Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- (Un)informed Consent:
- Studying GDPR Consent Notices in the Field
- Christine Utz Martin Degeling Sascha Fahl
- Ruhr-Universitit Bochum Ruhr-Universitit Bochum Ruhr-Universitit Bochum
- Bochum, Germany Bochum, Germany Bochum, Germany
- christine.utz@rub.de martin.degeling@rub.de sascha. fahl@rub.de
- Florian Schaub Thorsten Holz
- University of Michigan Ruhr-Universitit Bochum
- Ann Arbor, Michigan Bochum, Germany
- fschaub@umich.edu thorsten.holz@rub.de
- ABSTRACT ‘These new laws uphold the idea of informational self-determination
- After theadoption of the General Data Protection Regulation (GDPR) by increasing transparency requirements for companies’ data col-
- in May 2018, more than 60 % of popular websites in Europe were ~ lection practices and strengthening individuals’ rights regarding
- found to display a cookie consent notice. This has quickly led to their personal data. In the European Union, the GDPR's impact
- users becoming fatigued with privacy notifications and contributed ~ Was twofold. While the number of third-party services on web-
- to the rise of both browser extensions that block these banners ~ sites barely changed [37], they instead now ask users for consent
- and demands for a solution that bundles consent across multiple ~ Prior to setting cookies in their browser. An increasing number of
- websites or in the browser. In this work, we identify common prop- Websites now display (cookie) consent notics, often referred to as
- erties of the graphical user interface of consent notices and conduct cookie banners”. Their design and complexity greatly vary - the
- three studies with more than 50,000 unique users on a German Simplest notices merely state that the website uses cookies without
- website to investigate their influence on consent. We find thatusers ~ any details or options, while the most complex allow visitors to
- are more likely to interact with a notice shown in the lower (left) individually (de)select cach third-party service used by the website.
- part of the sereen. Given a binary choice, more users are willing 1 mid-2018, about 627 of popular websites in the EU were found
- to accept tracking compared to mechanisms that require them to 1o display a consent notice, an increase of up to 45 percentage
- allow cookie use for cach category or company individually, We ~ Points in some countries [10]. Paired with the fact that consent
- also show that the practice of nudging is widely uscd and hasalarge ~ otices often cover parts of the website’s main content, this high
- effect on the choices users make. Our studics have implications for Prevalence hasled website visitors to become fatigued with consent
- future regulations and the design of consent notices that encourage ~ mechanisms [6]. Consequently, tools have emerged that provide
- users ta actively make an informed choice. pragmatic workarounds - one example is the ‘I don't care about
- ACM Reference Format cookies” browser extension [19]. But oftentimes this only leads to
- Christine Utz, Martin Degeling, Sascha Fahl, Florian Schaub, and Thorsten dateollection taldng place withutcansent sinde the de fuult i
- Holz. 2019. (Un)informed Consent: Studying GDPR Consent Notices in the manyweblites 15 {6, employ user Hacking unless the'visitor has
- Field. In 2019 ACM SIGSAC Conference on Computer and Communications ~ ©Pted out [16], and 80% of popular EU websites do not offer any
- Security (CCS’19), November 11-15, 2019, London, United Kingdom. ACM, type of opt out at all [10].
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement