Data subject rights as a research methodology: A systematic literature review

•Data subject rights are an increasingly popular methodological tool for collecting research data.•We gathered and analysed 32 studies that used data subject rights for data collection.•Of the various data subject rights, we find that most researchers use the right of access.•We find that most resea...

Full description

Saved in:
Bibliographic Details
Published inJournal of responsible technology Vol. 16; p. 100070
Main Authors Habu, Adamu Adamu, Henderson, Tristan
Format Journal Article
LanguageEnglish
Published Elsevier Ltd 01.12.2023
Elsevier
Subjects
Data protection
Data subject rights
Research methodology
Systematic literature review
Data subject rights
Data protection
Research methodology
Systematic literature review
Online AccessGet full text
ISSN2666-6596
2666-6596
DOI10.1016/j.jrt.2023.100070

Cover

Abstract •Data subject rights are an increasingly popular methodological tool for collecting research data.•We gathered and analysed 32 studies that used data subject rights for data collection.•Of the various data subject rights, we find that most researchers use the right of access.•We find that most research studies using data subject rights aim at measuring legal compliance.•We outline some challenges and possible solutions for using data subject rights that can help researchers and system designers. Data subject rights provide data controllers with obligations that can help with transparency, giving data subjects some control over their personal data. To date, a growing number of researchers have used these data subject rights as a methodology for data collection in research studies. No one, however, has gathered and analysed different academic research studies that use data subject rights as a methodology for data collection. To this end, we conducted a systematic literature review that searched, compiled, and analysed 32 academic studies that use data subject rights as a data collection method. We find that the right of access is the most commonly-used data subject right by researchers, most studies are interested in measuring data subject rights compliance, and that a variety of difficulties exist in conducting research studies with data subject rights. We conclude that researchers should explore other data subject rights for alternative purposes, ease the process of exercising data subject rights, and improve the scalability of these studies.
AbstractList Data subject rights provide data controllers with obligations that can help with transparency, giving data subjects some control over their personal data. To date, a growing number of researchers have used these data subject rights as a methodology for data collection in research studies. No one, however, has gathered and analysed different academic research studies that use data subject rights as a methodology for data collection. To this end, we conducted a systematic literature review that searched, compiled, and analysed 32 academic studies that use data subject rights as a data collection method. We find that the right of access is the most commonly-used data subject right by researchers, most studies are interested in measuring data subject rights compliance, and that a variety of difficulties exist in conducting research studies with data subject rights. We conclude that researchers should explore other data subject rights for alternative purposes, ease the process of exercising data subject rights, and improve the scalability of these studies.
•Data subject rights are an increasingly popular methodological tool for collecting research data.•We gathered and analysed 32 studies that used data subject rights for data collection.•Of the various data subject rights, we find that most researchers use the right of access.•We find that most research studies using data subject rights aim at measuring legal compliance.•We outline some challenges and possible solutions for using data subject rights that can help researchers and system designers. Data subject rights provide data controllers with obligations that can help with transparency, giving data subjects some control over their personal data. To date, a growing number of researchers have used these data subject rights as a methodology for data collection in research studies. No one, however, has gathered and analysed different academic research studies that use data subject rights as a methodology for data collection. To this end, we conducted a systematic literature review that searched, compiled, and analysed 32 academic studies that use data subject rights as a data collection method. We find that the right of access is the most commonly-used data subject right by researchers, most studies are interested in measuring data subject rights compliance, and that a variety of difficulties exist in conducting research studies with data subject rights. We conclude that researchers should explore other data subject rights for alternative purposes, ease the process of exercising data subject rights, and improve the scalability of these studies.
ArticleNumber 100070
Author Habu, Adamu Adamu
Henderson, Tristan
Author_xml – sequence: 1
  givenname: Adamu Adamu
  orcidid: 0000-0003-0197-7676
  surname: Habu
  fullname: Habu, Adamu Adamu
  email: aah5@st-andrews.ac.uk
– sequence: 2
  givenname: Tristan
  orcidid: 0000-0002-5028-9047
  surname: Henderson
  fullname: Henderson, Tristan
BookMark eNp9kd9KwzAUxoNMcM49gHd9gc6kTdNVr8b8N5h4o9fhND3ZUrpGkqjs7c2sgngxCJyccL6PL79zTka97ZGQS0ZnjDJx1c5aF2YZzfLYU1rSEzLOhBCpKCox-nM_I1Pv2ziSzRnL83xMnm4hQOLf6xZVSJzZbINPIJ7EoUdwapvsMGxtYzu72V8ni8TvfcAdBKOSzgR0EN4dxukPg58X5FRD53H6Uyfk9f7uZfmYrp8fVsvFOlV5xmgKYl4glozXKmcwFxXXFFEwhrVm2HCEQjS8rEqklRZQVxqgzotCKcoarrN8QlaDb2OhlW_O7MDtpQUjvx-s20hwMWGHsqoKrgEzxKzmlCtArVjdIOWgVcN49CoHL-Ws9w61VCbE79k-ODCdZFQeIMtWRsjyAFkOkKOS_VP-JjmmuRk0GPFEZE56ZbBX2BgXNxDzmyPqL5TjmC4
CitedBy_id crossref_primary_10_3389_feduc_2024_1497376
crossref_primary_10_51867_ajernet_5_4_114
Cites_doi 10.1177/1461444820934033
10.1007/978-3-319-47573-8
10.1145/3347269
10.2139/ssrn.3836261
10.1145/1273445.1273458
10.1093/idpl/ipy001
10.1093/idpl/ipz008
10.5325/jinfopoli.11.2021.0301
10.14763/2018.3.927
10.2307/1321160
10.24908/ss.v15i2.6029
10.1177/0042098015597640
10.1016/j.clsr.2020.105497
10.1093/idpl/ipy002
10.1177/1461444814541526
10.1108/ITP-08-2019-0433
10.1093/ijlit/eal008
10.1093/idpl/ipac017
ContentType Journal Article
Copyright 2023 The Author(s)
Copyright_xml – notice: 2023 The Author(s)
DBID 6I.
