Skip to content
GDPR, Data Portability and Data About Multiple PeopleContents


Theme 1

Understanding data

Many of the products and services people use collect data. Services do this in different ways. For example, an e-commerce site will collect data directly when someone enters a billing address, but it could also collect data indirectly when someone searches for a product. In turn, it might use these findings to generate new data about items people might buy.

This can be opaque to people. According to doteveryone’s recent study, over fifty percent of people can’t find out how much data they share when they use a service.

If people are going to engage with rights such as data portability, they’ll need to understand what data about them exists in the first place. We developed two prototypes and tested them with people to explore their understanding of these issues:


Moving song preferences and voice recognition

Songlio and Hausbot are smart speakers. Controlled using your voice, these devices can perform tasks for you, such as playing music or making shopping lists.

You can transfer information like song preferences and voice recognition between smart speakers made by different companies.


Knowledge about what everyone is eating

DietScan helps you see and understand more about the food you eat.

By using codes on shopping receipts, DietScan fetches nutritional information for every item of food you’ve bought.

Left Supermarsho shopping listing with QR scannable code. Right screen DietScan app opened and ready to scan shopping list

To understand your diet, Diet Scan analyses items to calculate information about what you and others ate.

Left screen DietScan fetching food information from Supermarsho API. Right screen nutrional information for each item on shopping list. Split by estimate number of people who ate those items.

Summary of findings

These findings describe the understanding and behaviours of the people we spoke to:

People often aren’t aware of what data is held about them

We found that many people weren’t aware of the types of data that services hold about them. This is important because people need to understand what data a service holds about them in order to make an informed decision about transferring it.

People think about ownership, not rights

In testing, people talked about “my data” or “owning data.” People felt that because they ‘owned’ data about them, they could control it how they wanted.

People think data is just about them

Very few people talked about shared ownership or multiple rights over data. Few people seemed to understand that data they control could also be about other people. This could be a result of people’s individualistic view of data, as well as the way in which services are currently designed.

People don’t understand how much data can reveal about them

Most people felt data was private if it didn’t include names, dates of birth and addresses. People felt the risks of sharing some types of data, like their energy use, was very small.

People often don’t understand how data can be misused

The potential for data to be used for harmful purposes wasn’t clear to the people we spoke to. This might be because people don’t understand how much can be inferred about them from different kinds of data.

People don’t have time to understand rights and risks

We frequently heard in our research that people have limited time and energy to understand their digital rights and any risks involved in every service they use.