Reference : Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens
Scientific congresses, symposiums and conference proceedings : Paper published in a journal
Law, criminology & political science : European & international law
Security, Reliability and Trust
http://hdl.handle.net/10993/48253
Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens
English
Santos, Cristiana* mailto [Utrecht Universtity]
Rossi, Arianna* mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC >]
Sanchez Chamorro, Lorena mailto [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)]
Bongard, Kerstin mailto [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS) > ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)]
Abu-Salma, Ruba mailto [King’s College London > Computer Science > Cybersecurity Group]
* These authors have contributed equally to this work.
15-Nov-2021
In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21)
ACM
Yes
No
International
New York
NY
20th Workshop on Privacy in the Electronic Society
15-10-2021
Seoul
South Korea
[en] Security ; Privacy ; User experience
[en] A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on
evaluating the user interface (UI) design of cookie banners, this paper presents an in-depth analysis of what cookie banners say to users to get their consent. We took an interdisciplinary approach
to determining what cookie banners should say. Following the legal requirements of the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR), we manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU. We focused on analyzing the purposes of cookie banners and how these purposes
were expressed (e.g., any misleading or vague language, any use of jargon). We found that 89% of cookie banners violated applicable laws. In particular, 61% of banners violated the purpose specificity
requirement by mentioning vague purposes, including “user experience enhancement”. Further, 30% of banners used positive framing, breaching the freely given and informed consent requirements.
Based on these findings, we provide recommendations that regulators can find useful. We also describe future research directions.
Fonds National de la Recherche - FnR
Researchers ; Professionals ; General public
http://hdl.handle.net/10993/48253
FnR ; FNR14717072 > Gabriele Lenzini > DECEPTICON > Deceptive Patterns Online > 01/06/2021 > 31/05/2024 > 2020

File(s) associated to this reference

Fulltext file(s):

FileCommentaryVersionSizeAccess
Open access
WPES_cookie banners.pdfAuthor preprint377.44 kBView/Open

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.