EU firms ignore more than 40% of customer data requests

EU companies are ignoring more than four out of ten data requests from their customers, it is claimed

European businesses are ignoring laws that require them to let customers see their data.

More than 40 per cent of firms tested by researchers made the process of obtaining citizen data "complex, confusing and unsuccessful". A University of Sheffield team made 184 data requests to companies across 10 European countries, with 43 per cent resulting in non-disclosure.

Advertisement - Article continues below

In more than half of cases, no response was received concerning how the companies shared customer data with third parties.

"We part with our personal data on a daily basis, creating vast and invisible reservoirs of actionable personal information," said study leader Professor Clive Norris. "We do this actively and passively, and our experience of the world is reshaped in ways that we don't appreciate.

"We are selectively marketed to, our locations are tracked by CCTV and automated licence plate recognition systems and our online behaviour is monitored, analysed, stored and used.

"The challenge for all of us is that our information is often kept from us, despite the law and despite our best efforts to access it," he added.

The university study forms part of a project funded by the EU looking into citizen interactions with surveillance in health, transport, employment, finance, leisure security and criminal justice.

Advertisement - Article continues below

In 71 per cent of cases, the requests for information sent by the researchers were not addressed in a legally compliant manner, while in only 34 per cent cases an acknowledgement letter was received. Even when a company did reply to the requests, the team said the process was often time-consuming and complex.

Advertisement - Article continues below

Public sector bodies performed far better than their commercial counterparts, while loyalty card scheme operators disclosed their data 86 per cent of the time. Only 30 per cent of banks disclosed information about third-party access.

The team actually found it impossible to locate a specific officer or department for data requests in 20 per cent of cases. Requests for CCTV footage were particularly problematic; seven out of ten of data requests regarding it were blocked or held up.

"In our view, there is an urgent requirement for policymakers to address the failure of law at the European level and its implementation into national law," said Norris.

"They need to train their staff so they are aware of their responsibilities under law; and they need to implement clear and unambiguous procedures to facilitate citizens making access requests."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now


General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020
data protection

Supreme Court rules Morrisons was not liable for 2014 data breach

1 Apr 2020

Most Popular


How to find RAM speed, size and type

24 Jun 2020

The road to recovery

30 Jun 2020

The growing case for IT flexibility

30 Jun 2020