Chapter

Data Protection and Privacy: (In)visibilities and Infrastructures

Volume 36 of the series Law, Governance and Technology Series pp 271-289

Date:

A Study on Corporate Compliance with Transparency Requirements of Data Protection Law

  • Christoph BierAffiliated withFraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB Email author 
  • , Simon KömpfAffiliated withFraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB
  • , Jürgen BeyererAffiliated withFraunhofer Institute of Optronics, System Technologies and Image Exploitation IOSB

* Final gross prices may vary according to local VAT.

Get Access

Abstract

Modern information systems reach a degree of complexity which is inscrutable for citizens. The transparency regulations of data protection law try to counteract this. However, it is unknown how effective these regulations are. To our knowledge, there is no convincing study on the state of corporate compliance with transparency regulations available. We set up a quantitative and qualitative study with a sample of 612 representative companies. We evaluated the transfer of personal data, the compliance with transparency requirements on commercial e-mails, and the compliance with requirements derived from the right of access. In the process, we took advantage of automated analysis with e-mail honeypots but used also individual assessments of information provided by companies. We found out that most companies do not transfer personal data without consent. Requirements on commercial e-mails are fulfilled as well. However, the situation of the right of access is much worse. Most information provided by companies is insufficient.

Keywords

Compliance Transparency Right of access Data protection Privacy