Data Portability as a Tool for Audit

Pervasive systems are almost omnipresent in their collection and processing of personal data. Understanding what these systems are doing is essential for trust, and to ensure that data being collected are accurate. Auditing these systems can help to determine the accuracy of these data. Such audit may take place internally by systems designers, but external audit is important for accountability. In this paper we explore whether users can conduct their own external audit of the systems with which they interact. In particular, we use the Right to Data Portability afforded to data subjects through the General Data Protection Regulation. Using fitness trackers, we collect and upload running data to a set of data controllers. By using data portability to then obtain a copy of our data, we compare the data held by the controllers with our ground-truth data. We find some inaccuracies in the data, but also that audit can be impeded by insufficient explanations from data controllers.

[1]  David A. Basin,et al.  Monitoring the GDPR , 2019, ESORICS.

[2]  Inioluwa Deborah Raji,et al.  Closing the AI accountability gap: defining an end-to-end framework for internal algorithmic auditing , 2020, FAT*.

[3]  Deborah Lupton The diverse domains of quantified selves: self-tracking modes and dataveillance , 2016 .

[4]  Jens Grossklags,et al.  Data Portability between Online Services: An Empirical Analysis on the Effectiveness of GDPR Art. 20 , 2021, Proc. Priv. Enhancing Technol..

[5]  Melanie Swan,et al.  The Quantified Self: Fundamental Disruption in Big Data Science and Biological Discovery , 2013, Big Data.

[6]  Tristan Henderson,et al.  The right to data portability in practice: exploring the implications of the technologically neutral GDPR , 2019, International Data Privacy Law.

[7]  Leonie Maria Tanczer,et al.  The exercisability of the right to data portability in the emerging Internet of Things (IoT) environment , 2020, New Media Soc..

[8]  Jack Bandy,et al.  Problematic Machine Behavior , 2021, Proc. ACM Hum. Comput. Interact..

[9]  Dear Mr Sotiropoulos ARTICLE 29 Data Protection Working Party , 2013 .

[10]  I. Brown Interoperability as a tool for competition regulation , 2020 .

[11]  Grace Fox,et al.  Mobile health technology adoption across generations: Narrowing the digital divide , 2018, Inf. Syst. J..

[12]  Marlene Barth A Case Study on Data Portability , 2021, Datenschutz und Datensicherheit.

[13]  Andreas Schreiber A Provenance Model for Quantified Self Data , 2016, HCI.