Accept All: The Landscape of Cookie Banners in Greece and the UK

@inproceedings{Kampanos2021AcceptAT,
  title={Accept All: The Landscape of Cookie Banners in Greece and the UK},
  author={Georgios Kampanos and Siamak Fayyaz Shahandashti},
  booktitle={SEC},
  year={2021}
}
Cookie banners are devices implemented by websites to allow users to manage their privacy settings with respect to the use of cookies. They are part of a user’s daily web browsing experience since legislation in Europe requires websites to show such notices. In this paper, we carry out a large-scale study of more than 17,000 websites including more than 7,500 cookie banners in Greece and the UK to determine compliance and tracking transparency levels. Our analysis shows that although more than… 
Cookie Banners, What's the Purpose?: Analyzing Cookie Banner Text Through a Legal Lens
TLDR
This paper manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU and found that 89% of cookie banners violated applicable laws.
Automating Cookie Consent and GDPR Violation Detection
TLDR
A browser extension that uses machine learning to enforce GDPR cookie consent at the client, and automatically categorizes cookies by usage purpose using only the information provided in the cookie itself, which attains a prediction quality competitive with expert knowledge in the industry.
Dark Patterns in the Wild: Review of Cookie Disclaimer Designs on Top 500 German Websites
TLDR
Examining and classifying the cookie disclaimers on the 500 most popular websites in Germany concludes that both raising user awareness as well as addressing dark patterns from a legal point of view is needed.
CookieEnforcer: Automated Cookie Notice Analysis and Enforcement
TLDR
This work develops CookieEnforcer, a new system for automatically discovering cookie notices and deciding on the options that result in disabling all non-essential cookies, and demonstrates the ability to reduce the user effort via an end-to-end accuracy evaluation.
Automated detection of dark patterns in cookie banners: how to do it poorly and why it is hard to do it any other way
TLDR
An in-depth analysis of the interdisciplinary challenges that automated dark pattern detection poses to artificial intelligence is provided and the accuracy of the trained model is promising, but allows a lot of room for improvement.
”I am Definitely Manipulated, Even When I am Aware of it. It’s Ridiculous!” - Dark Patterns from the End-User Perspective
TLDR
It is found that respondents, especially younger ones, often recognise the ”darkness” of certain designs, but remain unsure of the actual harm they may suffer, and a set of interventions are discussed in the light of the findings.
Narrowing Data Protection's Enforcement Gap
  • F. Lancieri
  • Political Science
    SSRN Electronic Journal
  • 2021
The rise of data protection laws is one of the most profound legal changes of this century. Yet, despite their nominal force and widespread adoption, available data indicates that these laws
Context, Prioritization, and Unexpectedness: Factors Influencing User Attitudes About Infographic and Comic Consent annika.selzer@sit.fraunhofer.deFraunhoferInstituteforSecureInformationTechnologyDarmstadt,Germany
TLDR
It is found that time, information prioritization, tone, and audience fit are crucial when individuals are invited to disclose their information and the infographic is a better fit in biomedical scenarios.

References

SHOWING 1-10 OF 16 REFERENCES
The Impact of User Location on Cookie Notices (Inside and Outside of the European Union)
TLDR
Using a series of regression models, it is found that the website’s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not, which suggests that websites follow one set of privacy rules for all their users.
Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework
TLDR
This work analyzes the GDPR and the ePrivacy Directive to identify potential legal violations in implementations of cookie banners based on the storage of consent and detects such suspected violations by crawling 1 426 websites that contains TCF banners.
(Un)informed Consent: Studying GDPR Consent Notices in the Field
TLDR
This work identifies common properties of the graphical user interface of consent notices and conducts three experiments with more than 80,000 unique users on a German website to investigate the influence of notice position, type of choice, and content framing on consent.
We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy
TLDR
It is concluded that the GDPR is making the web more transparent, but there is still a lack of both functional and usable mechanisms for users to consent to or deny processing of their personal data on the Internet.
"This Website Uses Cookies": Users' Perceptions and Reactions to the Cookie Disclaimer
TLDR
An explorative user study is conducted in order to investigate the users’ perceptions of cookies when seeing the cookie disclaimer, the users' reactions to such a disclaimer and different factors that influence the Users’ decision to leave or continue using the website.
An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites
TLDR
An extensive content analysis of a stratified sample of 150 Englishlanguage websites, assessing the usability and interaction paths of their data deletion options and opt-outs for email communications and targeted advertising, identified substantial issues that likely make exercising privacy choices on many websites difficult and confusing for US-based consumers.
Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence
TLDR
This study provides an empirical basis for the necessary regulatory action to enforce the GDPR, in particular the possibility of focusing on the centralised, third-party CMP services as an effective way to increase compliance.
Tranco: A Research-Oriented Top Sites Ranking Hardened Against Manipulation
TLDR
It is found that it is trivial for an adversary to manipulate the composition of these lists, and the first to empirically validate that the ranks of domains in each of the lists are easily altered through as little as a single HTTP request.
Online Tracking: A 1-million-site Measurement and Analysis
TLDR
The largest and most detailed measurement of online tracking conducted to date, based on a crawl of the top 1 million websites, is presented, which demonstrates the OpenWPM platform's strength in enabling researchers to rapidly detect, quantify, and characterize emerging online tracking behaviors.
Directive 2003/98/EC of the European Parliament and of the Council
(2) Directive 77/536/EEC is one of the separate Directives of the EC type-approval system provided for in Council Directive 74/150/EEC of 4 March 1974 on the approxi­ mation of the laws of the Member
...
...