Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Santos, Cristiana; Rossi, Arianna; Sanchez Chamorro, Lorena; Bongard, Kerstin; Abu-Salma, Ruba

Download

Paper published in a journal (Scientific congresses, symposiums and conference proceedings)

Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Santos, Cristiana; Rossi, Arianna; Sanchez Chamorro, Lorena et al.

2021 • In Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21)

Peer reviewed

Permalink
https://hdl.handle.net/10993/48253

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

WPES_cookie banners.pdf

Author preprint (386.5 kB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Keywords :

Security; Privacy; User experience

Abstract :

[en] A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on evaluating the user interface (UI) design of cookie banners, this paper presents an in-depth analysis of what cookie banners say to users to get their consent. We took an interdisciplinary approach to determining what cookie banners should say. Following the legal requirements of the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR), we manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU. We focused on analyzing the purposes of cookie banners and how these purposes were expressed (e.g., any misleading or vague language, any use of jargon). We found that 89% of cookie banners violated applicable laws. In particular, 61% of banners violated the purpose specificity requirement by mentioning vague purposes, including “user experience enhancement”. Further, 30% of banners used positive framing, breaching the freely given and informed consent requirements. Based on these findings, we provide recommendations that regulators can find useful. We also describe future research directions.

Disciplines :

European & international law

Author, co-author :

Santos, Cristiana ^✱; Utrecht Universtity

Rossi, Arianna ^✱; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > IRiSC

Sanchez Chamorro, Lorena ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)

Bongard, Kerstin ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS) ; University of Luxembourg > Faculty of Humanities, Education and Social Sciences (FHSE) > Department of Behavioural and Cognitive Sciences (DBCS)

Abu-Salma, Ruba; King’s College London > Computer Science > Cybersecurity Group

^✱ These authors have contributed equally to this work.

External co-authors :

yes

Language :

English

Title :

Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Publication date :

15 November 2021

Event name :

20th Workshop on Privacy in the Electronic Society

Event place :

Seoul, South Korea

Event date :

15-10-2021

Audience :

International

Journal title :

Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21)

Publisher :

ACM, New York, United States - New York

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

FnR Project :

FNR14717072 - Deceptive Patterns Online, 2020 (01/06/2021-31/05/2024) - Gabriele Lenzini

Funders :

FNR - Fonds National de la Recherche [LU]

Available on ORBilu :

since 06 October 2021

Statistics

Number of views

235 (44 by Unilu)

Number of downloads

224 (17 by Unilu)

More statistics