DeepAI AI Chat
Log In Sign Up

Streamlining personal data access requests: From obstructive procedures to automated web workflows

by   Nicola Leschke, et al.

Transparency and data portability are two core principles of modern privacy legislations such as the GDPR. From the regulatory perspective, providing individuals (data subjects) with access to their data is a main building block for implementing these. Different from other privacy principles and respective regulatory provisions, however, this right to data access has so far only seen marginal technical reflection. Processes related to performing data subject access requests (DSARs) are thus still to be executed manually, hindering the concept of data access from unfolding its full potential. To tackle this problem, we present an automated approach to the execution of DSARs, employing modern techniques of web automation. In particular, we propose a generic DSAR workflow model, a corresponding formal language for representing the particular workflows of different service providers (controllers), a publicly accessible and extendable workflow repository, and a browser-based execution engine, altogether providing “one-click” DSARs. To validate our approach and technical concepts, we examine, formalize and make publicly available the DSAR workflows of 15 widely used service providers and implement the execution engine in a publicly available browser extension. Altogether, we thereby pave the way for automated data subject access requests and lay the groundwork for a broad variety of subsequent technical means helping web users to better understand their privacy-related exposure to different service providers.


page 1

page 2

page 3

page 4


VICEROY: GDPR-/CCPA-compliant Enforcement of Verifiable Accountless Consumer Requests

Recent data protection regulations (such as GDPR and CCPA) grant consume...

Amplifying Privacy: Scaling Up Transparency Research Through Delegated Access Requests

In recent years, numerous studies have used 'data subject access request...

TIRA: An OpenAPI Extension and Toolbox for GDPR Transparency in RESTful Architectures

Transparency - the provision of information about what personal data is ...

Can Authoritative Governments Abuse the Right to Access?

The right to access is a great tool provided by the GDPR to empower data...

GDPR: When the Right to Access Personal Data Becomes a Threat

After one year since the entry into force of the GDPR, all web sites and...

Hiding in the Clouds and Building a Stealth Communication Network

Social networks, instant messages and file sharing systems are common co...