Access denied: retrieving personal data is often hopeless as Google refuses point-blank to provide online information
Public bodies and private corporations including Internet giant Google are flouting the public’s right to access personal data being held on them
Public bodies and private corporations including Internet giant Google are flouting the public’s right to access personal data being held on them, according to a major new international study.
Researchers found that nearly half of data holders either failed to disclose the private information they stored on citizens or did not give a legitimate reason for not doing so when asked.
Among the organisations contacted in the pan-European study carried out by Sheffield University were banks, healthcare providers, supermarkets, universities, security firms as well as the US search engine company.
Attempts to find information were routinely met with serial malpractice as well as obfuscation and ignorance of obligations under the law, it was claimed.
Campaigners described the findings as “shocking” and accused regulators and legislators of failing to safeguard citizens’ rights.
Professor Clive Norris, who led the study – part of the EU-funded Increasing Resilience in Surveillance Societies project - said individuals handed over private data on a daily basis, creating “vast and invisible reservoirs of personal information”.
“We are selectively marketed to, our locations are tracked by CCTV and automated licence plate recognition systems and our online behaviour is monitored, analysed, stored and used. The challenge for all of us is that our information is often kept from us, despite the law and despite our best efforts to access it,” he said
“In our view, there is an urgent requirement for policymakers to address the failure of law at the European level and its implementation into national law. Organisations must ensure that they conform to the law,” he added.
Under the EU Data Protection Directive which has been enshrined in domestic laws in Europe since 1998, and which is set to be updated in the new Parliament, individuals have a right to be told what data is held on them – such as criminal and health records, consumer loyalty card information and even CCTV images.
As well as the 43 per cent that did not respond adequately to inquiries, a further 56 per cent of sites contacted failed to provide a legally compliant answer to reveal who that information was shared with.
Even when a successful outcome was achieved the process was described as fraught and time-consuming, with researchers greeted with scepticism and suspicion. Responses were delayed or incomplete in some cases.
In seven out 10 cases, the question of whether private details were being passed automatically between company computers was not adequately addressed.
The authors of the study, who made approaches to 184 public and private sector organisations across 10 countries, found that in a fifth of cases it was impossible to locate an individual controller responsible for dealing with an organisation’s data responsibilities.
Researchers made seven requests to Google during which they were confronted with a “number of difficulties”, the study found.
In one instance two letters were returned from the company’s national headquarters with a notice saying the recipient had not taken delivery. When requests could be made to national offices the company refused to process the application arguing that Google’s data controller was based at the company’s headquarters in California. No offer was made to forward the requests.
Once the applications were sent to Google HQ, only one received a response.
Gus Hosein, executive director of Privacy International said: “The results of this international study are shocking, and point to a disappointing failure on the part of those who handle our personal information and those who are supposed to enforce our rights."
He added: “Companies are putting profit ahead of our rights, regulators are asleep, and Parliaments incapable of responding to the expansion of the voracious data industry.”
Google declined to comment on the research which is being presented at a conference in Sheffield this week.
A spokesman for the Information Commissioner’s Office, which is responsible for upholding data rights in the UK, said the Data Protection Act required a response to requests within 40 days.
“Failure to do so is not only a breach of the Act, but will quickly result in the loss of consumer trust and business,” the spokesman added.
Life & Style blogs
This restaurant has misunderstood the concept of 'cheese and biscuits'
What happens to your body when you give up sugar?
Tinder Plus: premium service launches, charging much more for those over 28
My life as a Jew in wartime Berlin: How I outwitted the Gestapo
Drinking three to five cups of a coffee a day could reduce risk of heart attacks, study finds
New theory could prove how life began and disprove God
'Jihadi John': CAGE representative storms off Sky News accusing Kay Burley of Islamophobia
This is what it's like to be dead, according to a guy who died for a bit
Durham Free School: 'Creationism taught at' free school facing closure
Ukip would cut billions from Scottish budget to fund English tax cuts
Nearly 100,000 of Britain's poorest children go hungry after parents' benefits are cut
- 1 Bill Clinton portrait features Monica Lewinsky reference, artist admits
- 2 What happens to your body when you give up sugar?
- 3 Delhi bus rapist blames dead victim for attack because 'girls are responsible for rape'
- 4 Have sex with your iPad thanks to the new sex toy no-one asked for
- 5 Average penis size revealed: Scientists attempt to find what is 'normal' to reassure concerned men
iJobs Gadgets & Tech
£35000 - £45000 per annum: Recruitment Genius: An Infrastructure Architect is ...
£28000 - £30000 per annum: Recruitment Genius: An exciting opportunity has ari...
£18000 - £21000 per annum: Recruitment Genius: This company is a customer focu...
£16000 - £18000 per annum: Recruitment Genius: A Business Development Executiv...