14 DAY TRIAL // Internet companies out there are all about transparency when it comes to government data requests, but they’re not so good at this when it comes to allowing citizens to access their own data.
According to a study put together by the Increasing Resilience in Surveillance Societies Project, companies such as Google, Facebook and Twitter are actually really bad at this.
The study was conducted internationally by experts from the University of Sheffield and has looked into the behavior of over 327 organizations across Europe, including Germany and the United Kingdom.
“Our online behavior is monitored, analyzed, stored and used. The challenge for all of us is that our information is often kept from us, despite the law and despite our best efforts to access it,” notes Clive Norris, a specialist in the sociology of surveillance, who led the study.
The report shows that in nearly 20 percent of cases, they couldn’t even locate a data controller and even where this was possible, there was a great variation in the quality of information. He notes that in the best cases, the information was thorough and followed the letter of the law, while in the worst cases, the data was basic and most often than not, failed to explain how to even make a request to access information.
Data controllers were best located with the help of the Internet, which returned relevant contact details in 63 percent of the cases.
“In the majority of cases, when contacting organizations by telephone, members of staff lacked knowledge concerning subject access requests. As a result, answers were often incorrect, confusing and contradictory,” the study reads.
The file goes on to point that companies that act as the towers of defense in the fight to protect user data from governments such as Google and Facebook are actually “particularly restrictive” when it comes to allowing citizens to view their own data.
In fact, these two companies failed to disclose personal data or provide a valid reason for not doing so in half of the cases. They were also quite reluctant to disclose information about their data sharing practices with third-party companies.
Furthermore, Google’s local offices refused to process the requests, saying that the main US HQ was the data controller that had to be contacted. Upon redirecting the demands there, most cases were treated with silence.
Facebook had pretty much the same attitude, much to the researchers’ disappointment.
“Organizations need to train their staff so they are aware of their responsibilities under law; and they need to implement clear and unambiguous procedures to facilitate citizens making access requests. Finally, national data protection authorities must have the legal means and organizational resources to both encourage and police compliance,” said Norris.