Show simple item record

dc.contributor.author
Ganz, Rita
dc.contributor.supervisor
Kubicek, Karel
dc.contributor.supervisor
Basin, David
dc.date.accessioned
2022-03-04T13:22:07Z
dc.date.available
2022-03-04T12:38:47Z
dc.date.available
2022-03-04T12:49:03Z
dc.date.available
2022-03-04T13:22:07Z
dc.date.issued
2022-02-18
dc.identifier.uri
http://hdl.handle.net/20.500.11850/535362
dc.identifier.doi
10.3929/ethz-b-000535362
dc.description.abstract
Tracking and data collection on the World Wide Web are ever-present. Privacy laws, such as the General Data Protection Regulation (GDPR) of the European Union, have come into effect to address user tracking. To comply with GDPR, websites use consent banners informing users about tracking and giving acceptance choices; these are server-side tracking-prevention mechanisms. Independently, ad- and trackingblockers provide client-side protection. We investigated tracking pixels and their treatment by consent declarations and filter lists to enhance our understanding of privacy risk and GDPR compliance. We collected tracking pixels and images together with their purpose labels from websites with detailed consent notices. Using this dataset we trained an XGBoost model to predict purposes with mean balanced accuracy of 95.84 ± 4.20%. We compared classifications by the model, the consent declarations, and the filter lists, finding strong overall agreement, but also wrongly blocked normal images and rare trackers missed by filter lists. Our model and data collected from consent declarations may help improve privacy lists. In our dataset, 62.8% of sites contained possible tracking pixels that were not found in consent notices, 5.9% of sites contained pixels matched to a potentially wrong outlier label, and 0.7% of sites declared a wrong purpose for Google Analytics pixel, all of which may indicate possible GDPR violations.
en_US
dc.format
application/pdf
en_US
dc.language.iso
en
en_US
dc.publisher
ETH Zurich
en_US
dc.rights.uri
http://rightsstatements.org/page/InC-NC/1.0/
dc.subject
GDPR
en_US
dc.subject
Tracking Pixel
en_US
dc.subject
Privacy
en_US
dc.title
Understanding GDPR compliance of tracking pixel declarations using privacy filter lists
en_US
dc.type
Bachelor Thesis
dc.rights.license
In Copyright - Non-Commercial Use Permitted
ethz.size
66 p.
en_US
ethz.publication.place
Zurich
en_US
ethz.publication.status
published
en_US
ethz.leitzahl
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03634 - Basin, David / Basin, David
en_US
ethz.leitzahl.certified
ETH Zürich::00002 - ETH Zürich::00012 - Lehre und Forschung::00007 - Departemente::02150 - Dep. Informatik / Dep. of Computer Science::02660 - Institut für Informationssicherheit / Institute of Information Security::03634 - Basin, David / Basin, David
en_US
ethz.date.deposited
2022-03-04T12:38:53Z
ethz.source
FORM
ethz.eth
yes
en_US
ethz.availability
Open access
en_US
ethz.rosetta.installDate
2022-03-04T13:22:15Z
ethz.rosetta.lastUpdated
2023-02-07T00:18:49Z
ethz.rosetta.versionExported
true
ethz.COinS
ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.atitle=Understanding%20GDPR%20compliance%20of%20tracking%20pixel%20declarations%20using%20privacy%20filter%20lists&rft.date=2022-02-18&rft.au=Ganz,%20Rita&rft.genre=unknown&rft.btitle=Understanding%20GDPR%20compliance%20of%20tracking%20pixel%20declarations%20using%20privacy%20filter%20lists
 Search print copy at ETH Library

Files in this item

Thumbnail

Publication type

Show simple item record