Generating Practices: Investigations into the Double Embedding of GDPR and Data Access Policies-Reference-Cited by-同舟云学术

Generating Practices: Investigations into the Double Embedding of GDPR and Data Access Policies

Published:2022-11-07 Issue:CSCW2 Volume:6 Page:1-26
ISSN:2573-0142
Container-title:Proceedings of the ACM on Human-Computer Interaction
language:en
Short-container-title:Proc. ACM Hum.-Comput. Interact.

Author:

Petelka Justin¹,Oreglia Elisa²,Finn Megan¹,Srinivasan Janaki³

Affiliation:

1. University of Washington, Seattle, WA, USA

2. King's College London, London, United Kingdom

3. International Institute of Information Technology, Bangalore, Bangalore, India

Abstract

The right of access, found in the EU's GDPR and similar data protection regulations around the world, requires corporations and other organizations to give people access to the data they hold about them. Such regulations create obligations for data controllers but leave flexibility on how to achieve them, resulting in variation in how Data Subject Access Requests (DSARs) are implemented by different corporations. To understand the various practices emerging around DSARs and how requesting data influences the way people think of data protection laws, we asked participants in India, the UK and USA to make 38 DSARs from 11 different companies. Using the metaphor of the policy-design-practice "knot" ~\citejacksonPolicyKnotReintegrating2014, we examine DSARs as a case of the co-constitutive links between policy, design, and practice. We find that the DSAR process was not linear and participants employed many work-arounds. The challenges they encountered in the overall DSAR process negatively affected their perceptions of data protection policies. Our study suggests that researchers have to be flexible in adapting research methodology to understanding emerging practices, and that there is a need for more collaborative experimentation with DSARs before standardizing the process.

Funder

University of Washington Strategic Research Fund

Publisher

Association for Computing Machinery (ACM)

Subject

Computer Networks and Communications,Human-Computer Interaction,Social Sciences (miscellaneous)

Link

https://dl.acm.org/doi/pdf/10.1145/3555631

Reference77 articles.

1. Hadi Asghari , Thomas van Biemen , and Martijn Warnier . 2021. Amplifying Privacy : Scaling Up Transparency Research Through Delegated Access Requests. arXiv:2106.06844 [cs] (June 2021 ). arxiv: 2106.06844 [cs] http://arxiv.org/abs/2106.06844 Hadi Asghari, Thomas van Biemen, and Martijn Warnier. 2021. Amplifying Privacy : Scaling Up Transparency Research Through Delegated Access Requests. arXiv:2106.06844 [cs] (June 2021). arxiv: 2106.06844 [cs] http://arxiv.org/abs/2106.06844

2. Jef Ausloos and Pierre Dewitte . 2018. Shattering One-Way Mirrors. Data Subject Access Rights in Practice. SSRN Scholarly Paper ID 3106632. Social Science Research Network , Rochester, NY . https://papers.ssrn.com/abstract=3106632 Jef Ausloos and Pierre Dewitte. 2018. Shattering One-Way Mirrors. Data Subject Access Rights in Practice. SSRN Scholarly Paper ID 3106632. Social Science Research Network, Rochester, NY. https://papers.ssrn.com/abstract=3106632

3. Researching with Data Rights;Ausloos Jef;Technology and Regulation,2020

4. Rishab Bailey , Smriti Parsheera , Faiza Rahman , and Renuka Sane . 2018. Disclosures in Privacy Policies : Does 'Notice and Consent ' Work ? SSRN Scholarly Paper 3328289. Social Science Research Network , Rochester, NY . https://doi.org/10.2139/ssrn.3328289 10.2139/ssrn.3328289 Rishab Bailey, Smriti Parsheera, Faiza Rahman, and Renuka Sane. 2018. Disclosures in Privacy Policies : Does 'Notice and Consent ' Work ? SSRN Scholarly Paper 3328289. Social Science Research Network, Rochester, NY. https://doi.org/10.2139/ssrn.3328289

5. Data journeys: Capturing the socio-material constitution of data objects and flows

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Unlocking personal data from online services: user studies on data export experiences and data transfer scenarios;Human–Computer Interaction;2024-03-20

3. How to Drill into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages;Lecture Notes in Computer Science;2024

4. Access Your Data... if You Can: An Analysis of Dark Patterns Against the Right of Access on Popular Websites;Lecture Notes in Computer Science;2024

5. Streamlining Personal Data Access Requests: From Obstructive Procedures to Automated Web Workflows;Lecture Notes in Computer Science;2023