AAFTH
AAYXX
CITATION
DOA
DOI 10.1016/j.jrt.2023.100070
DatabaseName ScienceDirect Open Access Titles
Elsevier:ScienceDirect:Open Access
CrossRef
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
DatabaseTitleList

Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
DeliveryMethod fulltext_linktorsrc
EISSN 2666-6596
ExternalDocumentID oai_doaj_org_article_9954fae2ee2b404caefc1bde04afcd14
10_1016_j_jrt_2023_100070
S2666659623000136
GroupedDBID 6I.
AAEDW
AAFTH
AAXUO
ALMA_UNASSIGNED_HOLDINGS
AMRAJ
EBS
FDB
GROUPED_DOAJ
M~E
OK1
0R~
AALRI
AAYWO
AAYXX
ACVFH
ADCNI
ADVLN
AEUPX
AFJKZ
AFPUW
AIGII
AITUG
AKBMS
AKYEP
APXCP
CITATION
ID FETCH-LOGICAL-c3210-a685ee714bc31a8694f0ee611ebf1ed4ea56d4797e09f6ab9faab355cc01d4f23
IEDL.DBID DOA
ISSN 2666-6596
IngestDate Wed Aug 27 01:24:53 EDT 2025
Thu Apr 24 22:52:37 EDT 2025
Tue Jul 01 02:39:54 EDT 2025
Sat Nov 04 15:30:39 EDT 2023
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Keywords Data subject rights
Data protection
Research methodology
Systematic literature review
Language English
License This is an open access article under the CC BY license.
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c3210-a685ee714bc31a8694f0ee611ebf1ed4ea56d4797e09f6ab9faab355cc01d4f23
ORCID 0000-0003-0197-7676
0000-0002-5028-9047
OpenAccessLink https://doaj.org/article/9954fae2ee2b404caefc1bde04afcd14
ParticipantIDs doaj_primary_oai_doaj_org_article_9954fae2ee2b404caefc1bde04afcd14
crossref_citationtrail_10_1016_j_jrt_2023_100070
crossref_primary_10_1016_j_jrt_2023_100070
elsevier_sciencedirect_doi_10_1016_j_jrt_2023_100070
ProviderPackageCode CITATION
AAYXX
PublicationCentury 2000
PublicationDate December 2023
2023-12-00
2023-12-01
PublicationDateYYYYMMDD 2023-12-01
PublicationDate_xml – month: 12
  year: 2023
  text: December 2023
PublicationDecade 2020
PublicationTitle Journal of responsible technology
PublicationYear 2023
Publisher Elsevier Ltd
Elsevier
Publisher_xml – name: Elsevier Ltd
– name: Elsevier
References Association for Computing Machinery, Association for computing Machinery digital library (2022). URL
Cellan-Jones, R.; Coronavirus: England's test and trace programme ‘breaks GDPR data law’
L'Hoiry, Norris (bib0034) 2017
Gellman R., Fair information practices: A basic history-version 2.22 (2022). URL
Organisation for Economic Co-operation and Development, The OECD privacy framework (2013). URL
Urban, Tatang, Degeling, Holz, Pohlmann (bib0058) 2019
De Terwangne (bib0014) 2021; 40
(bib0011) 2023
Greenleaf G., Global tables of data privacy laws and bills (7th Ed, January 2021), Privacy Laws & Business International Report 169 & 170 (2021) 6–19. . URL
ProQuest LLC, ProQuest dissertations and theses (2022). URL
Mayer J., Princeton-Radboud study on privacy law implementation (dec 2021). URL
Asghari, van Biemen, Warnier (bib0002) 2021
Von Laufenberg (bib0063) 2017
Ausloos, Veale (bib0006) 2021; 2020
Cagnazzo, Holz, Pohlmann (bib0009) 2019
Norris, de Hert, L'Hoiry, Galetta (bib0041) 2017
Web of Science, Web of science collections (2022). URL
IEEE, IEEE Xplore digital library (2022). URL
Zwiebelmann, Henderson (bib0068) 2021
Rudgard S., Origins and historical context of data protection law (undated). URL
Van Biemen (bib0059) 2018
Keshav (bib0029) 2007; 37
Confessore N. , Cambridge analytica and Facebook: The scandal and the fallout so far, The New York Times (2018). URL
Association for Computing Machinery, ACM computing classification system (2023). URL
Hill K., S. Mattu, The house that spied on me
Veys, Serrano, Stamos, Herman, Reitinger, Mazurek, Ur (bib0061) 2021
Galetta, Fonio, Ceresa (bib0022) 2016; 6
Luk´acs A., What is privacy? The history and definition of privacy (2016). URL
.
