Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services

Daniela Pöhn; Nils Gruschka

doi:10.5220/0013093000003899

Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services

Daniela Pöhn, Nils Gruschka

2025

Abstract

The European General Data Protection Regulation (GDPR) grants European users the right to access their data processed and stored by organizations. Although the GDPR contains requirements for data processing organizations (e. g., understandable data provided within a month), it leaves much flexibility. In-depth research on how online services handle data subject access request is sparse. Specifically, it is unclear whether online services comply with the individual GDPR requirements, if the privacy policies and the data subject access responses are coherent, and how the responses change over time. To answer these questions, we perform a qualitative structured review of the processes and data exports of significant online services to (1) analyze the data received in 2023 in detail, (2) compare the data exports with the privacy policies, and (3) compare the data exports from November 2018 and November 2023. The study concludes that the quality of data subject access responses varies among the analyzed services, and none fulfills all requirements completely.

Download

Paper Citation

in Harvard Style

Pöhn D. and Gruschka N. (2025). Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 149-156. DOI: 10.5220/0013093000003899

in Bibtex Style

@conference{icissp25,
author={Daniela Pöhn and Nils Gruschka},
title={Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP},
year={2025},
pages={149-156},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013093000003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP
TI - Qualitative In-Depth Analysis of GDPR Data Subject Access Requests and Responses from Major Online Services
SN - 978-989-758-735-1
AU - Pöhn D.
AU - Gruschka N.
PY - 2025
SP - 149
EP - 156
DO - 10.5220/0013093000003899
PB - SciTePress