{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,29]],"date-time":"2025-08-29T10:44:49Z","timestamp":1756464289171,"version":"3.41.0"},"reference-count":77,"publisher":"Association for Computing Machinery (ACM)","issue":"CSCW2","license":[{"start":{"date-parts":[[2022,11,7]],"date-time":"2022-11-07T00:00:00Z","timestamp":1667779200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc-sa\/4.0\/"}],"funder":[{"name":"University of Washington Strategic Research Fund"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["Proc. ACM Hum.-Comput. Interact."],"published-print":{"date-parts":[[2022,11,7]]},"abstract":"<jats:p>The right of access, found in the EU's GDPR and similar data protection regulations around the world, requires corporations and other organizations to give people access to the data they hold about them. Such regulations create obligations for data controllers but leave flexibility on how to achieve them, resulting in variation in how Data Subject Access Requests (DSARs) are implemented by different corporations. To understand the various practices emerging around DSARs and how requesting data influences the way people think of data protection laws, we asked participants in India, the UK and USA to make 38 DSARs from 11 different companies. Using the metaphor of the policy-design-practice \"knot\" ~\\citejacksonPolicyKnotReintegrating2014, we examine DSARs as a case of the co-constitutive links between policy, design, and practice. We find that the DSAR process was not linear and participants employed many work-arounds. The challenges they encountered in the overall DSAR process negatively affected their perceptions of data protection policies. Our study suggests that researchers have to be flexible in adapting research methodology to understanding emerging practices, and that there is a need for more collaborative experimentation with DSARs before standardizing the process.<\/jats:p>","DOI":"10.1145\/3555631","type":"journal-article","created":{"date-parts":[[2022,11,11]],"date-time":"2022-11-11T22:59:06Z","timestamp":1668207546000},"page":"1-26","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["Generating Practices: Investigations into the Double Embedding of GDPR and Data Access Policies"],"prefix":"10.1145","volume":"6","author":[{"given":"Justin","family":"Petelka","sequence":"first","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}]},{"given":"Elisa","family":"Oreglia","sequence":"additional","affiliation":[{"name":"King's College London, London, United Kingdom"}]},{"given":"Megan","family":"Finn","sequence":"additional","affiliation":[{"name":"University of Washington, Seattle, WA, USA"}]},{"given":"Janaki","family":"Srinivasan","sequence":"additional","affiliation":[{"name":"International Institute of Information Technology, Bangalore, Bangalore, India"}]}],"member":"320","published-online":{"date-parts":[[2022,11,11]]},"reference":[{"key":"e_1_2_1_1_1","volume-title":"Scaling Up Transparency Research Through Delegated Access Requests. arXiv:2106.06844 [cs] (June","author":"Asghari Hadi","year":"2021","unstructured":"Hadi Asghari , Thomas van Biemen , and Martijn Warnier . 2021. Amplifying Privacy : Scaling Up Transparency Research Through Delegated Access Requests. arXiv:2106.06844 [cs] (June 2021 ). arxiv: 2106.06844 [cs] http:\/\/arxiv.org\/abs\/2106.06844 Hadi Asghari, Thomas van Biemen, and Martijn Warnier. 2021. Amplifying Privacy : Scaling Up Transparency Research Through Delegated Access Requests. arXiv:2106.06844 [cs] (June 2021). arxiv: 2106.06844 [cs] http:\/\/arxiv.org\/abs\/2106.06844"},{"volume-title":"Shattering One-Way Mirrors. Data Subject Access Rights in Practice. SSRN Scholarly Paper ID 3106632. Social Science Research Network","author":"Ausloos Jef","key":"e_1_2_1_2_1","unstructured":"Jef Ausloos and Pierre Dewitte . 2018. Shattering One-Way Mirrors. Data Subject Access Rights in Practice. SSRN Scholarly Paper ID 3106632. Social Science Research Network , Rochester, NY . https:\/\/papers.ssrn.com\/abstract=3106632 Jef Ausloos and Pierre Dewitte. 