State of California, Assembly Bill No. 375. California legislative information (June 2018). URL
Wong, Henderson (bib0066) 2019; 9
Mahieu, Asghari, Parsons, van Hoboken, Crete-Nishihata, Hilts (bib0036) 2021; 11
Sørum, Presthus (bib0050) 2020; 34
Edwards (bib0017) 2018
Bier, K¨ompf, Beyerer (bib0008) 2017
Giannopoulou, Ausloos, Delacroix, Janssen (bib0024) 2022
Warren, Brandeis (bib0064) 1890; 4
WoS Research Team, Web of Science Journal (WoS) Journal Info (2023). URL
Kitchenham B., S. Charters, D. Budgen, P. Brereton, M. Turner, S. Linkman et al., Guidelines for performing systematic literature reviews in software engineering, Technical report, ver. 2.3 EBSE technical report. EBSE, School of Computer Science and Mathematics Keele University and Department of Computer Science University of Durham (2007).
Fonio, Ceresa (bib0021) 2017
Elhabbash, Salama, Bahsoon, Tino (bib0018) 2019; 14
accessed: 2023-06-20(2018).
Open Society Foundations, Q and A: Fighting for worker's right to data (May 2019). URL
Krieger-Lamina (bib0032) 2017
Council of Europe, Modernisation of the data protection “convention 108” (undated). URL
Szekely, Vissy (bib0053) 2017
accessed: 2023-06-20 (2020).
Raento (bib0046) 2006; 14
Meneely, Smith, Williams (bib0040) 2013; 21
Kr¨oger, Lindemann, Herrmann (bib0031) 2020
Elsevier, Scopus digital library (2022). URL
Spiller (bib0051) 2016; 53
Turner, Galindo Quintero, Turner, Lis, Tanczer (bib0055) 2021; 23
arXiv, LawArXiv Papers (2022). URL
Kuschewsky, M., What does the revision of the OECD privacy guidelines mean for businesses? (2013). URL
Martino, Robyns, Weyts, Quax, Lamotte, Andries (bib0038) 2019
Rothmann (bib0048) 2017; 15
(bib0047) 2016; L119
Uldam (bib0057) 2018; 40
Norris, L'Hoiry (bib0042) 2017
Bellanova, Bergersen, Mirshahi, Moe-Pryce, Burgess (bib0007) 2017
Government of Canada, Personal information protection and electronic documents act (2000). URL
Tolsdorf, Fischer, Iacono (bib0054) 2021
Uldam (bib0056) 2016; 18
Ausloos, Dewitte (bib0005) 2018; 8
Ebbers, Ising, Saatjohann, Schinzel (bib0016) 2021
(bib0015) 1995
European Union, COMMISSION DECISION of 20 December 2001 pursuant to directive 95/46/EC of the European parliament and of the council on the adequate protection of personal data provided by the Canadian personal information protection and electronic documents act. (2002). URL
Mahieu, Asghari, Van Eeten (bib0037) 2018; 7
Vohland, Land-Zandstra, Ceccaroni, Lemmens, Perell´o, Ponti, Samson, Wagenknecht (bib0062) 2021
Veale, Binns, Ausloos (bib0060) 2018; 8
Spiller (10.1016/j.jrt.2023.100070_bib0051) 2016; 53
De Terwangne (10.1016/j.jrt.2023.100070_bib0014) 2021; 40
10.1016/j.jrt.2023.100070_bib0027
10.1016/j.jrt.2023.100070_bib0028
10.1016/j.jrt.2023.100070_bib0025
10.1016/j.jrt.2023.100070_bib0026
10.1016/j.jrt.2023.100070_bib0023
10.1016/j.jrt.2023.100070_bib0067
10.1016/j.jrt.2023.100070_bib0065
Uldam (10.1016/j.jrt.2023.100070_bib0056) 2016; 18
10.1016/j.jrt.2023.100070_bib0030
Ausloos (10.1016/j.jrt.2023.100070_bib0006) 2021; 2020
Norris (10.1016/j.jrt.2023.100070_bib0042) 2017
Szekely (10.1016/j.jrt.2023.100070_bib0053) 2017
Uldam (10.1016/j.jrt.2023.100070_bib0057) 2018; 40
Keshav (10.1016/j.jrt.2023.100070_bib0029) 2007; 37
Cagnazzo (10.1016/j.jrt.2023.100070_bib0009) 2019
Von Laufenberg (10.1016/j.jrt.2023.100070_bib0063) 2017
10.1016/j.jrt.2023.100070_bib0019
10.1016/j.jrt.2023.100070_bib0012
Norris (10.1016/j.jrt.2023.100070_bib0041) 2017
10.1016/j.jrt.2023.100070_bib0013
10.1016/j.jrt.2023.100070_bib0010
Bellanova (10.1016/j.jrt.2023.100070_bib0007) 2017
10.1016/j.jrt.2023.100070_bib0020
Ebbers (10.1016/j.jrt.2023.100070_bib0016) 2021
Ausloos (10.1016/j.jrt.2023.100070_bib0005) 2018; 8
Raento (10.1016/j.jrt.2023.100070_bib0046) 2006; 14
Meneely (10.1016/j.jrt.2023.100070_bib0040) 2013; 21
Martino (10.1016/j.jrt.2023.100070_bib0038) 2019
(10.1016/j.jrt.2023.100070_bib0011) 2023
(10.1016/j.jrt.2023.100070_bib0047) 2016; L119
Turner (10.1016/j.jrt.2023.100070_bib0055) 2021; 23
10.1016/j.jrt.2023.100070_bib0049
