GDPR: When the Right to Access Personal Data Becomes a Threat

• URL: http://arxiv.org/abs/2005.01868v1
• Date: Mon, 4 May 2020 22:01:46 GMT
• Title: GDPR: When the Right to Access Personal Data Becomes a Threat
• Authors: Luca Bufalieri, Massimo La Morgia, Alessandro Mei, Julinda Stefa
• Abstract summary: We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
• Score: 63.732639864601914
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: After one year since the entry into force of the GDPR, all web sites and data controllers have updated their procedures to store users' data. The GDPR does not only cover how and what data should be saved by the service providers, but it also guarantees an easy way to know what data are collected and the freedom to export them. In this paper, we carry out a comprehensive study on the right to access data provided by Article 15 of the GDPR. We examined more than 300 data controllers, performing for each of them a request to access personal data. We found that almost each data controller has a slightly different procedure to fulfill the request and several ways to provide data back to the user, from a structured file like CSV to a screenshot of the monitor. We measure the time needed to complete the access data request and the completeness of the information provided. After this phase of data gathering, we analyze the authentication process followed by the data controllers to establish the identity of the requester. We find that 50.4\% of the data controllers that handled the request, even if they store the data in compliance with the GDPR, have flaws in the procedure of identifying the users or in the phase of sending the data, exposing the users to new threats. With the undesired and surprising result that the GDPR, in its present deployment, has actually decreased the privacy of the users of web services.

Related papers

• Private, Augmentation-Robust and Task-Agnostic Data Valuation Approach for Data Marketplace [56.78396861508909]
  PriArTa is an approach for computing the distance between the distribution of the buyer's existing dataset and the seller's dataset. PriArTa is communication-efficient, enabling the buyer to evaluate datasets without needing access to the entire dataset from each seller.
  arXiv  Detail & Related papers  (2024-11-01T17:13:14Z)
• RADS-Checker: Measuring Compliance with Right of Access by the Data Subject in Android Markets [5.598268459947247]
  The latest data protection regulations worldwide, such as the General Data Protection Regulation (RADS), have established the right to access personal data. RADS grants users the right to obtain a copy of their personal data from personal data controllers. There is currently no research systematically examining whether RADS has been effectively implemented in mobile apps.
  arXiv  Detail & Related papers  (2024-10-16T11:23:26Z)
• Towards Lightweight and Privacy-preserving Data Provision in Digital Forensics for Driverless Taxi [5.099632414581062]
  We propose a novel Lightweight and Privacy-preserving Data Provision approach consisting of three mechanisms. Privacy-friendly Batch Verification Mechanism (PBVm) based on elliptic curve cryptography. Data Access Control Mechanism (DACm) based on ciphertext-policy attribute-based encryption. Decentralized IN Warrant Issuance Mechanism (DIWIm) based on secret sharing.
  arXiv  Detail & Related papers  (2024-09-21T06:51:26Z)
• How to Drill Into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages [0.0]
  European Union's General Data Protection Regulation strengthened data subjects' right to access personal data. Subjects' possibilities for actually using controller-provided subject access request packages (SARPs) are severely limited so far. This dataset is publicly provided and shall, in the future, serve as a starting point for researching and comparing novel approaches for practically viable use of SARPs.
  arXiv  Detail & Related papers  (2024-07-05T12:39:51Z)
• Data Acquisition: A New Frontier in Data-centric AI [65.90972015426274]
  We first present an investigation of current data marketplaces, revealing lack of platforms offering detailed information about datasets. We then introduce the DAM challenge, a benchmark to model the interaction between the data providers and acquirers. Our evaluation of the submitted strategies underlines the need for effective data acquisition strategies in Machine Learning.
  arXiv  Detail & Related papers  (2023-11-22T22:15:17Z)
• Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation [0.0]
  Article 15 of the European Union's General Data Protection Regulation (Article 15) was implemented in 2018 to strengthen data protection for Europeans. This study aims to explore the challenges faced by individuals who request their data. A few exceptions did not respond with any data or deliver machine-readable data. The findings reveal ten patterns individuals face when requesting and accessing their data.
  arXiv  Detail & Related papers  (2023-08-29T09:49:15Z)
• Stop Uploading Test Data in Plain Text: Practical Strategies for Mitigating Data Contamination by Evaluation Benchmarks [70.39633252935445]
  Data contamination has become prevalent and challenging with the rise of models pretrained on large automatically-crawled corpora. For closed models, the training data becomes a trade secret, and even for open models, it is not trivial to detect contamination. We propose three strategies that can make a difference: (1) Test data made public should be encrypted with a public key and licensed to disallow derivative distribution; (2) demand training exclusion controls from closed API holders, and protect your test data by refusing to evaluate without them; and (3) avoid data which appears with its solution on the internet, and release the web-page context of internet-derived
  arXiv  Detail & Related papers  (2023-05-17T12:23:38Z)
• Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
  We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
  arXiv  Detail & Related papers  (2023-04-06T05:20:16Z)
• Certified Data Removal in Sum-Product Networks [78.27542864367821]
  Deleting the collected data is often insufficient to guarantee data privacy. UnlearnSPN is an algorithm that removes the influence of single data points from a trained sum-product network.
  arXiv  Detail & Related papers  (2022-10-04T08:22:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.