Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services

• URL: http://arxiv.org/abs/2503.04259v1
• Date: Thu, 06 Mar 2025 09:41:58 GMT
• Title: Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services
• Authors: Daniela Pöhn, Nils Gruschka,
• Abstract summary: It is unclear whether online services comply with individual requirements if privacy policies are sparse.<n>The study concludes that quality of data access responses varies among analyzed services, and none all requirements completely.
• Score: 0.0
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The European General Data Protection Regulation (GDPR) grants European users the right to access their data processed and stored by organizations. Although the GDPR contains requirements for data processing organizations (e.g., understandable data provided within a month), it leaves much flexibility. In-depth research on how online services handle data subject access request is sparse. Specifically, it is unclear whether online services comply with the individual GDPR requirements, if the privacy policies and the data subject access responses are coherent, and how the responses change over time. To answer these questions, we perform a qualitative structured review of the processes and data exports of significant online services to (1) analyze the data received in 2023 in detail, (2) compare the data exports with the privacy policies, and (3) compare the data exports from November 2018 and November 2023. The study concludes that the quality of data subject access responses varies among the analyzed services, and none fulfills all requirements completely.

Related papers

• Are Data Experts Buying into Differentially Private Synthetic Data? Gathering Community Perspectives [14.736115103446101]
  In the United States, differential privacy (DP) is the dominant technical operationalization of privacy-preserving data analysis.<n>This study qualitatively examines one class of DP mechanisms: private data synthesizers.
  arXiv  Detail & Related papers  (2024-12-17T15:50:14Z)
• Data Acquisition: A New Frontier in Data-centric AI [65.90972015426274]
  We first present an investigation of current data marketplaces, revealing lack of platforms offering detailed information about datasets. We then introduce the DAM challenge, a benchmark to model the interaction between the data providers and acquirers. Our evaluation of the submitted strategies underlines the need for effective data acquisition strategies in Machine Learning.
  arXiv  Detail & Related papers  (2023-11-22T22:15:17Z)
• Needle in the Haystack: Analyzing the Right of Access According to GDPR Article 15 Five Years after the Implementation [0.0]
  Article 15 of the European Union's General Data Protection Regulation (Article 15) was implemented in 2018 to strengthen data protection for Europeans. This study aims to explore the challenges faced by individuals who request their data. A few exceptions did not respond with any data or deliver machine-readable data. The findings reveal ten patterns individuals face when requesting and accessing their data.
  arXiv  Detail & Related papers  (2023-08-29T09:49:15Z)
• QI2 -- an Interactive Tool for Data Quality Assurance [63.379471124899915]
  The planned AI Act from the European commission defines challenging legal requirements for data quality. We introduce a novel approach that supports the data quality assurance process of multiple data quality aspects.
  arXiv  Detail & Related papers  (2023-07-07T07:06:38Z)
• Outsourcing Training without Uploading Data via Efficient Collaborative Open-Source Sampling [49.87637449243698]
  Traditional outsourcing requires uploading device data to the cloud server. We propose to leverage widely available open-source data, which is a massive dataset collected from public and heterogeneous sources. We develop a novel strategy called Efficient Collaborative Open-source Sampling (ECOS) to construct a proximal proxy dataset from open-source data for cloud training.
  arXiv  Detail & Related papers  (2022-10-23T00:12:18Z)
• Adherence Forecasting for Guided Internet-Delivered Cognitive Behavioral Therapy: A Minimally Data-Sensitive Approach [59.535699822923]
  Internet-delivered psychological treatments (IDPT) are seen as an effective and scalable pathway to improving the accessibility of mental healthcare. This work proposes a deep-learning approach to perform automatic adherence forecasting, while relying on minimally sensitive login/logout data. The proposed Self-Attention Network achieved over 70% average balanced accuracy, when only 1/3 of the treatment duration had elapsed.
  arXiv  Detail & Related papers  (2022-01-11T13:55:57Z)
• Benchmarks for Deep Off-Policy Evaluation [152.28569758144022]
  We present a collection of policies that can be used for benchmarking off-policy evaluation. The goal of our benchmark is to provide a standardized measure of progress that is motivated from a set of principles. We provide open-source access to our data and code to foster future research in this area.
  arXiv  Detail & Related papers  (2021-03-30T18:09:33Z)
• Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications [0.0]
  General European Union Data Protection Regulation (EU) aims to ensure that all personal processing activities are fair and transparent. To end this, it sets strict requirements to transfer personal data outside of the EU. A substantial 56% of analysed apps are potentially non-compliant with cross-border data transfer requirements.
  arXiv  Detail & Related papers  (2021-03-12T14:13:26Z)
• GDPR: When the Right to Access Personal Data Becomes a Threat [63.732639864601914]
  We examine more than 300 data controllers performing for each of them a request to access personal data. We find that 50.4% of the data controllers that handled the request, have flaws in the procedure of identifying the users. With the undesired and surprising result that, in its present deployment, has actually decreased the privacy of the users of web services.
  arXiv  Detail & Related papers  (2020-05-04T22:01:46Z)
• The SPECIAL-K Personal Data Processing Transparency and Compliance Platform [0.1385411134620987]
  SPECIAL EU H 2020 project can be used to represent data policies and data and events sharing. System can verify that data processing and sharing complies with the data subjects consent.
  arXiv  Detail & Related papers  (2020-01-26T14:30:09Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.