Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Santos, Cristiana; Rossi, Arianna; Sanchez Chamorro, Lorena; Bongard, Kerstin; Abu-Salma, Ruba

Reference : Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens


	Document type :	Scientific congresses, symposiums and conference proceedings : Paper published in a journal
	Discipline(s) :	Law, criminology & political science : European & international law
	Focus Areas :	Security, Reliability and Trust
	To cite this reference:	http://hdl.handle.net/10993/48253

Title :	Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens
Language :	English
Author, co-author :	Santos, Cristiana* [Utrecht Universtity]
	Rossi, Arianna* [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC >]
	Sanchez Chamorro, Lorena [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)]
	Bongard, Kerstin [University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS) > ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)]
	Abu-Salma, Ruba [King’s College London > Computer Science > Cybersecurity Group]
	* These authors have contributed equally to this work.
Publication date :	15-Nov-2021
Journal title :	Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21)
Publisher :	ACM
Peer reviewed :	Yes
On invitation :	No
Audience :	International
City :	New York
Country :	NY
Event name :	20th Workshop on Privacy in the Electronic Society
Event date :	15-10-2021
Event place (city) :	Seoul
Event country :	South Korea
Keywords :	[en] Security ; Privacy ; User experience
Abstract :	[en] A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on evaluating the user interface (UI) design of cookie banners, this paper presents an in-depth analysis of what cookie banners say to users to get their consent. We took an interdisciplinary approach to determining what cookie banners should say. Following the legal requirements of the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR), we manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU. We focused on analyzing the purposes of cookie banners and how these purposes were expressed (e.g., any misleading or vague language, any use of jargon). We found that 89% of cookie banners violated applicable laws. In particular, 61% of banners violated the purpose specificity requirement by mentioning vague purposes, including “user experience enhancement”. Further, 30% of banners used positive framing, breaching the freely given and informed consent requirements. Based on these findings, we provide recommendations that regulators can find useful. We also describe future research directions.
Funders :	Fonds National de la Recherche - FnR
Target :	Researchers ; Professionals ; General public
Permalink :	http://hdl.handle.net/10993/48253
FnR project :	FnR ; FNR14717072 > Gabriele Lenzini > DECEPTICON > Deceptive Patterns Online > 01/06/2021 > 31/05/2024 > 2020

File(s) associated to this reference

Fulltext file(s):

	File	Commentary	Version	Size	Access
Open access	WPES_cookie banners.pdf		Author preprint	377.44 kB	View/Open

All documents in ORBi^lu are protected by a user license.

University of Luxembourg Library | Feedback | Legal notices