge Analytica Data Scandal. Wikipedia 16. Retrieved from https://en.wikipedia.org/wiki/Facebook–Cambridge_Analytica_data_scandalGoogle Scholar
- 2018. Our digital lives. TED Talks. Retrieved March 24, 2021 from https://www.ted.com/playlists/26/our_digital_livesGoogle Scholar
- 2018. HDI Network Plus, University of Glasgow. Retrieved from https://hdi-network.org/Google Scholar
- 2021. Mydex. Retrieved August 23, 2021 from https://mydex.org/Google Scholar
Index Terms
- Human-GDPR Interaction: Practical Experiences of Accessing Personal Data
Recommendations
The Effect of the GDPR on Privacy Policies: Recent Progress and Future Promise
Special Issue on Analytics for Cybersecurity and Privacy, Part 2 and Regular PapersThe General Data Protection Regulation (GDPR) is considered by some to be the most important change in data privacy regulation in 20 years. Effective May 2018, the European Union GDPR privacy law applies to any organization that collects and processes ...
Opening Privacy Sensitive Microdata Sets in Light of GDPR
dg.o 2019: Proceedings of the 20th Annual International Conference on Digital Government ResearchTo enhance the transparency, accountability and efficiency of the Dutch Ministry of Justice and Security, the ministry has set up an open data program to proactively stimulate sharing its (publicly funded) data sets with the public. Disclosure of ...
On opening sensitive data sets in light of GDPR
ICEGOV '19: Proceedings of the 12th International Conference on Theory and Practice of Electronic GovernanceDisclosure of personal data is considered as one of the main threats for data opening. In this contribution we consider the data that are sensitive in GDPR terms (for example, criminal justice data within the Dutch justice domain) and discuss how they ...
Comments