Urban (10.1016/j.jrt.2023.100070_bib0058) 2019
Zwiebelmann (10.1016/j.jrt.2023.100070_bib0068) 2021
Warren (10.1016/j.jrt.2023.100070_bib0064) 1890; 4
10.1016/j.jrt.2023.100070_bib0003
10.1016/j.jrt.2023.100070_bib0004
10.1016/j.jrt.2023.100070_bib0001
10.1016/j.jrt.2023.100070_bib0045
10.1016/j.jrt.2023.100070_bib0043
10.1016/j.jrt.2023.100070_bib0044
10.1016/j.jrt.2023.100070_bib0052
Giannopoulou (10.1016/j.jrt.2023.100070_bib0024) 2022
Mahieu (10.1016/j.jrt.2023.100070_bib0037) 2018; 7
Edwards (10.1016/j.jrt.2023.100070_bib0017) 2018
Kr¨oger (10.1016/j.jrt.2023.100070_bib0031) 2020
Elhabbash (10.1016/j.jrt.2023.100070_bib0018) 2019; 14
Krieger-Lamina (10.1016/j.jrt.2023.100070_bib0032) 2017
Veale (10.1016/j.jrt.2023.100070_bib0060) 2018; 8
Galetta (10.1016/j.jrt.2023.100070_bib0022) 2016; 6
Veys (10.1016/j.jrt.2023.100070_bib0061) 2021
Asghari (10.1016/j.jrt.2023.100070_bib0002) 2021
Mahieu (10.1016/j.jrt.2023.100070_bib0036) 2021; 11
Tolsdorf (10.1016/j.jrt.2023.100070_bib0054) 2021
Van Biemen (10.1016/j.jrt.2023.100070_bib0059) 2018
Rothmann (10.1016/j.jrt.2023.100070_bib0048) 2017; 15
10.1016/j.jrt.2023.100070_bib0039
Fonio (10.1016/j.jrt.2023.100070_bib0021) 2017
Bier (10.1016/j.jrt.2023.100070_bib0008) 2017
L'Hoiry (10.1016/j.jrt.2023.100070_bib0034) 2017
10.1016/j.jrt.2023.100070_bib0035
Vohland (10.1016/j.jrt.2023.100070_bib0062) 2021
10.1016/j.jrt.2023.100070_bib0033
Sørum (10.1016/j.jrt.2023.100070_bib0050) 2020; 34
Wong (10.1016/j.jrt.2023.100070_bib0066) 2019; 9
(10.1016/j.jrt.2023.100070_bib0015) 1995
References_xml – volume: 2020
  start-page: 136
  year: 2021
  end-page: 157
  ident: bib0006
  article-title: Researching with data rights
  publication-title: Technology and Regulation
– start-page: 219
  year: 2017
  end-page: 255
  ident: bib0063
  article-title: Exercising access rights in Luxembourg
  publication-title: The unaccountable state of surveillance: Exercising access rights in Europe, law, governance and technology series
– reference: Rudgard S., Origins and historical context of data protection law (undated). URL:
– volume: 7
  year: 2018
  ident: bib0037
  article-title: Collectively exercising the right of access: Individual effort, societal effect
  publication-title: Internet Policy Review
– volume: L119
  start-page: 1
  year: 2016
  end-page: 88
  ident: bib0047
  article-title: 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
  publication-title: Official Journal of the European Union
– volume: 11
  start-page: 301
  year: 2021
  end-page: 349
  ident: bib0036
  article-title: Measuring the brussels effect through access requests: Has the european general data protection regulation influenced the data protection rights of Canadian citizens?
  publication-title: Journal of Information Policy
– reference: ProQuest LLC, ProQuest dissertations and theses (2022). URL
– start-page: 359
  year: 2017
  end-page: 404
  ident: bib0032
  article-title: Exercising access rights in Austria
  publication-title: The unaccountable state of surveillance: Exercising access rights in Europe, law, governance and technology series
– start-page: 31
  year: 1995
  end-page: 50
  ident: bib0015
  article-title: 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  publication-title: Official Journal of the European Union
– reference: Open Society Foundations, Q and A: Fighting for worker's right to data (May 2019). URL:
– volume: 15
  start-page: 222
  year: 2017
  end-page: 238
  ident: bib0048
  article-title: Video surveillance and the right of access: The empirical proof of panoptical asymmetries
  publication-title: Surveillance and Society
– start-page: 217
  year: 2021
  end-page: 242
  ident: bib0061
  article-title: Pursuing usable and useful data downloads under GDPR/CCPA access rights via Co-Design
  publication-title: Seventeenth symposium on usable privacy and security (SOUPS 2021), USENIX Association, USENIX Symposium on Usable Privacy and Security (SOUPS) 2021. August 8–10, 2021, Virtual Conference.
