An international study examining the obstacles faced by citizens in accessing their personal data has found serial malpractice and obfuscation on the part of public and private sector organisations when citizens seek clarification of what these organisations know about them. The study was led by the University of Sheffield and investigated 327 organisations in Austria, Belgium, Germany, Hungary, Italy, Luxembourg, Norway, Slovakia, Spain and the United Kingdom. It forms part of the IRISS (Increasing Resilience in Surveillance Societies) project, funded by the European Union. It documents the actual experience citizens have when trying to use the law to access their data.
European and national laws give citizens the right to know how their personal data is used, shared and processed by private and public sector organisations. The study, encompassing citizen interactions with 327 sites, found that what should have been a straightforward process was complex, confusing, frustrating and, in the end, largely unsuccessful. The research sites were chosen based on a consideration of the socio-economic domains in which citizens encounter surveillance on a systematic basis: health, transport, employment, education, finance, leisure, communication, consumerism, civic engagement, and security and criminal justice. The study’s executive summary, policy brief, meta-analyses and individual country reports can all be accessed here.