View article

Today, more personal data than ever before Is being collected and stored by companies of all types for a wide variety of purposes. The General Data Protection Regulation (GDPR) aims to strengthen the rights of consumers by providing them with tools for controlling data collection and processing. While companies are now subject to legal obligations, precedent cases are still missing. At the same time. It remains unclear how the right to access data can be concretely implemented in practical and technical terms. Our study intends to address this problem by investigating the case ofloyalty card providers-an established branch that collects the purchase data of users in exchange for discounts. For our study, we asked 13 households to request their personal data from their respective loyalty program providers. Based on interviews, we investigate the expectations of these users of the GDPR and the right to access data …