– start-page: 181
  year: 2017
  end-page: 218
  ident: bib0021
  article-title: Exercising access rights in Italy
  publication-title: The unaccountable state of surveillance: Exercising access rights in Europe, law, governance and technology series
– start-page: 371
  year: 2019
  end-page: 386
  ident: bib0038
  article-title: Personal information leakage by abusing the GDPR “right of access
  publication-title: Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019), USENIX Association, USENIX Symposium on Usable Privacy and Security (SOUPS) 2019
– reference: Web of Science, Web of science collections (2022). URL
– start-page: 1
  year: 2021
  end-page: 6
  ident: bib0016
  article-title: Grand theft app: Digital forensics of vehicle assistant apps
  publication-title: ARES 21: Proceedings of the 16th international conference on availability, reliability and security, no. 30 in ARES 21, association for computing machinery
– volume: 53
  start-page: 2885
  year: 2016
  end-page: 2900
  ident: bib0051
  article-title: Experiences of accessing CCTV data: The urban topologies of subject access requests
  publication-title: Urban Studies
– start-page: 61
  year: 2019
  end-page: 79
  ident: bib0058
  article-title: A study on subject data access in online advertising after the GDPR
  publication-title: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
– reference: Organisation for Economic Co-operation and Development, The OECD privacy framework (2013). URL:
– reference: Gellman R., Fair information practices: A basic history-version 2.22 (2022). URL
– reference: Greenleaf G., Global tables of data privacy laws and bills (7th Ed, January 2021), Privacy Laws & Business International Report 169 & 170 (2021) 6–19. . URL
– reference: Association for Computing Machinery, ACM computing classification system (2023). URL
– reference: State of California, Assembly Bill No. 375. California legislative information (June 2018). URL:
– volume: 14
  start-page: 1
  year: 2019
  end-page: 42
  ident: bib0018
  article-title: Self-awareness in software engineering: A systematic literature review
  publication-title: ACM Transactions on Autonomous and Adaptive Systems
– volume: 23
  start-page: 2861
  year: 2021
  end-page: 2881
  ident: bib0055
  article-title: The exercisability of the right to data portability in the emerging Internet of Things (IoT) environment
  publication-title: New Media and Society
– volume: 9
  start-page: 173
  year: 2019
  end-page: 191
  ident: bib0066
  article-title: The right to data portability in practice: Exploring the implications of the technologically neutral GDPR
  publication-title: International Data Privacy Law
– volume: 8
  start-page: 4
  year: 2018
  end-page: 28
  ident: bib0005
  article-title: Shattering one-way mirrors - data subject access rights in practice
  publication-title: International Data Privacy Law
– reference: Elsevier, Scopus digital library (2022). URL
– start-page: 359
  year: 2017
  end-page: 404
  ident: bib0034
  article-title: Exercising access rights in United Kingdom
  publication-title: The unaccountable state of surveillance: Exercising access rights in Europe, law, governance and technology series
– year: 2017
  ident: bib0041
  article-title: The unaccountable state of surveillance
  publication-title: Governance and technology series
– reference: Cellan-Jones, R.; Coronavirus: England's test and trace programme ‘breaks GDPR data law’,
– volume: 37
  start-page: 83
  year: 2007
  end-page: 84
  ident: bib0029
  article-title: How to read a paper
  publication-title: ACM SIGCOMM Computer Communication Review
– volume: 8
  start-page: 105
  year: 2018
  end-page: 123
  ident: bib0060
  article-title: When data protection by design and data subject rights clash
  publication-title: International Data Privacy Law
– reference: , accessed: 2023-06-20(2018).
– start-page: 135
  year: 2017
  end-page: 180
  ident: bib0053
  article-title: Exercising access rights in Hungary
  publication-title: The unaccountable state of surveillance: Exercising access rights in europe, law, governance and technology series
– reference: Council of Europe, Modernisation of the data protection “convention 108” (undated). URL:
– volume: 21
  start-page: 28
  year: 2013
  ident: bib0040
  article-title: Validating software metrics: A spectrum of philosophies
  publication-title: ACM Transactions on Software Engineering and Methodology
– reference: Luk´acs A., What is privacy? The history and definition of privacy (2016). URL
– reference: Confessore N. , Cambridge analytica and Facebook: The scandal and the fallout so far, The New York Times (2018). URL:
– year: 2023
  ident: bib0011
  publication-title: Journal Citation Reports
– start-page: 367
  year: 2019
  end-page: 386
  ident: bib0009
  article-title: GDPiRated – stealing personal information on- and offline
  publication-title: Lecture notes in computer science (including subseries lecture notes in artificial intelligence and lecture notes in bioinformatics)
– reference: Government of Canada, Personal information protection and electronic documents act (2000). URL:
– year: 2022
  ident: bib0024
  article-title: Intermediating data rights exercises: The role of legal mandates
  publication-title: International Data Privacy Law
– reference: European Union, COMMISSION DECISION of 20 December 2001 pursuant to directive 95/46/EC of the European parliament and of the council on the adequate protection of personal data provided by the Canadian personal information protection and electronic documents act. (2002). URL:
– reference: arXiv, LawArXiv Papers (2022). URL
– reference: Hill K., S. Mattu, The house that spied on me,
– year: 2021
  ident: bib0062
  article-title: The science of citizen science
– year: 2018
  ident: bib0017
  article-title: Data protection: Enter the general data protection regulation, law, policy and the internet
– start-page: 276
  year: 2021
  end-page: 280
  ident: bib0068
  article-title: Data portability as a tool for audit
  publication-title: Adjunct proceedings of the 2021 ACM international joint conference on pervasive and ubiquitous computing and proceedings of the 2021 ACM international symposium on wearable computers
– reference: Kuschewsky, M., What does the revision of the OECD privacy guidelines mean for businesses? (2013). URL:
– start-page: 1
  year: 2020
  end-page: 10
  ident: bib0031
  article-title: How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps
  publication-title: Proceedings of the 15th International Conference on Availability, Reliability and Security, ARES ’20, Association for Computing Machinery
– volume: 14
  start-page: 390
  year: 2006
  end-page: 409
  ident: bib0046
  article-title: The data subject's right of access and to be informed in Finland: An experimental study
  publication-title: International Journal of Law and Information Technology
– year: 2021
  ident: bib0054
  article-title: A case study on the implementation of the right of access in privacy dashboards
  publication-title: LNCS of lecture notes in computer science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
– reference: Association for Computing Machinery, Association for computing Machinery digital library (2022). URL
– reference: WoS Research Team, Web of Science Journal (WoS) Journal Info (2023). URL
– reference: Kitchenham B., S. Charters, D. Budgen, P. Brereton, M. Turner, S. Linkman et al., Guidelines for performing systematic literature reviews in software engineering, Technical report, ver. 2.3 EBSE technical report. EBSE, School of Computer Science and Mathematics Keele University and Department of Computer Science University of Durham (2007).
