Konferenzbeitrag
GDPR-Realitycheck on the right to access data
Lade...
Volltext URI
Dokumententyp
Text/Conference Paper
Dateien
Zusatzinformation
Datum
2019
Autor:innen
Zeitschriftentitel
ISSN der Zeitschrift
Bandtitel
Verlag
ACM
Zusammenfassung
Loyalty programs are early examples of companies
commercially collecting and processing personal data. Today,
more than ever before, personal information is being used by
companies of all types for a wide variety of purposes. To limit
this, the General Data Protection Regulation (GDPR) aims to
provide consumers with tools to control data collection and
processing. What this right concretely means, which types of
tools companies have to provide to their customers and in
which way, is currently uncertain because precedents from
case law are missing. Contributing to closing this gap, we turn
to the example of loyalty cards to supplement current
implementations of the right to claim data with a user
perspective. In our hands-on approach, we had 13 households
request their personal data from their respective loyalty
program. We investigate expectations of GDPR in general and
the right to access in particular, observe the process of claiming
and receiving, and discuss the provided data takeouts. One year
after the GDPR has come into force, our findings highlight the
consumer's expectations and knowledge of the GDPR and in
particular the right to access to inform design of more usable
privacy enhancing technologies.