The GDPR's Right of Access aims to empower users with control over their personal data via Data Download Packages (DDPs). However, their effectiveness is often compromised by inconsistent platform implementations, questionable data reliability, and poor user comprehensibility. This paper conducts a comprehensive audit of DDPs from three social media platforms (TikTok, Instagram, and YouTube) to systematically assess these critical drawbacks. Despite offering similar services, we find that these platforms demonstrate significant inconsistencies in implementing the Right of Access, evident in varying levels of shared data. Critically, the failure to disclose processing purposes, retention periods, and other third-party data recipients serves as a further indicator of non-compliance. Our reliability evaluations, using bots and user-donated data, reveal that while TikTok's DDPs offer more consistent and complete data, others exhibit notable shortcomings. Similarly, our assessment of comprehensibility, based on surveys with 400 participants, indicates that current DDPs substantially fall short of GDPR's standards. To improve the comprehensibility, we propose and demonstrate a two-layered approach by: (1)~enhancing the data representation itself using stakeholder interpretations; and (2)~incorporating a user-friendly extension (\textit{Know Your Data}) for intuitive data visualization where users can control the level of transparency they prefer. Our findings underscore the need for clearer and non-conflicting regulatory guidance, stricter enforcement, and platform commitment to realize the goal of GDPR's Right of Access.

翻译：GDPR的数据访问权旨在通过数据下载包使用户能够掌控其个人数据。然而，该权利的有效性常因平台执行不一致、数据可靠性存疑及用户可理解性不足而受损。本文对三大社交媒体平台（TikTok、Instagram和YouTube）的数据下载包进行全面审计，系统评估这些关键缺陷。尽管提供相似服务，我们发现这些平台在执行数据访问权时存在显著不一致性，体现在共享数据的层级差异上。尤为关键的是，未能披露数据处理目的、保存期限及其他第三方数据接收方，进一步表明其不合规性。通过使用机器人和用户捐赠数据进行的可靠性评估显示，虽然TikTok的数据下载包提供更一致完整的数据，其他平台则存在明显缺陷。同样，基于400名参与者的调查显示，当前数据下载包在可理解性评估中远未达到GDPR标准。为提升可理解性，我们提出并论证双层改进方案：（1）通过利益相关方解读优化数据呈现形式；（2）集成用户友好型扩展工具（\textit{Know Your Data}），实现用户可自主选择透明度的直观数据可视化。本研究结果强调，需要更清晰且无冲突的监管指引、更严格的执法措施以及平台的实际承诺，方能实现GDPR数据访问权的立法目标。