– year: 2021
  ident: bib0002
  article-title: Amplifying privacy: Scaling up transparency research through delegated access requests
  publication-title: 5th Workshop on technology and consumer protection (ConPro ’21)
– volume: 40
  start-page: 41
  year: 2018
  end-page: 58
  ident: bib0057
  article-title: Social media visibility: Challenges to activism, Media
  publication-title: Culture and Society
– volume: 4
  start-page: 193
  year: 1890
  end-page: 220
  ident: bib0064
  article-title: The right to privacy
  publication-title: Harvard Law Review
– reference: , accessed: 2023-06-20 (2020).
– volume: 18
  start-page: 201
  year: 2016
  end-page: 219
  ident: bib0056
  article-title: Corporate management of visibility and the fantasy of the post-political: Social media and surveillance
  publication-title: New Media and Society
– reference: IEEE, IEEE Xplore digital library (2022). URL
– start-page: 257
  year: 2017
  end-page: 296
  ident: bib0007
  article-title: Exercising access rights in Norway
  publication-title: The unaccountable state of surveillance: Exercising access rights in europe, law, governance and technology series
– start-page: 405
  year: 2017
  end-page: 455
  ident: bib0042
  article-title: Exercising citizen rights under surveillance regimes in Europe – meta-analysis of a ten country study
  publication-title: The unaccountable state of surveillance: Exercising access rights in europe, law, governance and technology series
– reference: .
– volume: 40
  year: 2021
  ident: bib0014
  article-title: Council of Europe convention 108+: A modernised international treaty for the protection of personal data
  publication-title: Computer Law & Security Review
– volume: 34
  start-page: 912
  year: 2020
  end-page: 929
  ident: bib0050
  article-title: Dude, where's my data? The GDPR in practice, from a consumer's point of view
  publication-title: Information Technology and People
– start-page: 271
  year: 2017
  end-page: 289
  ident: bib0008
  article-title: A study on corporate compliance with transparency requirements of data protection law
  publication-title: Data protection and privacy: (In)visibilities and infrastructures
– volume: 6
  start-page: 16
  year: 2016
  end-page: 27
  ident: bib0022
  article-title: Nothing is as it seems. The exercise of access rights in Italy and Belgium: Dispelling fallacies in the legal reasoning from the ‘law in theory’ to the ‘law in practice
  publication-title: International Data Privacy Law
– year: 2018
  ident: bib0059
  article-title: Personal privacy in practice: Putting the gdpr to test in a collective exercise of data subjects’ right of access, master's thesis
– reference: Mayer J., Princeton-Radboud study on privacy law implementation (dec 2021). URL
– ident: 10.1016/j.jrt.2023.100070_bib0019
– ident: 10.1016/j.jrt.2023.100070_bib0044
– year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0059
– ident: 10.1016/j.jrt.2023.100070_bib0067
– start-page: 271
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0008
  article-title: A study on corporate compliance with transparency requirements of data protection law
– start-page: 359
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0032
  article-title: Exercising access rights in Austria
– ident: 10.1016/j.jrt.2023.100070_bib0025
– ident: 10.1016/j.jrt.2023.100070_bib0030
– volume: 6
  start-page: 16
  issue: 1
  year: 2016
  ident: 10.1016/j.jrt.2023.100070_bib0022
  article-title: Nothing is as it seems. The exercise of access rights in Italy and Belgium: Dispelling fallacies in the legal reasoning from the ‘law in theory’ to the ‘law in practice
  publication-title: International Data Privacy Law
– start-page: 359
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0034
  article-title: Exercising access rights in United Kingdom
– volume: 40
  start-page: 41
  issue: 1
  year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0057
  article-title: Social media visibility: Challenges to activism, Media
  publication-title: Culture and Society
– start-page: 217
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0061
  article-title: Pursuing usable and useful data downloads under GDPR/CCPA access rights via Co-Design
– volume: 23
  start-page: 2861
  issue: 10
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0055
  article-title: The exercisability of the right to data portability in the emerging Internet of Things (IoT) environment
  publication-title: New Media and Society
  doi: 10.1177/1461444820934033
– ident: 10.1016/j.jrt.2023.100070_bib0039
– year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0017
– start-page: 367
  year: 2019
  ident: 10.1016/j.jrt.2023.100070_bib0009
  article-title: GDPiRated – stealing personal information on- and offline
– year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0041
  article-title: The unaccountable state of surveillance
