Media users' and professionals' responses to personal data receipts: A mixed methods study

European General Data Protection Regulation requires organisations to request the data subject’s consent for personal data processing. Data controllers must be able to demonstrate valid consent was obtained (‘transparency’). Media often struggle to meet GDPR requirements in practice. We identified several issues with existing consent procedures amongst which a need for trustworthy approaches to record and track consent. In this article, we evaluate a specific transparency initiative: a Personal Data Receipt (PDR) for news personalisation. We investigated how European media users and media professionals evaluated the PDR. We conducted qualitative surveys and interviews to explore and describe individuals’ viewpoints on/responses to the PDR. The main strengths highlighted in this study are: GDPR compliance and improved data processing transparency which leads to more control and user trust. PDR weaknesses are mainly related to users not reading the receipt, lack/overload of information, and design issues. Based on our findings, we identified missing elements and formulated recommendations for PDR improvement to optimise consent strategies. By examining how individuals responded to this specific transparency tool, and rhetorical tactics connected to it (placation, diversion, jargon, and misnaming), our study provides informed suggestions for ways out of digital resignation (Draper & Turow, 2019).