2018. Shattering One-Way Mirrors. Data Subject Access Rights in Practice. SSRN Scholarly Paper ID 3106632. Social Science Research Network, Rochester, NY. https:\/\/papers.ssrn.com\/abstract=3106632"},{"key":"e_1_2_1_3_1","first-page":"136","article-title":"Researching with Data Rights","volume":"2020","author":"Ausloos Jef","year":"2020","unstructured":"Jef Ausloos and Michael Veale . 2020 . Researching with Data Rights . Technology and Regulation , Vol. 2020 (2020), 136 -- 157 . https:\/\/techreg.org\/index.php\/techreg\/article\/view\/61 Jef Ausloos and Michael Veale. 2020. Researching with Data Rights. Technology and Regulation , Vol. 2020 (2020), 136--157. https:\/\/techreg.org\/index.php\/techreg\/article\/view\/61","journal-title":"Technology and Regulation"},{"volume-title":"Disclosures in Privacy Policies : Does 'Notice and Consent ' Work ? SSRN Scholarly Paper 3328289. Social Science Research Network","author":"Bailey Rishab","key":"e_1_2_1_4_1","unstructured":"Rishab Bailey , Smriti Parsheera , Faiza Rahman , and Renuka Sane . 2018. Disclosures in Privacy Policies : Does 'Notice and Consent ' Work ? SSRN Scholarly Paper 3328289. Social Science Research Network , Rochester, NY . https:\/\/doi.org\/10.2139\/ssrn.3328289 10.2139\/ssrn.3328289 Rishab Bailey, Smriti Parsheera, Faiza Rahman, and Renuka Sane. 2018. Disclosures in Privacy Policies : Does 'Notice and Consent ' Work ? SSRN Scholarly Paper 3328289. Social Science Research Network, Rochester, NY. https:\/\/doi.org\/10.2139\/ssrn.3328289"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1177\/2053951716654502"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/3449228"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.7551\/mitpress\/6352.001.0001"},{"volume-title":"Memory Practices in the Sciences illustrated edition ed.)","author":"Bowker Geoffrey C.","key":"e_1_2_1_8_1","unstructured":"Geoffrey C. Bowker . 2008. Memory Practices in the Sciences illustrated edition ed.) . The MIT Press , Cambridge, Mass . Geoffrey C. Bowker. 2008. Memory Practices in the Sciences illustrated edition ed.). The MIT Press, Cambridge, Mass."},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3501947"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1191\/1478088706qp063oa"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICWS49710.2020.00017"},{"volume-title":"Computer Security textendash ESORICS 2019 (Lecture Notes in Computer Science ), , Kazue Sako, Steve Schneider, and Peter Y","author":"Cagnazzo Matteo","key":"e_1_2_1_12_1","unstructured":"Matteo Cagnazzo , Thorsten Holz , and Norbert Pohlmann . 2019. GDPiRated textendash Stealing Personal Information On- and Offline . In Computer Security textendash ESORICS 2019 (Lecture Notes in Computer Science ), , Kazue Sako, Steve Schneider, and Peter Y . A. Ryan (Eds.). Springer International Publishing , Cham , 367--386. https:\/\/doi.org\/10.1007\/978--3-030--29962-0_18 10.1007\/978--3-030--29962-0_18 Matteo Cagnazzo, Thorsten Holz, and Norbert Pohlmann. 2019. GDPiRated textendash Stealing Personal Information On- and Offline. In Computer Security textendash ESORICS 2019 (Lecture Notes in Computer Science ), , Kazue Sako, Steve Schneider, and Peter Y. A. Ryan (Eds.). Springer International Publishing, Cham, 367--386. https:\/\/doi.org\/10.1007\/978--3-030--29962-0_18"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2818048.2820069"},{"key":"e_1_2_1_14_1","unstructured":"CJEU Judgement. 2015. Maximillian Schrems v Data Protection Commissioner C 362\/14. https:\/\/eur-lex.europa.eu\/legal-content\/en\/TXT\/PDF\/?uri=uriserv%3AOJ.C_.2015.398.01.0005.01.ENG  CJEU Judgement. 2015. Maximillian Schrems v Data Protection Commissioner C 362\/14. https:\/\/eur-lex.europa.eu\/legal-content\/en\/TXT\/PDF\/?uri=uriserv%3AOJ.C_.2015.398.01.0005.01.ENG"},{"key":"e_1_2_1_15_1","unstructured":"CJEU Judgement. 2020. Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems. https:\/\/curia.europa.eu\/juris\/document\/document_print.jsf?docid=228677&text=&dir=&doclang=EN&part=1&occ=first&mode=req&pageIndex=0&cid=10480014  CJEU Judgement. 2020. Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems. https:\/\/curia.europa.eu\/juris\/document\/document_print.jsf?docid=228677&text=&dir=&doclang=EN&part=1&occ=first&mode=req&pageIndex=0&cid=10480014"},{"key":"e_1_2_1_16_1","unstructured":"Commission Nationale de l'Informatique et des Libert\u00e9s. 2022. Cookies: The CNIL Fines Google a Total of 150 Million Euros and Facebook 60 Million Euros for Non-Compliance with French Legislation. https:\/\/www.cnil.fr\/en\/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance  Commission Nationale de l'Informatique et des Libert\u00e9s. 2022. Cookies: The CNIL Fines Google a Total of 150 Million Euros and Facebook 60 Million Euros for Non-Compliance with French Legislation. https:\/\/www.cnil.fr\/en\/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23378"},{"key":"e_1_2_1_18_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2019","author":"Martino Mariano Di","year":"2019","unstructured":"Mariano Di Martino , Pieter Robyns , Winnie Weyts , Peter Quax , Wim Lamotte , and Ken Andries . 2019 . Personal Information Leakage by Abusing the vphantomGDPRvphantom 'Right of Access '. In Fifteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2019 ). 371--385. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/dimartino Mariano Di Martino, Pieter Robyns, Winnie Weyts, Peter Quax, Wim Lamotte, and Ken Andries. 2019. Personal Information Leakage by Abusing the vphantomGDPRvphantom 'Right of Access '. In Fifteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2019). 371--385. https:\/\/www.usenix.org\/conference\/soups2019\/presentation\/dimartino"},{"key":"e_1_2_1_19_1","volume-title":"Dynamics, Tensions, and Design. NSF Grant","author":"Edwards Paul N.","year":"2027","unstructured":"Paul N. Edwards , Steven J Jackson , Geoffrey C Bowker , and Cory P Knobel . 2007. Understanding Infrastructure : Dynamics, Tensions, and Design. NSF Grant . Ann Arbor, MI . https:\/\/deepblue.lib.umich.edu\/handle\/ 2027 .42\/49353 Paul N. Edwards, Steven J Jackson, Geoffrey C Bowker, and Cory P Knobel. 2007. Understanding Infrastructure : Dynamics, Tensions, and Design. NSF Grant. Ann Arbor, MI. https:\/\/deepblue.lib.umich.edu\/handle\/2027.42\/49353"},{"key":"#cr-split#-e_1_2_1_20_1.1","unstructured":"European Commission. 2020. Data Protection as a Pilalr of Citizens' Empowerment and the EU 's Approach to the Digital Transition - Two Years of Application of the General Data Protection Regulation. https:\/\/doi.org\/10.1163\/2210--7975_HRD-4679-0058 10.1163\/2210--7975_HRD-4679-0058"},{"key":"#cr-split#-e_1_2_1_20_1.2","unstructured":"European Commission. 2020. Data Protection as a Pilalr of Citizens' Empowerment and the EU 's Approach to the Digital Transition - Two Years of Application of the General Data Protection Regulation. https:\/\/doi.org\/10.1163\/2210--7975_HRD-4679-0058"},{"key":"e_1_2_1_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445148"},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1145\/2556420.2556821"},{"volume-title":"Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15)","author":"Fiesler Casey","key":"e_1_2_1_23_1","unstructured":"Casey Fiesler , Jessica L. Feuston , and Amy S. Bruckman . 2015. Understanding Copyright Law in Online Creative Communities . In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15) . ACM, New York, NY, USA, 116--129. https:\/\/doi.org\/10.1145\/2675133.2675234 10.1145\/2675133.2675234 Casey Fiesler, Jessica L. Feuston, and Amy S. Bruckman. 2015. Understanding Copyright Law in Online Creative Communities. In Proceedings of the 18th ACM Conference on Computer Supported Cooperative Work & Social Computing (CSCW '15). ACM, New York, NY, USA, 116--129. https:\/\/doi.org\/10.1145\/2675133.2675234"},{"key":"e_1_2_1_24_1","first-page":"1","article-title":"Participant","volume":"4","author":"Fiesler Casey","year":"2018","unstructured":"Casey Fiesler and Nicholas Proferes . 2018 . \u201c Participant \u201d Perceptions of Twitter Research Ethics. Social Media Society , Vol. 4 , 1 (Jan. 2018), 2056305118763366. https:\/\/doi.org\/10.1177\/2056305118763366 10.1177\/2056305118763366 Casey Fiesler and Nicholas Proferes. 2018. \u201cParticipant \u201d Perceptions of Twitter Research Ethics. Social Media Society, Vol. 4, 1 (Jan. 2018), 2056305118763366. https:\/\/doi.org\/10.1177\/2056305118763366","journal-title":"Perceptions of Twitter Research Ethics. Social Media Society"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/MAHC.2018.022921442"},{"volume-title":"The Emergence of Personal Data Protection as a Fundamental Right of the EU","author":"Fuster Gloria Gonz\u00e1lez","key":"e_1_2_1_26_1","unstructured":"Gloria Gonz\u00e1lez Fuster . 