Keep up with the news by installing RT’s extension for . Never miss a story with this clean and simple app that delivers the latest headlines to you.


‘You are unauthorized’: Nearly 50% of EU organizations deny access to personal data

Published time: June 24, 2014 09:58
Edited time: June 24, 2014 10:45
Justin Sullivan / Getty Images / AFP

Justin Sullivan / Getty Images / AFP

Four out of ten organizations obstruct citizens from accessing their own personal data, says a recent study. Companies like Google, Facebook and Twitter also fail to fulfill their duty to be transparent.

The international study, conducted by experts from the University of Sheffield, has inspected at least 327 organizations across Europe, including the UK, Norway and Germany.

“Our online behavior is monitored, analyzed, stored and used. The challenge for all of us is that our information is often kept from us, despite the law and despite our best efforts to access it,” says Professor Clive Norris, a specialist in the sociology of surveillance, who led the study.

According to the report, the research found that in almost 20 percent of cases, “it was simply not possible to locate a data controller.” The report added that in the places where the controllers could be located, the quality of information varied enormously.

Reuters / Kim Kyung-Hoon

In the best cases, information was thorough and followed legislative guidelines closely and in the worst cases, the data was “very basic, often failing to explain how to make an access request or indeed what an access request actually is.”

The most reliable and efficient way of locating data controllers turned out to be online as it gave relevant contact details in nearly two thirds of cases (63 percent). The information was achieved in less than five minutes over half of the time (61 percent).

image from

Other methods, apart from online searching, were unsuccessful in most cases.

“In the majority of cases, when contacting organizations by telephone, members of staff lacked knowledge concerning subject access requests,” says the research, “As a result, answers were often incorrect, confusing and contradictory.”

When it was possible to locate the data controller, the process of submitting an access request was often problematic. Data controllers were “employing a range of discourses of denial which restrict or completely deny data subjects the ability to exercise their informational rights,” says the paper.

image from

The study also investigated how international corporations responded to providing personal data, saying that Google and Facebook “are particularly restrictive in allowing citizens to exercise their rights.”

“In over 50 percent of cases, they [Facebook and Google] failed to disclose personal data or provide a valid reason for not doing so, and they were similarly reluctant to disclose information regarding third party data sharing practices…,” says the study.

It goes on to describe one case when the researches sent two letters to Google’s HQ, but the letters were returned with a notice that “the recipient had not taken delivery.”

image from

The national offices refused to process the requests saying that Google’s US HQ was the data controller. But when requests were sent to Google’s American head office, all but one case resulted in silence.

Facebook also didn’t hurry to reveal personal data to its users.

“Five out of eight requests obtained no reply while the remaining three were simply referred to Facebook’s self-download online tool,” says the study.

Meanwhile, Nearly 1 in 5 sites (18 percent of cases) of CCTV cameras didn’t display any kind of signal. Seven out of ten requests for CCTV footage were met “by restrictive practices from data controllers or their representative,” says the research.

image from

“Staff approached in person lacked expertise and frequently reacted to queries with suspicion and skepticism, questioning why one would wish to access their personal data,” it adds.

Overall, there were few satisfactory responses concerning all aspects of the sent requests.

image from

In 56 percent of all cases, no adequate response was received, while in over 71 percent, automated decision making processes were either not addressed or not addressed in a legally compliant manner, says the document.

The report found that the spirit of the European Data Protection Directive has frequently been undermined.

“Most concerning of all is that many of the findings detailed above, such as the high occurrences of absence of CCTV footage, demonstrate practices which are in contravention of both the spirit and, more tangibly, the letter of European and national legislation,” says the research.

image from

According to Norris, companies must ensure that they conform to the law and to make it clear “who is responsible for dealing with requests from citizens.”

“Organizations need to train their staff so they are aware of their responsibilities under law; and they need to implement clear and unambiguous procedures to facilitate citizens making access requests. Finally, national data protection authorities must have the legal means and organizational resources to both encourage and police compliance,” he added.

image from

Comments (6)


Yohan 24.06.2014 15:22

John Smith 24.06.2014 10:08

Just stop using Companies like Google, Facebook and Twitter, there are many non US alternatives.


Ag reed. I still have about 8 gmail accounts, but that's because I don't know who has them... I just forward them to my private email account in EU. I use runbox and hushmail for emails. Only use FB to log in to contests at certain times. It doesn't cost much for private email... maybe about the cost of going out to eat once and you get a year of service with no snooping and adverts. I use a vpn also and every ad blocker on Aviator, opera and firefox...


Dana Rider 24.06.2014 14:53

Try requesting a copy of your data from facebook, I have never seen the link provided by facebook work in my life.


Lau2 24.06.2014 12:46

Andy Calson, hope i got the name right, sorry if not, as been charged in the UK with phone tapping, Yes guilty, its against the law to spy on people in the UK, as he was taken to court and found guilty, why is it that the UK goverbment cannot be taken to court over spying on people in exacly the same way, its one law for the people of the UK, and another law for the UK government!!, Its Unexcceptable.

View all comments (6)
Add comment

Authorization required for adding comments

Register or



Show password


or Register

Request a new password


or Register

To complete a registration check
your Email:


or Register

A password has been sent to your email address

Edit profile



New password

Retype new password

Current password



Follow us

Follow us