GDPR-Reality Check on the Right to Access Data: Claiming and Investigating Personally Identifiable Data from Companies

@article{Alizadeh2019GDPRRealityCO,
  title={GDPR-Reality Check on the Right to Access Data: Claiming and Investigating Personally Identifiable Data from Companies},
  author={Fatemeh Alizadeh and Timo Jakobi and Jens Boldt and Gunnar Stevens},
  journal={Proceedings of Mensch und Computer 2019},
  year={2019}
}
Loyalty programs are early examples of companies commercially collecting and processing personal data. Today, more than ever before, personal information is being used by companies of all types for a wide variety of purposes. To limit this, the General Data Protection Regulation (GDPR) aims to provide consumers with tools to control data collection and processing. What this right concretely means, which types of tools companies have to provide to their customers and in which way, is currently… 
Human-GDPR Interaction: Practical Experiences of Accessing Personal Data
TLDR
It appears that GDPR falls short of its goals due to non-compliance and low-quality responses, and it is proposed that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.
The Role of IS in the Conflicting Interests Regarding GDPR
TLDR
Almost two years after the entry into force of the GDPR, it seems appropriate to reflect on first effects, suggestions for improvement and future high potential research areas on the interpretation of certain aspects of GDPR.
Data Privacy: A Driver for Competitive Advantage
TLDR
This chapter argues why designing with privacy in mind is a win-win situation, not only for businesses and service design, but especially in the context of data-based services.
Privacy Dashboards: The Impact of the Type of Personal Data and User Control on Trust and Perceived Risk
TLDR
The results indicate that the presence of derived data had a more negative impact on trust and perceived privacy risk than inferred data, such as interest probabilities -- and both categories had a larger impact than provided and observed, unprocessed user data.
GDPR: What's in a Year (and a Half)?
TLDR
Investigation of how the research community has been tackling the security and privacy requirements mandated by the General Data Protection Legislation over the last year and a half finds that most proposed solutions focus on Consent, PrivacybyDefault/Design and are assessed on IoT and healthcare domains.
Towards Blockchain-Based GDPR-Compliant Online Social Networks: Challenges, Opportunities and Way Forward
TLDR
The link between GDPR provisions and the use of blockchain technology for solving the consent management problem in online social networks is investigated and possible ways to reconcile blockchain technology with the GDPR requirements are demonstrated.
A Consumer Perspective on Privacy Risk Awareness of Connected Car Data Use
TLDR
This study reports on the analysis of a survey with 18 open-ended questions distributed to 1,000 households in a medium-sized German city and provides qualitative insights into existing attitudes and use cases of connected car features and, most importantly, a list of perceived risks themselves.
User-friendly formulation of data processing purposes of voice assistants: a user perspective on the principle of purpose limitation
TLDR
The study shows that existing purpose statements offer hardly any transparency for consumers regarding the consequences of data processing and do not have any restrictive effect with regard to legal data use, and draws conclusions about the user-friendly design of processing purposes in terms of a design resource.
Personally Identifiable Information (PII) Detection in the Unstructured Large Text Corpus using Natural Language Processing and Unsupervised Learning Technique
TLDR
A clustering-based PII Model (C-PPIM) based on NLP and unsupervised learning to address detection of PII in the unstructured large text corpus is presented.
Scan&Go: Understanding Adoption and Design of Smartphone-based Self-checkout
TLDR
This study presents a refined and nuanced understanding of technology as well as infrastructure-related factors that influence adoption of smartphone-based Scan&Go and presents several implications for designing and implementing of Scan& Go in retail environments.
...
...

References

SHOWING 1-10 OF 20 REFERENCES
Consumption as biopower: Governing bodies with loyalty cards
For more than a decade, many retail companies have been collecting large volumes of data on a daily basis through loyalty card programmes. These programmes gather, at point-of-purchase, the identity
Designing a GDPR-Compliant and Usable Privacy Dashboard
TLDR
This work designs, implements, and evaluates a privacy dashboard for data subjects intending to enable and ease the execution of data privacy rights granted by the GDPR.
User control of personal data : A study of personal data management in a GDPR-compliant grahpical user interface
The following bachelor thesis explores the design of a GDPR (General Data Protection Regulation) compliant graphical user interface, for an administrative school system. The work presents the proce
Accomplishing Transparency within the General Data Protection Regulation
TLDR
What Transparency Enhancing Technologies can help to accomplish transparency in agreement with technical requirements that are mandatory by law under the recently approved General Data Protection Regulation are systematically reviewed.
Privacy and identity management. The smart evolution: 12th IFIP WG 9.2, 9.5, 9.6/11.7, 11.6/SIG 9.2.2 International Summer School, Ispra, Italy, September 4-8, 2017, revised selected papers
TLDR
This book contains selected papers presented at the 12th IFIP WG 9.2.2 International Summer School on Privacy and Identity Management, held in Ispra, Italy, in September 2017.
Privacy by Design - Principles of Privacy-Aware Ubiquitous Systems
TLDR
Six principles for guiding system design are developed, based on a set of fair information practices common in most privacy legislation in use today: notice, choice and consent, proximity and locality, anonymity and pseudonymity, security, and access and recourse.
Privacy-By-Design für das Connected Car: Architekturen aus Verbrauchersicht
TLDR
Derzeit besteht ein hoher Gestaltungs- and Regulierungsbedarf zur Ausgestaltung einer Connected Car Cloud und die Verbrauchersicht ist in der aktuellen Diskussion jedoch unterrepräsentiert.
Mehrseitige, barrierefreie Sicherheit intelligenter Messsysteme
TLDR
In thisen Beitrag werden die potentiellen Umsetzungsszenarien aus einer dezidierten Nutzerperspektive analysiert, um sichere, barrierefreie und gebrauchstaugliche Lösungen für die breite Masse anzubieten zu berücksichtigen.
...
...