2014. The Emergence of Personal Data Protection as a Fundamental Right of the EU . Springer Science & Business . Gloria Gonz\u00e1lez Fuster. 2014. The Emergence of Personal Data Protection as a Fundamental Right of the EU. Springer Science & Business."},{"key":"e_1_2_1_27_1","doi-asserted-by":"crossref","unstructured":"Lisa Gitelman (Ed.). 2013. Raw Data Is an Oxymoron. The MIT Press.  Lisa Gitelman (Ed.). 2013. Raw Data Is an Oxymoron. The MIT Press.","DOI":"10.7551\/mitpress\/9302.001.0001"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445779"},{"volume-title":"Privacy and the Criminal LAw.","author":"Gutwirth Serge","key":"e_1_2_1_29_1","unstructured":"Serge Gutwirth and Paul De Hert . 2006. Privacy , Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power . In Privacy and the Criminal LAw. Vol. 18 . Intersentia . https:\/\/www.portaldeperiodicos.idp.edu.br\/direitopublico\/article\/view\/6200 Serge Gutwirth and Paul De Hert. 2006. Privacy, Data Protection and Law Enforcement. Opacity of the Individual and Transparency of Power. In Privacy and the Criminal LAw. Vol. 18. Intersentia. https:\/\/www.portaldeperiodicos.idp.edu.br\/direitopublico\/article\/view\/6200"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376511"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445387"},{"volume-title":"The Battle to Control the Design of New Technologies","author":"Hartzog Woodrow","key":"e_1_2_1_32_1","unstructured":"Woodrow Hartzog . 2018. Privacy's Blueprint : The Battle to Control the Design of New Technologies . Harvard University Press . Woodrow Hartzog. 2018. Privacy's Blueprint : The Battle to Control the Design of New Technologies. Harvard University Press."},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/2531602.2531674"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/2441776.2441902"},{"key":"e_1_2_1_35_1","volume-title":"Kaminski","author":"Jones Meg Leta","year":"2020","unstructured":"Meg Leta Jones and Margot E . Kaminski . 2020 . An American 's Guide to the GDPR. SSRN Scholarly Paper ID 3620198. Social Science Research Network, Rochester, NY. https:\/\/papers.ssrn.com\/abstract=3620198 Meg Leta Jones and Margot E. Kaminski. 2020. An American 's Guide to the GDPR. SSRN Scholarly Paper ID 3620198. Social Science Research Network, Rochester, NY. https:\/\/papers.ssrn.com\/abstract=3620198"},{"key":"e_1_2_1_36_1","first-page":"1","article-title":"The Social Construction of Technology","volume":"27","author":"Klein Hans K.","year":"2002","unstructured":"Hans K. Klein and Daniel Lee Kleinman . 2002 . The Social Construction of Technology : Structural Considerations. Science, Technology, & Human Values , Vol. 27 , 1 (Jan. 2002), 28--52. https:\/\/doi.org\/10.1177\/016224390202700102 10.1177\/016224390202700102 Hans K. Klein and Daniel Lee Kleinman. 2002. The Social Construction of Technology : Structural Considerations. Science, Technology, & Human Values , Vol. 27, 1 (Jan. 2002), 28--52. https:\/\/doi.org\/10.1177\/016224390202700102","journal-title":"Structural Considerations. Science, Technology, & Human Values"},{"key":"e_1_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3407023.3407057"},{"key":"e_1_2_1_38_1","volume-title":"Caroline G. Curtin, and Ori Lev.","author":"Landesberg Martha K.","year":"1998","unstructured":"Martha K. Landesberg , Toby Milgrom Levin , Caroline G. Curtin, and Ori Lev. 1998 . Privacy Online : A Report to Congress. Technical Report. United States Federal Trade Commission . https:\/\/www.oecd.org\/sti\/ieconomy\/oecd_privacy_framework.pdf Martha K. Landesberg, Toby Milgrom Levin, Caroline G. Curtin, and Ori Lev. 1998. Privacy Online : A Report to Congress. Technical Report. United States Federal Trade Commission. https:\/\/www.oecd.org\/sti\/ieconomy\/oecd_privacy_framework.pdf"},{"key":"e_1_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0004"},{"key":"e_1_2_1_40_1","volume-title":"Big Data & Society","author":"Madden Mary","year":"2017","unstructured":"Mary Madden . 2017. Privacy, Security, and Digital Inequality . Big Data & Society ( 2017 ), 125. Mary Madden. 2017. Privacy, Security, and Digital Inequality. Big Data & Society (2017), 125."