  doi: 10.1007/978-3-319-47573-8
– volume: 14
  start-page: 1
  issue: 2
  year: 2019
  ident: 10.1016/j.jrt.2023.100070_bib0018
  article-title: Self-awareness in software engineering: A systematic literature review
  publication-title: ACM Transactions on Autonomous and Adaptive Systems
  doi: 10.1145/3347269
– ident: 10.1016/j.jrt.2023.100070_bib0026
  doi: 10.2139/ssrn.3836261
– ident: 10.1016/j.jrt.2023.100070_bib0045
– volume: 37
  start-page: 83
  issue: 3
  year: 2007
  ident: 10.1016/j.jrt.2023.100070_bib0029
  article-title: How to read a paper
  publication-title: ACM SIGCOMM Computer Communication Review
  doi: 10.1145/1273445.1273458
– volume: 8
  start-page: 4
  issue: 1
  year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0005
  article-title: Shattering one-way mirrors - data subject access rights in practice
  publication-title: International Data Privacy Law
  doi: 10.1093/idpl/ipy001
– ident: 10.1016/j.jrt.2023.100070_bib0003
– start-page: 1
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0016
  article-title: Grand theft app: Digital forensics of vehicle assistant apps
– ident: 10.1016/j.jrt.2023.100070_bib0020
– volume: 9
  start-page: 173
  issue: 3
  year: 2019
  ident: 10.1016/j.jrt.2023.100070_bib0066
  article-title: The right to data portability in practice: Exploring the implications of the technologically neutral GDPR
  publication-title: International Data Privacy Law
  doi: 10.1093/idpl/ipz008
– ident: 10.1016/j.jrt.2023.100070_bib0052
– ident: 10.1016/j.jrt.2023.100070_bib0028
– ident: 10.1016/j.jrt.2023.100070_bib0049
– year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0054
  article-title: A case study on the implementation of the right of access in privacy dashboards
– volume: 11
  start-page: 301
  issue: 1
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0036
  article-title: Measuring the brussels effect through access requests: Has the european general data protection regulation influenced the data protection rights of Canadian citizens?
  publication-title: Journal of Information Policy
  doi: 10.5325/jinfopoli.11.2021.0301
– ident: 10.1016/j.jrt.2023.100070_bib0035
– volume: 7
  issue: 3
  year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0037
  article-title: Collectively exercising the right of access: Individual effort, societal effect
  publication-title: Internet Policy Review
  doi: 10.14763/2018.3.927
– volume: 4
  start-page: 193
  issue: 5
  year: 1890
  ident: 10.1016/j.jrt.2023.100070_bib0064
  article-title: The right to privacy
  publication-title: Harvard Law Review
  doi: 10.2307/1321160
– ident: 10.1016/j.jrt.2023.100070_bib0010
– ident: 10.1016/j.jrt.2023.100070_bib0065
– start-page: 1
  year: 2020
  ident: 10.1016/j.jrt.2023.100070_bib0031
  article-title: How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps
– start-page: 61
  year: 2019
  ident: 10.1016/j.jrt.2023.100070_bib0058
  article-title: A study on subject data access in online advertising after the GDPR
– year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0002
  article-title: Amplifying privacy: Scaling up transparency research through delegated access requests
– ident: 10.1016/j.jrt.2023.100070_bib0023
– start-page: 371
  year: 2019
  ident: 10.1016/j.jrt.2023.100070_bib0038
  article-title: Personal information leakage by abusing the GDPR “right of access
– start-page: 31
  year: 1995
  ident: 10.1016/j.jrt.2023.100070_bib0015
  article-title: 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data
  publication-title: Official Journal of the European Union
– volume: 15
  start-page: 222
  issue: 2
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0048
  article-title: Video surveillance and the right of access: The empirical proof of panoptical asymmetries
  publication-title: Surveillance and Society
  doi: 10.24908/ss.v15i2.6029
– ident: 10.1016/j.jrt.2023.100070_bib0004
– volume: 53
  start-page: 2885
  issue: 13
  year: 2016
  ident: 10.1016/j.jrt.2023.100070_bib0051
  article-title: Experiences of accessing CCTV data: The urban topologies of subject access requests
  publication-title: Urban Studies
  doi: 10.1177/0042098015597640
– ident: 10.1016/j.jrt.2023.100070_bib0027
– start-page: 276
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0068
  article-title: Data portability as a tool for audit
– year: 2023
  ident: 10.1016/j.jrt.2023.100070_bib0011
  publication-title: Journal Citation Reports
– start-page: 219
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0063
  article-title: Exercising access rights in Luxembourg
– volume: 40
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0014
  article-title: Council of Europe convention 108+: A modernised international treaty for the protection of personal data
  publication-title: Computer Law & Security Review
  doi: 10.1016/j.clsr.2020.105497
– year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0062
