Understanding GDPR compliance of tracking pixel declarations using privacy filter lists
Open access
Author
Date
2022-02-18Type
- Bachelor Thesis
ETH Bibliography
yes
Altmetrics
Abstract
Tracking and data collection on the World Wide Web are ever-present. Privacy laws, such as the General Data Protection Regulation (GDPR) of the European Union, have come into effect to address user tracking. To comply with GDPR, websites use consent banners informing users about tracking and giving acceptance choices; these are server-side tracking-prevention mechanisms. Independently, ad- and trackingblockers provide client-side protection. We investigated tracking pixels and their treatment by consent declarations and filter lists to enhance our understanding of privacy risk and GDPR compliance.
We collected tracking pixels and images together with their purpose labels from websites with detailed consent notices. Using this dataset we trained an XGBoost model to predict purposes with mean balanced accuracy of 95.84 ± 4.20%. We compared classifications by the model, the consent declarations, and the filter lists, finding strong overall agreement, but also wrongly blocked normal images and rare trackers missed by filter lists. Our model and data collected from consent declarations may help improve privacy lists.
In our dataset, 62.8% of sites contained possible tracking pixels that were not found in consent notices, 5.9% of sites contained pixels matched to a potentially wrong outlier label, and 0.7% of sites declared a wrong purpose for Google Analytics pixel, all of which may indicate possible GDPR violations. Show more
Permanent link
https://doi.org/10.3929/ethz-b-000535362Publication status
publishedPublisher
ETH ZurichSubject
GDPR; Tracking Pixel; PrivacyOrganisational unit
03634 - Basin, David / Basin, David
More
Show all metadata
ETH Bibliography
yes
Altmetrics