},{"key":"e_1_2_1_41_1","first-page":"53","article-title":"Privacy, Poverty, and Big Data : A Matrix of Vulnerabilities for Poor Americans","volume":"95","author":"Madden Mary","year":"2017","unstructured":"Mary Madden , Michele Gilman , Karen Levy , and Alice Marwick . 2017 . Privacy, Poverty, and Big Data : A Matrix of Vulnerabilities for Poor Americans . Washington University Law Review , Vol. 95 , 1 (2017), 53 -- 126 . https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/walq95&i=59 Mary Madden, Michele Gilman, Karen Levy, and Alice Marwick. 2017. Privacy, Poverty, and Big Data : A Matrix of Vulnerabilities for Poor Americans. Washington University Law Review , Vol. 95, 1 (2017), 53--126. https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/walq95&i=59","journal-title":"Washington University Law Review"},{"key":"e_1_2_1_42_1","volume-title":"Technology and Regulation","volume":"2021","author":"Mahieu Ren\u00e9","year":"2021","unstructured":"Ren\u00e9 Mahieu . 2021 . The Right of Access to Personal Data: A Genealogy . Technology and Regulation , Vol. 2021 (Aug. 2021), 62--75. https:\/\/doi.org\/10.26116\/techreg.2021.005 10.26116\/techreg.2021.005 Ren\u00e9 Mahieu. 2021. The Right of Access to Personal Data: A Genealogy. Technology and Regulation , Vol. 2021 (Aug. 2021), 62--75. https:\/\/doi.org\/10.26116\/techreg.2021.005"},{"key":"e_1_2_1_43_1","volume-title":"BILETA Conference","author":"Mahieu Ren\u00e9","year":"2021","unstructured":"Ren\u00e9 Mahieu , Hadi Asghari , Christopher Parsons , Joris van Hoboken , Andrew Hilts , Masashi Crete-Nishihata , and Siena Anstis . 2021 . Measuring the Brussels Effect through Access Requests . In BILETA Conference 2021. https:\/\/hcommons.org\/deposits\/item\/hc:38231\/ Ren\u00e9 Mahieu, Hadi Asghari, Christopher Parsons, Joris van Hoboken, Andrew Hilts, Masashi Crete-Nishihata, and Siena Anstis. 2021. Measuring the Brussels Effect through Access Requests. In BILETA Conference 2021. https:\/\/hcommons.org\/deposits\/item\/hc:38231\/"},{"volume-title":"Societal Effect. SSRN Scholarly Paper ID 3216615. Social Science Research Network","author":"Mahieu Ren\u00e9","key":"e_1_2_1_44_1","unstructured":"Ren\u00e9 Mahieu , Hadi Asghari , and Michel van Eeten . 2018. Collectively Exercising the Right of Access : Individual Effort , Societal Effect. SSRN Scholarly Paper ID 3216615. Social Science Research Network , Rochester, NY . https:\/\/papers.ssrn.com\/abstract=3216615 Ren\u00e9 Mahieu, Hadi Asghari, and Michel van Eeten. 2018. Collectively Exercising the Right of Access : Individual Effort, Societal Effect. SSRN Scholarly Paper ID 3216615. Social Science Research Network, Rochester, NY. https:\/\/papers.ssrn.com\/abstract=3216615"},{"key":"#cr-split#-e_1_2_1_45_1.1","doi-asserted-by":"crossref","unstructured":"Ren\u00e9 Mahieu and Jef Ausloos. 2020. Recognising and Enabling the Collective Dimension of the GDPR and the Right of Access. https:\/\/doi.org\/10.31228\/osf.io\/b5dwm 10.31228\/osf.io","DOI":"10.31228\/osf.io\/b5dwm"},{"key":"#cr-split#-e_1_2_1_45_1.2","doi-asserted-by":"crossref","unstructured":"Ren\u00e9 Mahieu and Jef Ausloos. 2020. Recognising and Enabling the Collective Dimension of the GDPR and the Right of Access. https:\/\/doi.org\/10.31228\/osf.io\/b5dwm","DOI":"10.31228\/osf.io\/b5dwm"},{"key":"e_1_2_1_46_1","volume-title":"Aviv","author":"Mayer Peter","year":"2021","unstructured":"Peter Mayer , Yixin Zou , Florian Schaub , and Adam J . Aviv . 2021 . \"Now I 'm a Bit Angry:\" Individuals ' Awareness, Perception, and Responses to Data Breaches That Affected Them. In 30th vphantomUSENIXvphantom Security Symposium (vphantomUSENIXvphantom Security 21). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/mayer Peter Mayer, Yixin Zou, Florian Schaub, and Adam J. Aviv. 2021. \"Now I 'm a Bit Angry:\" Individuals ' Awareness, Perception, and Responses to Data Breaches That Affected Them. In 30th vphantomUSENIXvphantom Security Symposium (vphantomUSENIXvphantom Security 21). https:\/\/www.usenix.org\/conference\/usenixsecurity21\/presentation\/mayer"},{"key":"e_1_2_1_47_1","first-page":"543","article-title":"The Cost of Reading Privacy Policies","volume":"4","author":"McDonald Aleecia M.","year":"2008","unstructured":"Aleecia M. McDonald and Lorrie Faith Cranor . 