– start-page: 135
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0053
  article-title: Exercising access rights in Hungary
– volume: 8
  start-page: 105
  issue: 2
  year: 2018
  ident: 10.1016/j.jrt.2023.100070_bib0060
  article-title: When data protection by design and data subject rights clash
  publication-title: International Data Privacy Law
  doi: 10.1093/idpl/ipy002
– ident: 10.1016/j.jrt.2023.100070_bib0013
– volume: 21
  start-page: 28
  issue: 4
  year: 2013
  ident: 10.1016/j.jrt.2023.100070_bib0040
  article-title: Validating software metrics: A spectrum of philosophies
  publication-title: ACM Transactions on Software Engineering and Methodology
– ident: 10.1016/j.jrt.2023.100070_bib0043
– start-page: 257
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0007
  article-title: Exercising access rights in Norway
– volume: 18
  start-page: 201
  issue: 2
  year: 2016
  ident: 10.1016/j.jrt.2023.100070_bib0056
  article-title: Corporate management of visibility and the fantasy of the post-political: Social media and surveillance
  publication-title: New Media and Society
  doi: 10.1177/1461444814541526
– volume: L119
  start-page: 1
  year: 2016
  ident: 10.1016/j.jrt.2023.100070_bib0047
  publication-title: Official Journal of the European Union
– volume: 2020
  start-page: 136
  year: 2021
  ident: 10.1016/j.jrt.2023.100070_bib0006
  article-title: Researching with data rights
  publication-title: Technology and Regulation
– ident: 10.1016/j.jrt.2023.100070_bib0001
– start-page: 181
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0021
  article-title: Exercising access rights in Italy
– volume: 34
  start-page: 912
  issue: 3
  year: 2020
  ident: 10.1016/j.jrt.2023.100070_bib0050
  article-title: Dude, where's my data? The GDPR in practice, from a consumer's point of view
  publication-title: Information Technology and People
  doi: 10.1108/ITP-08-2019-0433
– start-page: 405
  year: 2017
  ident: 10.1016/j.jrt.2023.100070_bib0042
  article-title: Exercising citizen rights under surveillance regimes in Europe – meta-analysis of a ten country study
– volume: 14
  start-page: 390
  issue: 3
  year: 2006
  ident: 10.1016/j.jrt.2023.100070_bib0046
  article-title: The data subject's right of access and to be informed in Finland: An experimental study
  publication-title: International Journal of Law and Information Technology
  doi: 10.1093/ijlit/eal008
– year: 2022
  ident: 10.1016/j.jrt.2023.100070_bib0024
  article-title: Intermediating data rights exercises: The role of legal mandates
  publication-title: International Data Privacy Law
  doi: 10.1093/idpl/ipac017
– ident: 10.1016/j.jrt.2023.100070_bib0033
– ident: 10.1016/j.jrt.2023.100070_bib0012
SSID ssj0002811333
Score 2.2738292
SecondaryResourceType review_article
Snippet •Data subject rights are an increasingly popular methodological tool for collecting research data.•We gathered and analysed 32 studies that used data subject...
Data subject rights provide data controllers with obligations that can help with transparency, giving data subjects some control over their personal data. To...
SourceID doaj
crossref
elsevier
SourceType Open Website
Enrichment Source
Index Database
Publisher
StartPage 100070
SubjectTerms Data protection
Data subject rights
Research methodology
Systematic literature review
Title Data subject rights as a research methodology: A systematic literature review
URI https://dx.doi.org/10.1016/j.jrt.2023.100070
https://doaj.org/article/9954fae2ee2b404caefc1bde04afcd14
Volume 16
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
link http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV3PS8MwFA6ykxdRVJy_yMGTUGzSNG29Td0Ywjw52C28pC_oGFPmdvVvNz_a2Yt6EUoPJU3K9wrvveS97yPkCqTUZS4h8WxmidC5ToCXMikYOG_LrbDge4cnT3I8FY-zfNaR-vI1YZEeOAJ34_nKLCBH5FqkwgBaw3SNqQBr6iBhzZ3P6yRT87BlxFzylbXHmKGga77ytZM884UBqRcn7jiiwNff8UcdHzPaJ3tNcEgH8aMOyA4uD8nkAdZAPzba75jQkEx_UHAXbYh6XmiUgQ4b5Ld0QL_Zmeliy5pMY5PKEZmOhs_346QRQUiMb69JQJY5YsGENhmDUlbCpoiSMdSWYS3QYVqLoiowrawEXTlwtQsijElZLSzPjklv-bbEE0LrwtRSViUYmYk856VmqREuX7MghbNQn6QtIso0DOFeqGKh2lKwuXIgKg-iiiD2yfX2lfdIj_Hb4DsP83agZ7YOD5y9VWNv9Ze9-0S0RlJNkBCdv5vq9ee1T_9j7TOy66eM1SznpLdebfDCxSRrfRl-P3effA6_AFdm4sU
linkProvider Directory of Open Access Journals
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Data+subject+rights+as+a+research+methodology%3A+A+systematic+literature+review&rft.jtitle=Journal+of+responsible+technology&rft.au=Habu%2C+Adamu+Adamu&rft.au=Henderson%2C+Tristan&rft.date=2023-12-01&rft.issn=2666-6596&rft.eissn=2666-6596&rft.volume=16&rft.spage=100070&rft_id=info:doi/10.1016%2Fj.jrt.2023.100070&rft.externalDBID=n%2Fa&rft.externalDocID=10_1016_j_jrt_2023_100070
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2666-6596&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2666-6596&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2666-6596&client=summon