![Sample our Computer Science journals, sign in here to start your access, latest two full volumes FREE to you for 14 days]({"type":"image" , "src" : "/sda/5928/TOC-Subject-Sample-2021-Computer-Science.jpg"})
ABSTRACT
In both data protection law and research of usable privacy, awareness and control over the collection and use of personal data are understood to be cornerstones of digital sovereignty. For example, the European General Data Protection Regulation (GDPR) provides data subjects with the right to access data collected by organisations but remains unclear on the concrete process design. However, the design of data subject rights is crucial when it comes to the ability of customers to exercise their right and fulfil regulatory aims such as transparency. To learn more about user needs in implementing the right to access as per GDPR, we conducted a two-step study. First, we defined a five-phase user experience journey regarding the right to access: finding, authentication, request, access and data use. Second, and based on this model, 59 participants exercised their right to access and evaluated the usability of each phase. Drawing on 422 datasets spanning 139 organisations, our results show several interdependencies of process design and user satisfaction. Thereby, our insights inform the community of usable privacy and especially the design of the right to access with a first, yet robust, empirical body.
Acknowledgements
We thank the students of the Usable Privacy and Security course in winter semester 20/21 for their active participation.
Disclosure statement
No potential conflict of interest was reported by the author(s).
Notes
1 Interestingly, no one requested his/her data from another international multi service provider, Microsoft.
2 The Shapiro-Wilk test was performed for the residuals of ANOVA and showed that the distribution of the residuals departed significantly from normality (W = 0.951, p < .0001). The visual analysis (Appendix 3, ) shows that the distribution is roughly ‘bell-shaped’, and the deviation mainly concerns the outer value range. Because of the results of the Shapiro-Wilk test, however, we perform an additional Kruskal–Wallis rank sum test.
3 The visual analysis (Appendix 2, ) shows that the distribution is roughly ‘bell-shaped’. As the Shapiro-Wilk test for the residuals of regression (W = 0.974, p < .0001) indicates a deviation from normality, we also perform an additional linear regression with bootstrapping (with R = 5000 replications). This leads to similar results (Intercept-95% CI [LL, UL] = [34.632, 41.002]; Finding Duration (log scaled)-95% CI [LL, UL] = [−4.189, −2.054])
4 We perform an additional Kruskal–Wallis test because the Shapiro-Wilk test indicates that the ANOVA residuals departed significantly from normality (W = 0.951, p < .0001). See also: Appendix 3, .
5 The visual analysis (Appendix 2, ) shows that the distribution is roughly ‘bell-shaped’. Because the Shapiro-Wilk test for the residuals of regression (W = 0.957, p < .0001) indicates a deviation from normality, we also performed an additional linear regression with bootstrapping (R = 5000 replications). This leads to similar results (Intercept-95% CI [LL, UL] = [59.034, 63.548]; Data Request Duration (log scaled)-95% CI [LL, UL] = [−3.476, −1.871])
6 We perform an additional Kruskal–Wallis test because the Shapiro-Wilk test indicates that the ANOVA residuals departed significantly from normality (W = 0.973, p < .0001). See also: Appendix 3, .
7 The visual analysis (see Appendix 2, ) shows that the distribution is roughly ‘bell-shaped’. Because the Shapiro-Wilk test for the residuals of regression (W = 0.863, p < .0001) indicates a deviation from normality, we also performed an additional linear regression with bootstrapping with (R = 5000 replications). This leads to similar results (Intercept-95% CI [LL, UL] = [−.507, .209]; SUS score-95% CI [LL, UL] = [.009, .021]).