2008 . The Cost of Reading Privacy Policies . I\/S: A Journal of Law and Policy for the Information Society , Vol. 4 , 3 (2008), 543 -- 568 . https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/isjlpsoc4&i=563 Aleecia M. McDonald and Lorrie Faith Cranor. 2008. The Cost of Reading Privacy Policies. I\/S: A Journal of Law and Policy for the Information Society, Vol. 4, 3 (2008), 543--568. https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/isjlpsoc4&i=563","journal-title":"I\/S: A Journal of Law and Policy for the Information Society"},{"key":"e_1_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359174"},{"key":"e_1_2_1_49_1","doi-asserted-by":"crossref","unstructured":"Clive Norris Paul de Hert Xavier L'Hoiry and Antonella Galetta (Eds.). 2017. The Unaccountable State of Surveillance : Exercising Access Rights in Europe.  Clive Norris Paul de Hert Xavier L'Hoiry and Antonella Galetta (Eds.). 2017. The Unaccountable State of Surveillance : Exercising Access Rights in Europe.","DOI":"10.1007\/978-3-319-47573-8"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376321"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3463676.3485598"},{"volume-title":"Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10)","author":"Olmsted-Hawala Erica L.","key":"e_1_2_1_52_1","unstructured":"Erica L. Olmsted-Hawala , Elizabeth D. Murphy , Sam Hawala , and Kathleen T. Ashenfelter . 2010. Think-Aloud Protocols: A Comparison of Three Think-Aloud Protocols for Use in Testing Data-Dissemination Web Sites for Usability . In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10) . ACM, NY, NY, USA, 2381--2390. https:\/\/doi.org\/10.1145\/1753326.1753685 10.1145\/1753326.1753685 Erica L. Olmsted-Hawala, Elizabeth D. Murphy, Sam Hawala, and Kathleen T. Ashenfelter. 2010. Think-Aloud Protocols: A Comparison of Three Think-Aloud Protocols for Use in Testing Data-Dissemination Web Sites for Usability. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '10). ACM, NY, NY, USA, 2381--2390. https:\/\/doi.org\/10.1145\/1753326.1753685"},{"key":"e_1_2_1_53_1","unstructured":"OpenSCHUFA. 2019. OpenSCHUFA: The campaign is over the problems remain. https:\/\/openschufa.de\/english\/  OpenSCHUFA. 2019. OpenSCHUFA: The campaign is over the problems remain. https:\/\/openschufa.de\/english\/"},{"volume-title":"Just Code : Power, Inequality, and the Political Economy of IT","author":"Petelka Justin","key":"e_1_2_1_55_1","unstructured":"Justin Petelka , Megan Finn , Janaki Srinivasan , and Elisa Oreglia . Forthcoming. \" A Mirror , Not a Glass Door \": Legal Code and Software Code in Practice . In Just Code : Power, Inequality, and the Political Economy of IT . Johns Hopkins Press . Justin Petelka, Megan Finn, Janaki Srinivasan, and Elisa Oreglia. Forthcoming. \"A Mirror, Not a Glass Door \": Legal Code and Software Code in Practice. In Just Code : Power, Inequality, and the Political Economy of IT. Johns Hopkins Press."},{"key":"e_1_2_1_56_1","first-page":"17","article-title":"The Social Construction of Facts and Artifacts","volume":"14","author":"Pinch Trevor","year":"1987","unstructured":"Trevor Pinch and Wiebe E. Bijker . 1987 . The Social Construction of Facts and Artifacts : Or How the Sociology of Science and the Sociology of Technology Might Benefit Each Other. In Social Construction of Technological Systems. New Direction in the Sociology of Technology. Vol. 14. 17 -- 50 . Trevor Pinch and Wiebe E. Bijker. 1987. The Social Construction of Facts and Artifacts : Or How the Sociology of Science and the Sociology of Technology Might Benefit Each Other. In Social Construction of Technological Systems. New Direction in the Sociology of Technology. Vol. 14. 17--50.","journal-title":"In Social Construction of Technological Systems. New Direction in the Sociology of Technology."},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2441776.2441949"},{"key":"e_1_2_1_58_1","volume-title":"Data Trusts in Germany and under the GDPR. Algorithm Watch","author":"Ruhaak Anouk","year":"2020","unstructured":"Anouk Ruhaak . 2020. Data Trusts in Germany and under the GDPR. Algorithm Watch ( 2020 ), 19. Anouk Ruhaak. 2020. Data Trusts in Germany and under the GDPR. Algorithm Watch (2020), 19."