Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation

• URL: http://arxiv.org/abs/2308.15166v1
• Date: Tue, 29 Aug 2023 09:49:15 GMT
• Title: Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation
• Authors: Daniela P\"ohn and Niklas M\"orsdorf and Wolfgang Hommel
• Abstract summary: Article 15 of the European Union's General Data Protection Regulation (Article 15) was implemented in 2018 to strengthen data protection for Europeans. This study aims to explore the challenges faced by individuals who request their data. A few exceptions did not respond with any data or deliver machine-readable data. The findings reveal ten patterns individuals face when requesting and accessing their data.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The General Data Protection Regulation (GDPR) was implemented in 2018 to strengthen and harmonize the data protection of individuals within the European Union. One key aspect is Article 15, which gives individuals the right to access their personal data in an understandable format. Organizations offering services to Europeans had five years' time to optimize their processes and functions to comply with Article 15. This study aims to explore the process of submitting and receiving the responses of organizations to GDPR Article 15 requests. A quantitative analysis obtains data from various websites to understand the level of conformity, the data received, and the challenges faced by individuals who request their data. The study differentiates organizations operating worldwide and in Germany, browser website- and app-based usage, and different types of websites. Thereby, we conclude that some websites still compile the data manually, resulting in longer waiting times. A few exceptions did not respond with any data or deliver machine-readable data (GDRP Article 20). The findings of the study additionally reveal ten patterns individuals face when requesting and accessing their data.

Related papers

• How to Drill Into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages [0.0]
  European Union's General Data Protection Regulation strengthened data subjects' right to access personal data. Subjects' possibilities for actually using controller-provided subject access request packages (SARPs) are severely limited so far. This dataset is publicly provided and shall, in the future, serve as a starting point for researching and comparing novel approaches for practically viable use of SARPs.
  arXiv  Detail & Related papers  (2024-07-05T12:39:51Z)
• Data-Centric AI in the Age of Large Language Models [51.20451986068925]
  This position paper proposes a data-centric viewpoint of AI research, focusing on large language models (LLMs) We make the key observation that data is instrumental in the developmental (e.g., pretraining and fine-tuning) and inferential stages (e.g., in-context learning) of LLMs. We identify four specific scenarios centered around data, covering data-centric benchmarks and data curation, data attribution, knowledge transfer, and inference contextualization.
  arXiv  Detail & Related papers  (2024-06-20T16:34:07Z)
• WebCPM: Interactive Web Search for Chinese Long-form Question Answering [104.676752359777]
  Long-form question answering (LFQA) aims at answering complex, open-ended questions with detailed, paragraph-length responses. We introduce WebCPM, the first Chinese LFQA dataset. We collect 5,500 high-quality question-answer pairs, together with 14,315 supporting facts and 121,330 web search actions.
  arXiv  Detail & Related papers  (2023-05-11T14:47:29Z)
• Retrieval Enhanced Data Augmentation for Question Answering on Privacy Policies [74.01792675564218]
  We develop a data augmentation framework based on ensembling retriever models that captures relevant text segments from unlabeled policy documents. To improve the diversity and quality of the augmented data, we leverage multiple pre-trained language models (LMs) and cascade them with noise reduction filter models. Using our augmented data on the PrivacyQA benchmark, we elevate the existing baseline by a large margin (10% F1) and achieve a new state-of-the-art F1 score of 50%.
  arXiv  Detail & Related papers  (2022-04-19T15:45:23Z)
• A Survey on Legal Judgment Prediction: Datasets, Metrics, Models and Challenges [73.34944216896837]
  Legal judgment prediction (LJP) applies Natural Language Processing (NLP) techniques to predict judgment results based on fact descriptions automatically. We analyze 31 LJP datasets in 6 languages, present their construction process and define a classification method of LJP. We show the state-of-art results for 8 representative datasets from different court cases and discuss the open challenges.
  arXiv  Detail & Related papers  (2022-04-11T04:06:28Z)
• Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications [0.0]
  General European Union Data Protection Regulation (EU) aims to ensure that all personal processing activities are fair and transparent. To end this, it sets strict requirements to transfer personal data outside of the EU. A substantial 56% of analysed apps are potentially non-compliant with cross-border data transfer requirements.
  arXiv  Detail & Related papers  (2021-03-12T14:13:26Z)
• Explainable Patterns: Going from Findings to Insights to Support Data Analytics Democratization [60.18814584837969]
  We present Explainable Patterns (ExPatt), a new framework to support lay users in exploring and creating data storytellings. ExPatt automatically generates plausible explanations for observed or selected findings using an external (textual) source of information.
  arXiv  Detail & Related papers  (2021-01-19T16:13:44Z)
• Digital trace data collection through data donation [0.4499833362998487]
  Article 15 of the EU's General Data Protection Regulation: 2018 mandates individuals have electronic access to their personal data. All major digital platforms now comply with law by users with "data download packages" (DDPs) Through all data collected by public and private entities, citizens' digital life can be obtained and analyzed to answer social-scientific questions. We provide a blueprint for digital trace data collection using DDPs, and devise a "total error framework" for such projects.
  arXiv  Detail & Related papers  (2020-11-13T11:19:25Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)
• Essential requirements for establishing and operating data trusts: practical guidance based on a working meeting of fifteen Canadian organizations and initiatives [3.0899514875025074]
  There is a gap in terms of practical guidance about how to establish and operate a data trust. In December 2019, the Canadian Institute for Health Information convened a working meeting of 19 people. The objective was to identify essential requirements for the establishment and operation of data trusts.
  arXiv  Detail & Related papers  (2020-05-04T20:20:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.