✍🏼 Text written by Tea Aljaž.
source: The Parliament Magazine
I am sure you’ve already heard about GDPR, but have you ever actively thought about how it affects our everyday lives? Whenever you click ‘accept all cookies’, do you ever think about where all your data goes? Do you know why you get ads for very specific items you were just searching online? 🤨
Well, authors of the article ‘A Study on Subject Data Access in Online Advertising after the GDPR‘ did care about all that. The main question addressed in the study is how the GDPR has impacted the access of individuals to their personal data in the context of online advertising. The authors aim to examine the extent to which individuals are able to exercise their rights under the GDPR and access, modify, or delete their personal data from online advertising platforms. 👀
But before we dig in this post, let’s take a look at brief overview of what GDPR is. ⬇️
The General Data Protection Regulation (GDPR) is a comprehensive set of regulations that aims to protect the personal data of individuals within the European Union. It was implemented in May 2018 and applies to organizations that collect, process, and store personal data. The GDPR provides individuals with increased control over their personal data and imposes stricter rules on how organizations handle and protect such data. It also introduces hefty fines for non-compliance, making data privacy a critical concern for businesses operating within the EU.
Now that we understand what GDPR means, we can move forward. ⏩ In this post, I will explain what the main topic is and what question are the authors trying to answer in the report, describe how they conducted the research and why they chose that method, I will share the main findings and conclusions from the study, summarise the most important parts of the results and discuss their practical and theoretical significance, and suggest what kinds of studies could be conducted in the future based on what’s in the article.
INTRODUCTION ✉️
The introduction focuses on the exploration of the impact of the GDPR on subject data access in online advertising. The authors aim to answer the question of how the GDPR has influenced user control over their personal data, which is, among other things, used for targeted advertising purposes. 🎯
Through this study, they investigate the methods used by online advertisers to comply with the GDPR, as well as the effectiveness of user data access requests. By analyzing the subject data access requests made by users, the authors seek to understand the extent to which users are able to exercise their data access rights following the implementation of the GDPR.
METHODOLOGY 📚
In order to investigate the researchers utilised a specific methodology. They used a combination of both quantitative and qualitative methods to gather relevant data. 💪
They collected data from a sample of 39 companies operating within online advertising, through a combination of web crawling and manual analysis. 💻
Web crawling involved visiting various websites that use online advertising and collecting information about the data subject’s access to their personal data. 🕸
The collected data was then analysed to identify patterns and trends regarding subject data access in online advertising, such as:
👉🏼 Subject Access Requests,
👉🏼 Examination of Privacy Policies,
👉🏼 Response Behavior Analysis,
👉🏼 Assessment of Data Format and Content, and
👉🏼 Responses to Specific/Additional Questions.
Or in other words – they checked if companies made the access to the data easy, how the companies handled your data, they checked what their response time was (they are allowed 30 days to reply), how they shared the data (format and information), and how/if they responded to additional questions.
By combining automated data collection with manual analysis, the researchers were able to obtain a detailed understanding of the factors influencing subject data access and compliance with GDPR regulations and provided valuable insights for further analysis.
RESULTS 📝
The main findings of the study demonstrate several crucial aspects.
☝️ Firstly, a considerable portion of advertising companies did not implement an efficient mechanism for data access requests, highlighting a lack of compliance with the GDPR. Subject data access requests were often incomplete or denied, indicating a significant challenge for individuals seeking to exercise their data rights. For example, some companies denied data access to unregistered individuals, some required additional proof of personal information such as copies of official identification documents, etc.
✌️ Secondly, when examining privacy policies, they found out various degrees of transparency. While some companies offered comprehensive and straightforward information regarding data sharing, profiling, and legal framework concerning data processing, some didn’t. It is very important for the users to understand privacy policies and also to empower them to exercise their right to get their data.
🤟 Thirdly, over 58% of selected companies did not reply within GDPR’s 30 day response time limit – which is a very clear violation of GDPR.
✌️✌️Fourthly, in terms of the data assessment format, the companies shared the data in various forms. Some were very straightforward, while others provided data in cryptic and raw formats which can be challenging to read and understand for some users. This kind of diversity in data formats can significantly impact users ability to interpret their personal data.
🖐 Lastly, the response rate to additional question was very low. Only a few companies provided responses to specific inquiries and even fewer gave the researchers more detailed information about their data processing.
🤝 Finally, the study reveals the need for improved transparency and accountability in online advertising practices to ensure compliance with data protection regulations.
DISCUSSION 🗣
The study revealed that despite the implementation of the GDPR, which aimed to give individuals more control over their personal data, there are still significant concerns about subject data access in the context of online advertising. The authors argue that current mechanisms for subject data access are not user-friendly, as many individuals struggle to exercise their rights and are unaware of the data collected about them. These findings have important implications for both individuals and policymakers, as they emphasise the need for more transparent and user-friendly mechanisms for subject data access.
FUTURE STUDIES 📈
This study has shed light on the challenges and practices surrounding subject data access in online advertising post-GDPR.
In future studies, it would be valuable to explore the long-term impact of the GDPR on subject data access in online advertising.
This could involve conducting follow-up research to see if organisations have implemented the necessary changes to comply with the GDPR and if subject data access has improved.
Additionally, it would be interesting to investigate the effectiveness of different methods for requesting and accessing personal data in online advertising. This could include examining the use of consent management platforms or developing new tools and technologies to facilitate subject data access.
In conclusion, this study has shed light on the overall landscape and challenges faced by both users and industry players. From the analysis of data subject access requests findings reveal the complexity and difficulties in implementing subject data access requests, pointing towards the need for standardised frameworks and improved transparency.