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/3321705.3329806"},{"key":"e_1_2_1_60_1","volume-title":"\u201cMoment","author":"Sandvik Kristin Bergtora","year":"2019","unstructured":"Kristin Bergtora Sandvik . 2019. Is Legal Technology a New \u201cMoment \u201d in the Law and Development Trajectory ? https:\/\/antipodeonline.org\/ 2019 \/12\/04\/legal-technology-law-and-development\/ Kristin Bergtora Sandvik. 2019. Is Legal Technology a New \u201cMoment \u201d in the Law and Development Trajectory ? https:\/\/antipodeonline.org\/2019\/12\/04\/legal-technology-law-and-development\/"},{"key":"e_1_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2017.75"},{"key":"e_1_2_1_62_1","volume-title":"Eleventh Symposium On Usable Privacy and Security (SOUPS 2015","author":"Schaub Florian","year":"2015","unstructured":"Florian Schaub , Rebecca Balebako , Adam L. Durity , and Lorrie Faith Cranor . 2015 . A Design Space for Effective Privacy Notices . In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015 ). 1--17. https:\/\/www.usenix.org\/conference\/soups2015\/proceedings\/presentation\/schaub Florian Schaub, Rebecca Balebako, Adam L. Durity, and Lorrie Faith Cranor. 2015. A Design Space for Effective Privacy Notices. In Eleventh Symposium On Usable Privacy and Security (SOUPS 2015). 1--17. https:\/\/www.usenix.org\/conference\/soups2015\/proceedings\/presentation\/schaub"},{"key":"e_1_2_1_63_1","first-page":"771","article-title":"Global Data Privacy : The EU Way","volume":"94","author":"Schwartz Paul M.","year":"2019","unstructured":"Paul M. Schwartz . 2019 . Global Data Privacy : The EU Way . NY University Law Review , Vol. 94 , 4 (2019), 771 -- 818 . https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/nylr94&i=789 Paul M. Schwartz. 2019. Global Data Privacy : The EU Way. NY University Law Review , Vol. 94, 4 (2019), 771--818. https:\/\/heinonline.org\/HOL\/P?h=hein.journals\/nylr94&i=789","journal-title":"NY University Law Review"},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2914614"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/3290605.3300314"},{"key":"e_1_2_1_67_1","first-page":"0","article-title":"The Poverty of Privacy : Understanding Privacy Trade-Offs From Identity Infrastructure Users in India","volume":"12","author":"Srinivasan Janaki","year":"2018","unstructured":"Janaki Srinivasan , Savita Bailur , Emrys Schoemaker , and Sarita Seshagiri . 2018 . The Poverty of Privacy : Understanding Privacy Trade-Offs From Identity Infrastructure Users in India . International Journal of Communication , Vol. 12 , 0 (March 2018), 20. https:\/\/ijoc.org\/index.php\/ijoc\/article\/view\/7046 Janaki Srinivasan, Savita Bailur, Emrys Schoemaker, and Sarita Seshagiri. 2018. The Poverty of Privacy : Understanding Privacy Trade-Offs From Identity Infrastructure Users in India. International Journal of Communication , Vol. 12, 0 (March 2018), 20. https:\/\/ijoc.org\/index.php\/ijoc\/article\/view\/7046","journal-title":"International Journal of Communication"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1287\/isre.7.1.111"},{"key":"#cr-split#-e_1_2_1_69_1.1","doi-asserted-by":"crossref","unstructured":"Tobias Urban Dennis Tatang Martin Degeling Thorsten Holz and Norbert Pohlmann. 2019. A Study on Subject Data Access in Online Advertising After the GDPR. In Data Privacy Management Cryptocurrencies and Blockchain Technology (Lecture Notes in Computer Science ) Cristina P\u00e9rez-Sol\u00e0 Guillermo Navarro-Arribas Alex Biryukov and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing Cham 61--79. https:\/\/doi.org\/10.1007\/978--3-030--31500--9_5 10.1007\/978--3-030--31500--9_5","DOI":"10.1007\/978-3-030-31500-9_5"},{"key":"#cr-split#-e_1_2_1_69_1.2","doi-asserted-by":"crossref","unstructured":"Tobias Urban Dennis Tatang Martin Degeling Thorsten Holz and Norbert Pohlmann. 