Public bodies and private corporations including internet giant Google are flouting the public's right to access personal data being held on them, according to a major new international study.
Researchers found that nearly half of data holders either failed to disclose the private information they stored on citizens or did not give a legitimate reason for not doing so when asked.
Among the organisations contacted in the pan-European study carried out by Sheffield University were banks, healthcare providers, supermarkets, universities, security firms as well as the United States search-engine company.
Attempts to find information were routinely met with serial malpractice as well as obfuscation and ignorance of obligations under the law, it was claimed.
Campaigners described the findings as "shocking" and accused regulators and legislators of failing to safeguard citizens' rights.
Professor Clive Norris who led the study - part of the Increasing Resilience in Surveillance Societies project - said individuals handed over private data on a daily basis, creating "vast and invisible reservoirs of personal information".
"The challenge for all of us is that our information is often kept from us, despite the law and despite our best efforts to access it," he said
"In our view, there is an urgent requirement for policymakers to address the failure of law at the European level and its implementation into national law."
Under the EU Data Protection Directive, which has been enshrined in domestic laws in Europe since 1998 and is set to be updated in the new Parliament, individuals have a right to be told what data is held on them - such as criminal and health records, loyalty card details and CCTV images.