Toggle Main Menu Toggle Search

Open Access padlockePrints

Human-GDPR Interaction: Practical Experiences of Accessing Personal Data

Lookup NU author(s): Dr Alex Bowyer, Jack Holt, Dr Josephine Go JefferiesORCiD, Professor Dave KirkORCiD, Dr Jan Smeddinck



This work is licensed under a Creative Commons Attribution 4.0 International License (CC BY 4.0).


In our data-centric world, most services rely on collecting and using personal data. The EU's General Data Protection Regulation (GDPR) aims to enhance individuals’ control over their data, but its practical impact is not well understood. We present a 10-participant study, where each participant filed 4-5 data access requests. Through interviews accompanying these requests and discussions scrutinising returned data, it appears that GDPR falls short of its goals due to non-compliance and low-quality responses. Participants found their hopes to understand providers’ data practices or harness their own data unmet. This causes increased distrust without any subjective improvement in power, although more transparent providers do earn greater trust. We propose designing more effective, data-inclusive and open policies and data access systems to improve both customer relations and individual agency, and also that wider public use of GDPR rights could help with delivering accountability and motivating providers to improve data practices.

Publication metadata

Author(s): Bowyer A, Holt J, Go Jefferies J, Wilson R, Kirk D, Smeddinck JS

Publication type: Conference Proceedings (inc. Abstract)

Publication status: Published

Conference Name: CHI '22: CHI Conference on Human Factors in Computing Systems

Year of Conference: 2022

Pages: 1-19

Print publication date: 28/04/2022

Online publication date: 28/04/2022

Acceptance date: 15/11/2021

Date deposited: 13/01/2022

Publisher: Association of Computing Machinery, New York, NY, USA


DOI: 10.1145/3491102.3501947