120 likes | 137 Views
Explore the effects of GDPR on web privacy through a comprehensive study on cookie consent notices and privacy policies. Discover insights, challenges, and potential improvements for harmonizing data laws worldwide.
E N D
We value your privacy… Now take some cookies:Measuring the GDPR’s impact on web privacy Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz Emilie Pearce 07 October 2019
Agenda • Background • Problem • Solution and Research • Evaluation and Results • Issues and Limitations • Improvements • Questions
Background Technical Motivation Monitoring how GDPR effects websites, web privacy and transparency • Previous data laws • GDPR • Different solutions to track, or stop tracking users • Types of ads shown • Displaying policies to users in readable fashion Legal
The Problem Need to harmonize data laws in EU and world Privacy policies aren’t consistent, aren’t everywhere and aren’t unified across countries
Solution and Research Cookie Consent Study • Site manually inspected • Cookie notices categorized depending on sophistication • Cookie consent libraries downloaded • Cookie consent implemented GDPR Privacy Policy Study • Automated search • Manual review • Used archive data to find previous studies • Data cleaning
Evaluation and Results No formal evaluation of solution as paper is purely research. RESULTS GATHERED FROM RESEARCH: • Privacy policy increase More were added Most were amended ie. Content Tracking and cookies HTTPS adoption
Most visible effect is in cookie consent notifications • Cookie consent notices jumped Cookie consent libraries studied Existing libraries are a challenge • Different types of cookie banners No option/confirmation Binary (min required) Sliders Options Vendors Figure 1: Cookie Consent notices examples
Criticism Issues • Harmonization is still not met • Need more detailed policies, too much grey area • Policies are long, full of jargon and difficult to read • GDPR was meant to try and fix this but only made it worse • No consistency between browsers • Even when given all these options, users still don’t know what to do • Websites may copy policies form other sites
Criticism Improvements/Extensions Limitations • ePrivacy Regulation might fix some things [1] • Give summaries/shorter policies • Consistency between countries/laws • And finally the paper could be extended, or something similar done on app permissions and privacy. The top website lists are unstable Some websites changed behaviour when automated Only looked at EU sites (while 54% were in the US too)
Summary GDPR has positive effects on web privacy There still isn’t technical standards on policies Cookie consent notices are in more sites now GDPR affected not just EU companies, but groups globally
References • [1] M. Degeling, C. Utz, C. Lentzsch, H. Hosseini, F. Schaub and T. Holz, "We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy", Proceedings 2019 Network and Distributed System Security Symposium, 2019. Available: 10.14722/ndss.2019.23378 • [2] "What does the ePrivacy Regulation mean for the online industry? - ePrivacy", Eprivacy.eu, 2019. [Online]. Available: https://www.eprivacy.eu/en/news/news- detail/article/what-does-the-eprivacy-regulation-mean- for-the-online-industry/.
Thank You Questions