1 / 12

We value your privacy… Now take some cookies: Measuring the GDPR’s impact on web privacy

We value your privacy… Now take some cookies: Measuring the GDPR’s impact on web privacy. Martin Degeling , Christine Utz, Christopher Lentzsch , Henry Hosseini, Florian Schaub, Thorsten Holz. Emilie Pearce 07 October 2019. Agenda. Background Problem Solution and Research

aweiss
Télécharger la présentation

We value your privacy… Now take some cookies: Measuring the GDPR’s impact on web privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. We value your privacy… Now take some cookies:Measuring the GDPR’s impact on web privacy Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, Thorsten Holz Emilie Pearce 07 October 2019

  2. Agenda • Background • Problem • Solution and Research • Evaluation and Results • Issues and Limitations • Improvements • Questions

  3. Background Technical Motivation Monitoring how GDPR effects websites, web privacy and transparency • Previous data laws • GDPR • Different solutions to track, or stop tracking users • Types of ads shown • Displaying policies to users in readable fashion Legal

  4. The Problem Need to harmonize data laws in EU and world Privacy policies aren’t consistent, aren’t everywhere and aren’t unified across countries

  5. Solution and Research Cookie Consent Study • Site manually inspected • Cookie notices categorized depending on sophistication • Cookie consent libraries downloaded • Cookie consent implemented GDPR Privacy Policy Study • Automated search • Manual review • Used archive data to find previous studies • Data cleaning

  6. Evaluation and Results No formal evaluation of solution as paper is purely research. RESULTS GATHERED FROM RESEARCH: • Privacy policy increase More were added Most were amended ie. Content Tracking and cookies HTTPS adoption

  7. Most visible effect is in cookie consent notifications • Cookie consent notices jumped Cookie consent libraries studied Existing libraries are a challenge • Different types of cookie banners No option/confirmation Binary (min required) Sliders Options Vendors Figure 1: Cookie Consent notices examples

  8. Criticism Issues • Harmonization is still not met • Need more detailed policies, too much grey area • Policies are long, full of jargon and difficult to read • GDPR was meant to try and fix this but only made it worse • No consistency between browsers • Even when given all these options, users still don’t know what to do • Websites may copy policies form other sites

  9. Criticism Improvements/Extensions Limitations • ePrivacy Regulation might fix some things [1] • Give summaries/shorter policies • Consistency between countries/laws • And finally the paper could be extended, or something similar done on app permissions and privacy. The top website lists are unstable Some websites changed behaviour when automated Only looked at EU sites (while 54% were in the US too)

  10. Summary GDPR has positive effects on web privacy There still isn’t technical standards on policies Cookie consent notices are in more sites now GDPR affected not just EU companies, but groups globally

  11. References • [1] M. Degeling, C. Utz, C. Lentzsch, H. Hosseini, F. Schaub and T. Holz, "We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy", Proceedings 2019 Network and Distributed System Security Symposium, 2019. Available: 10.14722/ndss.2019.23378 • [2] "What does the ePrivacy Regulation mean for the online industry? - ePrivacy", Eprivacy.eu, 2019. [Online]. Available: https://www.eprivacy.eu/en/news/news- detail/article/what-does-the-eprivacy-regulation-mean- for-the-online-industry/.

  12. Thank You Questions

More Related