Reclaiming Data: Overcoming App Identification Barriers for Exercising Data Protection Rights
Proceedings of the 4th Workshop on Legal and Technical Issues in Cloud and Pervasive Computing (IoT) [CLaw-18], UbiComp/ISWC’18 Adjunct
6 Pages Posted: 11 Oct 2018 Last revised: 6 Jun 2019
Date Written: August 20, 2018
Data protection regulations generally afford individuals certain rights over their personal data, including the rights to access, rectify, and delete the data held on them. Exercising such rights naturally requires those with data management obligations (service providers) to be able to match an individual with their data. However, many mobile apps collect personal data, without requiring user registration or collecting details of a user’s identity (email address, names, phone number, and so forth). As a result, a user’s ability to exercise their rights will be hindered without means for an individual to link themselves with this ‘nameless’ data. Current approaches often involve those seeking to exercise their legal rights having to give the app’s provider more personal information, or even to register for a service; both of which seem contrary to the spirit of data protection law. This paper explores these concerns, and indicates simple means for facilitating data subject rights through both application and mobile platform (OS) design.
Keywords: Identity Management, Data Protection, Privacy, GDPR, Subject Access Rights, Mobile Applications
Suggested Citation: Suggested Citation