RSS Feed
June 24th, 2014 
David Schulberg 
Four out of ten organizations obstruct citizens from accessing their own personal data, says a recent study. Companies like Google, Facebook and Twitter also fail to fulfill their duty to be transparent.
The international study,
conducted by experts from the University of Sheffield, has
inspected at least 327 organizations across Europe, including the
UK, Norway and Germany.
“Our online behavior is monitored, analyzed, stored and used.
The challenge for all of us is that our information is often kept
from us, despite the law and despite our best efforts to access
it,” says Professor Clive Norris, a specialist in the
sociology of surveillance, who led the study.
According to the report, the research found that in almost 20
percent of cases, “it was simply not possible to locate a
data controller.” The report
added that in the places where the controllers could be located,
the quality of information varied enormously.
In the best cases, information was thorough and followed
legislative guidelines closely and in the worst cases, the data
was “very basic, often failing to explain how to make an
access request or indeed what an access request actually
is.”
The most reliable and efficient way of locating data controllers
turned out to be online as it gave relevant contact details in
nearly two thirds of cases (63 percent). The information was
achieved in less than five minutes over half of the time (61
percent).
Other methods, apart from online searching, were unsuccessful in
most cases.
“In the majority of cases, when contacting organizations by
telephone, members of staff lacked knowledge concerning subject
access requests,” says the research, “As a result,
answers were often incorrect, confusing and contradictory.”
When it was possible to locate the data controller, the process
of submitting an access request was often problematic. Data
controllers were “employing a range of discourses of denial
which restrict or completely deny data subjects the ability to
exercise their informational rights,” says the paper.
The study also investigated how international corporations
responded to providing personal data, saying that Google and
Facebook “are particularly restrictive in allowing citizens
to exercise their rights.”
“In over 50 percent of cases, they [Facebook and Google]
failed to disclose personal data or provide a valid reason for
not doing so, and they were similarly reluctant to disclose
information regarding third party data sharing practices…,”
says the study.
It goes on to describe one case when the researches sent two
letters to Google’s HQ, but the letters were returned with a
notice that “the recipient had not taken delivery.”
The national offices refused to process the requests saying that
Google’s US HQ was the data controller. But when requests were
sent to Google’s American head office, all but one case resulted
in silence.
Facebook also didn’t hurry to reveal personal data to its users.
“Five out of eight requests obtained no reply while the
remaining three were simply referred to Facebook’s self-download
online tool,” says the study.
Meanwhile, Nearly 1 in 5 sites (18 percent of cases) of CCTV
cameras didn’t display any kind of signal. Seven out of ten
requests for CCTV footage were met “by restrictive practices
from data controllers or their representative,” says the
research.
“Staff approached in person lacked expertise and frequently
reacted to queries with suspicion and skepticism, questioning why
one would wish to access their personal data,” it adds.
Overall, there were few satisfactory responses concerning all
aspects of the sent requests.
In 56 percent of all cases, no adequate response was received,
while in over 71 percent, automated decision making processes
were either not addressed or not addressed in a legally compliant
manner, says the document.
The report found that the spirit of the European Data Protection
Directive has frequently been undermined.
“Most concerning of all is that many of the findings detailed
above, such as the high occurrences of absence of CCTV footage,
demonstrate practices which are in contravention of both the
spirit and, more tangibly, the letter of European and national
legislation,” says the research.
According to Norris,
companies must ensure that they conform to the law and to make it
clear “who is
responsible for dealing with requests from citizens.”
“Organizations need to train their staff so they are aware of
their responsibilities under law; and they need to implement
clear and unambiguous procedures to facilitate citizens making
access requests. Finally, national data protection authorities
must have the legal means and organizational resources to both
encourage and police compliance,” he added.
Source Article from http://rt.com/news/168008-organisations-obstruct-access-data/
‘You are unauthorized’: Nearly 50% of EU organizations deny access to personal data
http://rt.com/news/168008-organisations-obstruct-access-data/
http://rt.com/rss/news/
RT – News
RT : News
http://rt.com/static/img/RT_logo_250x250.png
Views: 0
Posted in 
