Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence

@article{Nouwens2020DarkPA,
  title={Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence},
  author={Midas Nouwens and I. Liccardi and Michael Veale and D. Karger and Lalana Kagal},
  journal={Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems},
  year={2020}
}
New consent management platforms (CMPs) have been introduced to the web to conform with the EU's General Data Protection Regulation, particularly its requirements for consent when companies collect and process users' personal data. This work analyses how the most prevalent CMP designs affect people's consent choices. We scraped the designs of the five most popular CMPs on the top 10,000 websites in the UK (n=680). We found that dark patterns and implied consent are ubiquitous; only 11.8% meet… Expand
Circumvention by design - dark patterns in cookie consent for online news outlets
TLDR
The analysis uncovered a variety of strategies or dark patterns that circumvent the intent of GDPR by design in data collection consent notices from news outlets built to ensure compliance with GDPR. Expand
Consent Management Platforms under the GDPR: processors and/or controllers?
TLDR
It is concluded that CMPs process personal data, and two major CMP providers in the EU: Quantcast and OneTrust are paired with a legal analysis, and multiple scenarios wherein C MPs are controllers are identified. Expand
Dark and bright patterns in cookie consent requests
Dark patterns are (evil) design nudges that steer people’s behaviour through persuasive interface design. Increasingly found in cookie consent requests, they possibly undermine principles of EUExpand
The Impact of the Transparency Consent Framework on Current Programmatic Advertising Practices
TLDR
The impact of the new framework from a programmatic advertising campaign perspective is reflected from a practitioner point of view and implications of missing user consent in five typical techniques which are applied in programmatic campaigns are addressed. Expand
Measuring the Emergence ofConsent Management on the Web
Privacy laws like the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have pushed internet firms processing personal data to obtain user consent. UncertaintyExpand
A Cross-Platform Evaluation of Privacy Notices and Tracking Practices
  • M. Mehrnezhad
  • Computer Science
  • 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
  • 2020
TLDR
The results show that the privacy consent banner is presented to the user in various and inconsistent ways across websites, browsers, and mobile apps, where the majority of these consent notices do not comply with the GDPR. Expand
Will EU’s GDPR Act as an Effective Enforcer to Gain Consent?
TLDR
An automatic tool that can check the consent conditions by checking the websites is proposed and it is found that this tool differentiates itself through qualitative comparisons with other GDPR meters. Expand
Stop the Consent Theater
TLDR
This work provides a bird’s-eye view on privacy-improving approaches beyond individuals’ consent, driven by powerful market forces whose interests oppose users’ privacy expectations – making turnkey solutions difficult. Expand
A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps
TLDR
It is found that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law. Expand
Consent Notices and the Willingness-to-Sell Observational Data: Evidence from User Reactions in the Field
TLDR
This work examined in cooperation with a fashion retailer in Germany how consumers react when they are presented a coupon for the website’s shop in the moment of cookie consent decision, and elicited consumers’ willingnesses-to-sell (WTS) for cookie consent. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 83 REFERENCES
(Un)informed Consent: Studying GDPR Consent Notices in the Field
TLDR
This work identifies common properties of the graphical user interface of consent notices and conducts three experiments with more than 80,000 unique users on a German website to investigate the influence of notice position, type of choice, and content framing on consent. Expand
Uncovering the Flop of the EU Cookie Law
TLDR
CookieCheck is engineer, a simple tool that makes this check automatic on whether a website respects the ePrivacy Directive, and results depict a dramatic picture: 65% of websites do not respect the Directive and install tracking cookies before the user is even offered the accept button. Expand
Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control
TLDR
It is found that the GDPR has impacted website behavior in a truly global way, both directly and indirectly: USA-based websites behave similarly to EU-based ones, while third-party opt-out services reduce the amount of tracking even for websites which do not put any effort in respecting the new law. Expand
A Contextual Approach to Privacy Online
Abstract Recent media revelations have demonstrated the extent of third-party tracking and monitoring online, much of it spurred by data aggregation, profiling, and selective targeting. How toExpand
Privacy policies as decision-making tools: an evaluation of online privacy notices
TLDR
This paper evaluates the usability of online privacy policies, as well as the practice of posting them, and determines that significant changes need to be made to current practice to meet regulatory and usability requirements. Expand
Tales from the Dark Side: Privacy Dark Strategies and Privacy Dark Patterns
TLDR
This paper introduces the concept of privacy dark strategies and privacy dark patterns and presents a framework that collects, documents, and analyzes such malicious concepts, allowing for a better understanding of these dark concepts, fosters awareness, and supports the development of countermeasures. Expand
4 Years of EU Cookie Law: Results and Lessons Learned
TLDR
A large-scale measurement campaign is run to check the current implementation status of the EU cookie directive and casts lights on the difficulty of legislator attempts to regulate the troubled marriage between ad-supported web services and their users. Expand
We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy
TLDR
It is concluded that the GDPR is making the web more transparent, but there is still a lack of both functional and usable mechanisms for users to consent to or deny processing of their personal data on the Internet. Expand
Do Cookie Banners Respect my Choice? : Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework
TLDR
This work analyzes the GDPR and the ePrivacy Directive to identify potential legal violations in implementations of cookie banners based on the storage of consent and detects such suspected violations by crawling 1 426 websites that contains TCF banners. Expand
Peeking into the cookie jar: the European approach towards the regulation of cookies
  • E. Kosta
  • Business, Computer Science
  • Int. J. Law Inf. Technol.
  • 2013
TLDR
This article will study the new requirements set out in Article 5(3) of the ePrivacy Directive, as well as the background leading to their adoption, and discuss how the consent of the user can be given in relation to cookies in a valid way. Expand
...
1
2
3
4
5
...