The internet has brought in an era of connectivity that has never been seen before. Internet based services are so integrated into our everyday life that we hardly ever pause to think about the sheer depth and breadth of personal data we share with them. From pictures shared over messaging services to likes and dislikes shared over social media, every bit of data once transmitted over the internet may be eternally recorded by service providers subject to the hundreds of pages of terms and conditions that we never once paused to read.
The EU General Data Protection Regulation (GDPR) which will take effect in May 2018, will give individuals the right to request and obtain access to personal data from the companies collecting and processing data about them. After confirming the identity of the requester, companies are legally required to make this data available to the requester in a machine-readable form.[1]Companies in breach of the GDPR can be fined up to 4% of annual global turnover or €20 Million (whichever is greater).[2] This regulation thus, empowers us to discover everything that has been recorded about us by the companies that we unwittingly hand over our data to.
In response to requests from our community members, the VETRI team launched a Personal Data Experiment. We identified 20 well recognized companies, known for their data-processing capabilities and exercised our right to request and obtain access to our personal data. We have received responses from some of the companies, other requests are still being processed. While several of us may be aware of the nature of data being collected about us, the sheer volume of data that we received from some of these service providers served as an alarming wake-up call of how exposed we are in the digital age. In the interest of contributing towards the growing public awareness on privacy in the digital age, we will record our experiences and learnings from the experiment in a series of blogposts. The companies in our experiment fall under the following categories:

  1. Social Media
  2. Messaging services
  3. e-Commerce
  4. Search
  5. Financial Institutions
  6. Leisure

Join the Movement!
As our community is well aware, the core objective behind the VETRI project is to create a public good which will empower users to regain control over their personal data. We see ourselves as part of a greater movement which puts us on course to a privacy-respecting future and thus seek to learn from the insights of all our stakeholders. We thus take this opportunity to encourage you and our community to request your data from the data controllers and share your learnings with the community (if you so wish). Your insights will go a long way in helping us deliver VETRI. Please leave your responses in the comments tab below. We look forward to hearing from you.
[1] Article 15 and Recital 59 of the GDPR.