How to Drill into Silos: Creating a Free-to-Use Dataset of Data Subject Access Packages

Nicola Carlotta Leschke*, Daniela Pöhn, Frank Pallas

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding/Legal commentaryConference contributionpeer-review

Abstract

The European Union’s General Data Protection Regulation (GDPR) strengthened several rights for individuals (data subjects). One of these is the data subjects’ right to access their personal data being collected by services (data controllers), complemented with a new right to data portability. Based on these, data controllers are obliged to provide respective data and allow data subjects to use them at their own discretion. However, the subjects’ possibilities for actually using and harnessing said data are severely limited so far. Among other reasons, this can be attributed to a lack of research dedicated to the actual use of controller-provided subject access request packages (SARPs). To open up and facilitate such research, we outline a general, high-level method for generating, pre-processing, publishing, and finally using SARPs of different providers. Furthermore, we establish a realistic dataset comprising two users’ SARPs from five services. This dataset is publicly provided and shall, in the future, serve as a starting and reference point for researching and comparing novel approaches for the practically viable use of SARPs.

Original languageEnglish
Title of host publicationPrivacy Technologies and Policy
Subtitle of host publicationAPF 2024
EditorsMeiko Jensen, Céderic Lauradoux, Kai Rannenberg
Pages132 - 155
Number of pages24
ISBN (Electronic)978-3-031-68024-3
DOIs
Publication statusPublished - 1 Aug 2024

Publication series

NameLecture Notes in Computer Science
PublisherSpringer
Volume14831

Bibliographical note

Publisher Copyright:
© The Author(s), under exclusive license to Springer Nature Switzerland AG 2024.

Keywords

  • DSAR
  • Data Portability
  • Data subject access request
  • GDPR
  • Personal data access
  • Personal data package
  • Privacy
  • Transparency

Fields of Science and Technology Classification 2012

  • 102 Computer Sciences
  • 505 Law

Cite this