Collectively exercising the right of access: individual effort, societal effect

Hadi Asghari, René Mahieu, Michel van Eeten

Research output: Contribution to journalArticleScientificpeer-review

10 Citations (Scopus)
150 Downloads (Pure)


The debate about how to govern personal data has intensified in recent years. The European Union’s General Data Protection Regulation, which came into effect in May 2018, relies on transparency mechanisms codified through obligations for organisations and citizen rights. While some of these rights have existed for decades, their effectiveness is rarely tested in practice. This paper reports on the exercise of the so-called right of access, which gives citizens the right to get access to their personal data. We study this by working with articipants—citizens for whom the law is written—who collectively sent over a hundred data access requests and shared the responses with us. We analyse the replies to the access requests, as well as the participant's evaluation of them. We find that non-compliance with the law's obligations is widespread. Participants were critical of many responses, though they also reported a large variation in quality. They did not find them effective for getting transparency into the processing of their own personal data. We did find a way forward emerging from their responses, namely by looking at the requests as a collective endeavour, rather than an individual one. Comparing the responses to similar access requests creates a context to judge the quality of a reply and the lawfulness of the data practices it reveals. Moreover, collective use of the right of access can help shift the power imbalance between individual citizens and organisations in favour of the citizen, which may incentivise organisations to deal with data in a more transparent way.
Original languageEnglish
Number of pages23
JournalInternet Policy Review
Issue number3
Publication statusPublished - 2018


  • Access rights
  • Privacy measurement
  • General Data Protection Regulation
  • Data governance


Dive into the research topics of 'Collectively exercising the right of access: individual effort, societal effect'. Together they form a unique fingerprint.

Cite this