2019. A Study on Subject Data Access in Online Advertising After the GDPR. In Data Privacy Management Cryptocurrencies and Blockchain Technology (Lecture Notes in Computer Science ) Cristina P\u00e9rez-Sol\u00e0 Guillermo Navarro-Arribas Alex Biryukov and Joaquin Garcia-Alfaro (Eds.). Springer International Publishing Cham 61--79. https:\/\/doi.org\/10.1007\/978--3-030--31500--9_5","DOI":"10.1007\/978-3-030-31500-9_5"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1145\/3320269.3372194"},{"key":"e_1_2_1_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354212"},{"key":"e_1_2_1_72_1","volume-title":"Seventeenth Symposium on Usable Privacy and Security (vphantomSOUPS vphantom 2021","author":"Veys Sophie","year":"2021","unstructured":"Sophie Veys , Daniel Serrano , Madison Stamos , Margot Herman , Nathan Reitinger , Michelle L. Mazurek , and Blase Ur . 2021 . Pursuing Usable and Useful Data Downloads Under GDPR \/CCPA Access Rights via Co-Design . In Seventeenth Symposium on Usable Privacy and Security (vphantomSOUPS vphantom 2021 ). 217--242. https:\/\/www.usenix.org\/conference\/soups2021\/presentation\/veys Sophie Veys, Daniel Serrano, Madison Stamos, Margot Herman, Nathan Reitinger, Michelle L. Mazurek, and Blase Ur. 2021. Pursuing Usable and Useful Data Downloads Under GDPR \/CCPA Access Rights via Co-Design. In Seventeenth Symposium on Usable Privacy and Security (vphantomSOUPS vphantom 2021). 217--242. https:\/\/www.usenix.org\/conference\/soups2021\/presentation\/veys"},{"volume-title":"The Inside Story of Privacy, Data, and Corporate Power","author":"Waldman Ari Ezra","key":"e_1_2_1_73_1","unstructured":"Ari Ezra Waldman . 2021. Industry Unbound : The Inside Story of Privacy, Data, and Corporate Power . Cambridge University Press , Cambridge, United Kingdom ; NY, NY. Ari Ezra Waldman. 2021. Industry Unbound : The Inside Story of Privacy, Data, and Corporate Power. Cambridge University Press, Cambridge, United Kingdom ; NY, NY."},{"key":"e_1_2_1_74_1","volume-title":"29th USENIX Security Symposium (USENIX Security 20)","author":"Wei Miranda","year":"2020","unstructured":"Miranda Wei , Madison Stamos , Sophie Veys , Nathan Reitinger , Justin Goodman , Margot Herman , Dorota Filipczuk , Ben Weinshel , Michelle L. Mazurek , and Blase Ur . 2020 . What Twitter Knows : Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users ' Own Twitter Data . In 29th USENIX Security Symposium (USENIX Security 20) . 145--162. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/wei Miranda Wei, Madison Stamos, Sophie Veys, Nathan Reitinger, Justin Goodman, Margot Herman, Dorota Filipczuk, Ben Weinshel, Michelle L. Mazurek, and Blase Ur. 2020. What Twitter Knows : Characterizing Ad Targeting Practices, User Perceptions, and Ad Explanations Through Users ' Own Twitter Data. In 29th USENIX Security Symposium (USENIX Security 20). 145--162. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/wei"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipz008"},{"key":"e_1_2_1_76_1","volume-title":"Fourteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2018","author":"Zou Yixin","year":"2018","unstructured":"Yixin Zou , Abraham H. Mhaidli , Austin McCall , and Florian Schaub . 2018 . \" I 've Got Nothing to Lose \": Consumers ' Risk Perceptions and Protective Actions after the Equifax Data Breach . In Fourteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2018 ). 197--216. https:\/\/www.usenix.org\/conference\/soups2018\/presentation\/zou Yixin Zou, Abraham H. Mhaidli, Austin McCall, and Florian Schaub. 2018. \"I 've Got Nothing to Lose \": Consumers ' Risk Perceptions and Protective Actions after the Equifax Data Breach. In Fourteenth Symposium on Usable Privacy and Security (vphantomSOUPSvphantom 2018). 197--216. https:\/\/www.usenix.org\/conference\/soups2018\/presentation\/zou"}],"container-title":["Proceedings of the ACM on Human-Computer Interaction"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3555631","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3555631","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T17:49:18Z","timestamp":1750182558000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3555631"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,7]]},"references-count":77,"journal-issue":{"issue":"CSCW2","published-print":{"date-parts":[[2022,11,7]]}},"alternative-id":["10.1145\/3555631"],"URL":"https:\/\/doi.org\/10.1145\/3555631","relation":{},"ISSN":["2573-0142"],"issn-type":[{"type":"electronic","value":"2573-0142"}],"subject":[],"published":{"date-parts":[[2022,11,7]]},"assertion":[{"value":"2022-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}