No excuse for 40% that obstruct data access

Four in 10 organisations fall short of legal requirements when responding to consumers about the data held on them, new research has found. In the data climate emerging in Europe, the future penalties could be severe.

Michael Barnett

The study, led by Sheffield University, investigated 327 organisations in the public and private sectors in 10 European countries, finding widespread “malpractice and obfuscation”. In a fifth of cases it was not possible to identify a data controller at the organisations, and when one was found researchers claim that they were often met with replies that “restrict or completely deny data subjects the ability to exercise their informational right”.

In nearly half of all cases (43 per cent) personal data was not disclosed or no “legitimate” reason was given to withhold it, according to the report. More than half of the organisations (56 per cent) gave no adequate response about what third-party data sharing took place.

Those who are familiar with recent debates and court decisions around commercial use of personal data – both in Europe and the UK – will know that this kind of practice won’t go unpunished for much longer. There is an undoubted legal movement towards greater restrictions on data use and greater rights to access for members of the public.

In June, a UK county court ordered John Lewis to pay damages for sending marketing emails to a Sky News journalist, rejecting the retailer’s argument that a failure to opt out was the same as giving consent. There was also the much-publicised European Court of Justice ruling against Google in May, which means the search engine must comply with requests to remove search results containing old or inaccurate personal information.

And as a background to all this, the EU’s general data protection regulation is in its final stages of refinement. Among other things, it is likely to require companies to have a data protection officer and to release information held about a particular person back to them in usable formats. In short, the winds of change are blowing, and the 40 per cent of organisations travelling in the opposite direction will not get very far by resisting.

Businesses will feel aggrieved at the administrative burden of hiring new data controllers and complying with more access requests, but at this point it’s looking unavoidable.

Recommended

Knowledge Bank

Comments

    Leave a comment

    Close

    Discover even more as a subscriber

    This article is available for subscribers only.

    Sign up now for your access-all-areas pass.

    If you're an existing paid print subscriber find out how to get access here.

    Subscribers enjoy unlimited access to unrivalled coverage of the biggest issues in marketing, alongside practical advice from the digital experts at Econsultancy.

    With a subscription to Marketing Week Premium you will get full access to:

    > World-renowned columnists

    > Analysis & case studies

    > Exclusive leading-edge insight

    > Carefully curated reports & briefings from Econsultancy

    > Plus, much more including a £300 discount for the Festival of Marketing

    Subscribe now

    Got a question?

    Contact us on +44 (0)20 7292 3703 or email customerservices@marketingweek.com

    If you are looking for our Jobs site, please click here

    Subscribers enjoy unlimited access to unrivalled coverage of the biggest issues in marketing, alongside practical advice from the digital experts at Econsultancy.

    With a subscription to Marketing Week Premium you will get full access to:

    > World-renowned columnists

    > Analysis & case studies

    > Exclusive leading-edge insight

    > Carefully curated reports & briefings from Econsultancy

    > Plus, much more including a £300 discount for the Festival of Marketing

    Subscribe now