How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps
作者: Jacob Leon Kröger , Jens Lindemann , Dominik Herrmann
关键词:
摘要: EU data protection laws grant consumers the right to access personal that companies hold about them. In a first-of-its-kind longitudinal study, we examine how service providers have complied with subject requests over four years. three iterations between 2015 and 2019, sent vendors of 225 mobile apps popular in Germany. Throughout iterations, 19 26% were unreachable or did not reply at all. Our fulfilled 15 53% cases, an unexpected decline GDPR enforcement date end our study. The remaining responses exhibit long list shortcomings, including severe violations information security principles. Some even contained deceptive misleading statements (7 13%). Further, 9% discontinued 27% user accounts vanished during mostly without proper notification consequences for data. While observe improvements selected aspects time, results indicate request handling will be unsatisfactory as accept such via email process them manually.
acm.org
sci-hub.st 参考文章(25)
Marion Albers, Heinrich Amadeus Wolff, Stefan Brink, Datenschutzrecht in Bund und Ländern : Grundlagen, Bereichsspezifischer Datenschutz, BDSG : Kommentar C.H. Beck. ,(2013)
Peter Hanau, Ingrid Schmidt, Günter Schaub, Dieterich, Thomas, Dr. jur, Ulrich Preis, Rudi Müller-Glöge, Erfurter Kommentar zum Arbeitsrecht C.H. Beck. ,(2013)
Xavier Duncan L'Hoiry, Clive Norris, None, The Honest Data Protection Officer’s Guide to Enable Citizens to exercise their Subject Access Rights: lessons from a ten-country European study International Data Privacy Law. ,vol. 5, pp. 190- 204 ,(2015) , 10.1093/IDPL/IPV009
Keith Spiller, Experiences of accessing CCTV data: The urban topologies of subject access requests: Urban Studies. ,vol. 53, pp. 2885- 2900 ,(2016) , 10.1177/0042098015597640
Jim McCambridge, John Witton, Diana R. Elbourne, Systematic review of the Hawthorne effect: New concepts are needed to study research participation effects Journal of Clinical Epidemiology. ,vol. 67, pp. 267- 277 ,(2014) , 10.1016/J.JCLINEPI.2013.08.015
Dear Mr Sotiropoulos, ARTICLE 29 Data Protection Working Party ,(2013)
Andrei P. Kirilenko, Svetlana Stepchenkova, Inter-Coder Agreement in One-to-Many Classification: Fuzzy Kappa PLOS ONE. ,vol. 11, pp. e0149787- ,(2016) , 10.1371/JOURNAL.PONE.0149787
Anthony Quattrone, Lars Kulik, Egemen Tanin, Kotagiri Ramamohanarao, Tao Gu, PrivacyPalisade: Evaluating app permissions and building privacy into smartphones international conference on information and communication security. pp. 1- 5 ,(2015) , 10.1109/ICICS.2015.7459926
Clive Norris, Paul De Hert, Xavier L'hoiry, Antonella Galetta, The Unaccountable State of Surveillance Springer International Publishing. ,(2017) , 10.1007/978-3-319-47573-8
Paul Voigt, Axel von dem Bussche, The EU General Data Protection Regulation (GDPR) Springer International Publishing. ,(2017) , 10.1007/978-3-319-57959-7