Finding, getting and understanding: the user journey for the GDPR'S right to access.
Saved in:
| Title: | Finding, getting and understanding: the user journey for the GDPR'S right to access. |
|---|---|
| Authors: | Pins, Dominik, Jakobi, Timo, Stevens, Gunnar, Alizadeh, Fatemeh, Krüger, Jana |
| Source: | Behaviour & Information Technology. Aug2022, Vol. 41 Issue 10, p2160-2186. 27p. 1 Illustration, 16 Charts, 8 Graphs. |
| Subjects: | Information literacy, Data security, Access to information, Customer satisfaction |
| Abstract: | In both data protection law and research of usable privacy, awareness and control over the collection and use of personal data are understood to be cornerstones of digital sovereignty. For example, the European General Data Protection Regulation (GDPR) provides data subjects with the right to access data collected by organisations but remains unclear on the concrete process design. However, the design of data subject rights is crucial when it comes to the ability of customers to exercise their right and fulfil regulatory aims such as transparency. To learn more about user needs in implementing the right to access as per GDPR, we conducted a two-step study. First, we defined a five-phase user experience journey regarding the right to access: finding, authentication, request, access and data use. Second, and based on this model, 59 participants exercised their right to access and evaluated the usability of each phase. Drawing on 422 datasets spanning 139 organisations, our results show several interdependencies of process design and user satisfaction. Thereby, our insights inform the community of usable privacy and especially the design of the right to access with a first, yet robust, empirical body. [ABSTRACT FROM AUTHOR] |
| Copyright of Behaviour & Information Technology is the property of Taylor & Francis Ltd and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.) | |
| Database: | Psychology and Behavioral Sciences Collection |
|
Full text is not displayed to guests.
Login for full access.
|
|
| Abstract: | In both data protection law and research of usable privacy, awareness and control over the collection and use of personal data are understood to be cornerstones of digital sovereignty. For example, the European General Data Protection Regulation (GDPR) provides data subjects with the right to access data collected by organisations but remains unclear on the concrete process design. However, the design of data subject rights is crucial when it comes to the ability of customers to exercise their right and fulfil regulatory aims such as transparency. To learn more about user needs in implementing the right to access as per GDPR, we conducted a two-step study. First, we defined a five-phase user experience journey regarding the right to access: finding, authentication, request, access and data use. Second, and based on this model, 59 participants exercised their right to access and evaluated the usability of each phase. Drawing on 422 datasets spanning 139 organisations, our results show several interdependencies of process design and user satisfaction. Thereby, our insights inform the community of usable privacy and especially the design of the right to access with a first, yet robust, empirical body. [ABSTRACT FROM AUTHOR] |
|---|---|
| ISSN: | 0144929X |
| DOI: | 10.1080/0144929X.2022.2074894 |
