, 9 tweets, 3 min read Read on Twitter
What would happen if companies and organizations that collect and infer data about you were required by law to securely send you your data dossier monthly?
The California Consumer Privacy Act, enforceable summer of 2020, introduces some notions of a Right of Access into the American privacy regime. Applicable companies should be working on how to comply with adequate access requests by California residents (& EU citizens under GDPR)
I think @CenDemTech made a really helpful comparison chart between CCPA, its own national data rights bill, and GDPR. Here’s the comparison on the Right of Access.
cdt.org/insight/compar…
If I ran a company or organization I would try to get so far ahead of future litigation and just voluntarily send a secure link to my customers/users data dossier as a monthly email reminder to encourage healthy data rights hygiene.
I figured out that companies HQ’d in EU may honor Subject Access Requests from non-citizens like me. GameLoft, a French mobile game company, provided me with this data when I used a form buried in their privacy policy. Note that I disabled this game from getting my location info.
After considering the feedback, I'd amend the question at the ^top of the thread to getting an annual data rights report by default with an option to receive it monthly and the ability to delegate a third-party to aggregate and manage your data rights as your data fiduciary.
Received a Booking dot com privacy update email today which pointed out they are a Dutch holding company that owns Kayak, Agoda, OpenTable, RentalCars and you can email them to do a subject access request for your data. I’ll let you know how it goes.
In other Subject Access Request news, @justinhendrix may have volunteered to try and get his Russian IRA targeting data via the Irish data protection authority since Alex Stamos spilled the beans that Facebook was worried about that particular scenario.
Since Booking Holdings doesn’t have an automated SAR form I had to formulate my own request. So I requested all supplied and *inferred* data since I know that data protection authorities take the view that this information is subject to disclosure. ico.org.uk/action-weve-ta…
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to David Carroll 🦅
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!