Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

要旨

In our data-centric world, most services rely on collecting and using personal data. The EU’s General Data Protection Regulation (GDPR) aims to enhance individuals’ control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers’ data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

受賞
Honorable Mention
著者
Alex Bowyer
Newcastle University, Newcastle upon Tyne, United Kingdom
Jack Holt
Newcastle University, Newcastle upon Tyne, United Kingdom
Josephine Go Jefferies
Newcastle University, Newcastle upon Tyne, United Kingdom
Rob Wilson
Northumbria University, Newcastle-upon-Tyne, United Kingdom
David Kirk
Newcastle University, Newcastle upon Tyne, United Kingdom
Jan David. Smeddinck
Newcastle University, Newcastle upon Tyne, United Kingdom
論文URL

https://dl.acm.org/doi/abs/10.1145/3491102.3501947

動画

会議: CHI 2022

The ACM CHI Conference on Human Factors in Computing Systems (https://chi2022.acm.org/)

セッション: Privacy, Policy and Politics

292
5 件の発表
2022-05-05 01:15:00
2022-05-05 02:30:00