Legitimate Interest is the New Consent -- Large-Scale Measurement and
Legal Compliance of IAB Europe TCF Paywalls
- URL: http://arxiv.org/abs/2309.11625v3
- Date: Fri, 13 Oct 2023 14:22:17 GMT
- Title: Legitimate Interest is the New Consent -- Large-Scale Measurement and
Legal Compliance of IAB Europe TCF Paywalls
- Authors: Victor Morel, Cristiana Santos, Viktor Fredholm, Adam Thunberg
- Abstract summary: We study the prevalence of cookie paywalls on the top one million websites using an automatic crawler.
We identify 431 cookie paywalls, all using the Transparency and Consent Framework (TCF)
We observe that cookie paywalls extensively rely on legitimate interest legal basis systematically conflated with consent.
- Score: 2.5944208050492183
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: Cookie paywalls allow visitors of a website to access its content only after
they make a choice between paying a fee or accept tracking. European Data
Protection Authorities (DPAs) recently issued guidelines and decisions on
paywalls lawfulness, but it is yet unknown whether websites comply with them.
We study in this paper the prevalence of cookie paywalls on the top one million
websites using an automatic crawler. We identify 431 cookie paywalls, all using
the Transparency and Consent Framework (TCF). We then analyse the data these
paywalls communicate through the TCF, and in particular, the legal grounds and
the purposes used to collect personal data. We observe that cookie paywalls
extensively rely on legitimate interest legal basis systematically conflated
with consent. We also observe a lack of correlation between the presence of
paywalls and legal decisions or guidelines by DPAs.
Related papers
- Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies.
This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
arXiv Detail & Related papers (2024-11-18T20:32:31Z) - To Be or Not to Be (in the EU): Measurement of Discrepancies Presented in Cookie Paywalls [0.0]
This study explores the effects of three factors: 1) the clients' browser, 2) the device type (desktop or mobile), and 3) the geographic location on the presence and behavior of cookie paywalls.
Using an automatic crawler on our dataset composed of 804 websites that present a cookie paywall, we observed that the presence of a cookie paywall was most affected by the geographic location of the user.
arXiv Detail & Related papers (2024-10-09T14:18:12Z) - Are LLM-based methods good enough for detecting unfair terms of service? [67.49487557224415]
Large language models (LLMs) are good at parsing long text-based documents.
We build a dataset consisting of 12 questions applied individually to a set of privacy policies.
Some open-source models are able to provide a higher accuracy compared to some commercial models.
arXiv Detail & Related papers (2024-08-24T09:26:59Z) - Consent in Crisis: The Rapid Decline of the AI Data Commons [74.68176012363253]
General-purpose artificial intelligence (AI) systems are built on massive swathes of public web data.
We conduct the first, large-scale, longitudinal audit of the consent protocols for the web domains underlying AI training corpora.
arXiv Detail & Related papers (2024-07-20T16:50:18Z) - Measuring Compliance with the California Consumer Privacy Act Over Space and Time [7.971611687303297]
The California Consumer Privacy Act (CCPA) mandates that online businesses offer consumers the option to opt out of the sale and sharing of personal information.
Our study automatically tracks the presence of the opt-out link longitudinally across multiple states after the California Privacy Rights Act (CPRA) went into effect.
We find a number of websites that implement the opt-out link early and across all examined states but also find a significant number of CCPA-subject websites that fail to offer any opt-out methods even when CCPA is in effect.
arXiv Detail & Related papers (2024-03-25T21:57:31Z) - Crumbled Cookie Exploring E-commerce Websites Cookie Policies with Data
Protection Regulations [7.515555018682104]
Many websites continue to use cookies to track user activities.
Motivated by the question of why these data protection violations occur, we examined whether websites in multiple countries comply with regulations.
arXiv Detail & Related papers (2024-01-11T10:49:14Z) - A User-Driven Framework for Regulating and Auditing Social Media [94.70018274127231]
We propose that algorithmic filtering should be regulated with respect to a flexible, user-driven baseline.
We require that the feeds a platform filters contain "similar" informational content as their respective baseline feeds.
We present an auditing procedure that checks whether a platform honors this requirement.
arXiv Detail & Related papers (2023-04-20T17:53:34Z) - Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning.
By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z) - Your Consent Is Worth 75 Euros A Year -- Measurement and Lawfulness of
Cookie Paywalls [2.2175470459999636]
Cookie walls and paywalls, used to retrieve consent, recently generated interest from EU DPAs and seemed to have grown in popularity.
We present in this paper the results of an exploratory study conducted on 2800 Central European websites to measure the presence and practices of cookie paywalls.
arXiv Detail & Related papers (2022-09-20T18:43:50Z) - Having your Privacy Cake and Eating it Too: Platform-supported Auditing
of Social Media Algorithms for Public Interest [70.02478301291264]
Social media platforms curate access to information and opportunities, and so play a critical role in shaping public discourse.
Prior studies have used black-box methods to show that these algorithms can lead to biased or discriminatory outcomes.
We propose a new method for platform-supported auditing that can meet the goals of the proposed legislation.
arXiv Detail & Related papers (2022-07-18T17:32:35Z) - The Impact of User Location on Cookie Notices (Inside and Outside of the
European Union) [3.719580143660037]
We crawl 1,500 European, American, and Canadian websites from each of 18 countries.
Using a series of regression models, we find that the website's Top Level Domain explains a substantial portion of the variance in cookie notice metrics.
There is one exception to this finding: cookie notices differ when accessing.com domains from inside versus outside of the EU.
arXiv Detail & Related papers (2021-10-19T10:42:39Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.