Automated Detection of GDPR Violations in Cookie Notices Using Machine Learning
OPEN ACCESS
Loading...
Author / Producer
Date
2022-09
Publication Type
Master Thesis
ETH Bibliography
yes
Citations
Altmetric
OPEN ACCESS
Data
Rights / License
Abstract
Privacy regulations such as the General Data Protection Regulation require websites to inform EU-based users of the collection of their data and to request their consent to use non-essential cookies. This led to a global adaptation of cookie notices. Several studies showed that websites’ implementation of cookie notices tends to violate these regulations. However, most of these studies focused on a limited subset of websites, detected only simple violations using prescribed patterns, or restricted their analysis to only the first layer of cookie notices. This master’s thesis addresses these limitations. Our method automatically navigates through cookie notices using several heuristics, extracts their text, observes declared processing purposes and available consent options with Natural Language Processing, and analyzes websites’ cookies. We find that 47% of websites are highly susceptible of collecting users’ data despite negative consent, and that around 61% of cookie notices do not offer users the option to opt-out of consent.
Permanent link
Publication status
published
External links
Editor
Contributors
Book title
Journal / series
Volume
Pages / Article No.
Publisher
ETH Zurich, Department of Computer Science
Event
Edition / version
Methods
Software
Geographic location
Date collected
Date created
Subject
Organisational unit
03634 - Basin, David / Basin, David