No excuse for 40% that obstruct data access

Four in 10 organisations fall short of legal requirements when responding to consumers about the data held on them, new research has found. In the data climate emerging in Europe, the future penalties could be severe.

Michael Barnett

The study, led by Sheffield University, investigated 327 organisations in the public and private sectors in 10 European countries, finding widespread “malpractice and obfuscation”. In a fifth of cases it was not possible to identify a data controller at the organisations, and when one was found researchers claim that they were often met with replies that “restrict or completely deny data subjects the ability to exercise their informational right”.

In nearly half of all cases (43 per cent) personal data was not disclosed or no “legitimate” reason was given to withhold it, according to the report. More than half of the organisations (56 per cent) gave no adequate response about what third-party data sharing took place.

Those who are familiar with recent debates and court decisions around commercial use of personal data – both in Europe and the UK – will know that this kind of practice won’t go unpunished for much longer. There is an undoubted legal movement towards greater restrictions on data use and greater rights to access for members of the public.

In June, a UK county court ordered John Lewis to pay damages for sending marketing emails to a Sky News journalist, rejecting the retailer’s argument that a failure to opt out was the same as giving consent. There was also the much-publicised European Court of Justice ruling against Google in May, which means the search engine must comply with requests to remove search results containing old or inaccurate personal information.

And as a background to all this, the EU’s general data protection regulation is in its final stages of refinement. Among other things, it is likely to require companies to have a data protection officer and to release information held about a particular person back to them in usable formats. In short, the winds of change are blowing, and the 40 per cent of organisations travelling in the opposite direction will not get very far by resisting.

Businesses will feel aggrieved at the administrative burden of hiring new data controllers and complying with more access requests, but at this point it’s looking unavoidable.

Latest from Marketing Week


Access Marketing Week’s wealth of insight, analysis and opinion that will help you do your job better.

Register and receive the best content from the only UK title 100% dedicated to serving marketers' needs.

We’ll ask you just a few questions about what you do and where you work. The more we know about our visitors, the better and more relevant content we can provide for them. And, yes, knowing our audience better helps us find commercial partners too. Don't worry, we won't share your information with other parties, unless you give us permission to do so.

Register now


Our award winning editorial team (PPA Digital Brand of the Year) ask the big questions about the biggest issues on everything from strategy through to execution to help you navigate the fast moving modern marketing landscape.


From the opportunities and challenges of emerging technology to the need for greater effectiveness, from the challenge of measurement to building a marketing team fit for the future, we are your guide.


Information, inspiration and advice from the marketing world and beyond that will help you develop as a marketer and as a leader.

Having problems?

Contact us on +44 (0)20 7292 3703 or email

If you are looking for our Jobs site, please click here