Measuring Compliance of Consent Revocation on the Web
- URL: http://arxiv.org/abs/2411.15414v3
- Date: Thu, 22 May 2025 22:15:43 GMT
- Title: Measuring Compliance of Consent Revocation on the Web
- Authors: Gayatri Priyadarsini Kancherla, Nataliia Bielova, Cristiana Santos, Abhishek Bichhawat,
- Abstract summary: No prior work has studied consent revocation on the Web.<n> 19.87% of websites make it difficult for users to revoke consent throughout different interfaces.<n>20.5% of websites require more effort than acceptance, and 2.48% do not provide consent revocation at all.<n>57.5% websites do not delete the cookies after consent revocation enabling continuous illegal processing of users' data.
- Score: 6.397084532913525
- License: http://creativecommons.org/licenses/by/4.0/
- Abstract: The GDPR requires websites to facilitate the right to revoke consent from Web users. While numerous studies measured compliance of consent with the various consent requirements, no prior work has studied consent revocation on the Web. Therefore, it remains unclear how difficult it is to revoke consent on the websites' interfaces, nor whether revoked consent is properly stored and communicated behind the user interface. Our work aims to fill this gap by measuring compliance of consent revocation on the Web on the top-200 websites. We found that 19.87% of websites make it difficult for users to revoke consent throughout different interfaces, 20.5% of websites require more effort than acceptance, and 2.48% do not provide consent revocation at all, thus violating legal requirements for valid consent. 57.5% websites do not delete the cookies after consent revocation enabling continuous illegal processing of users' data. Moreover, we analyzed 281 websites implementing the IAB Europe TCF, and found 22 websites that store a positive consent despite user's revocation. Surprisingly, we found that on 101 websites, third parties that have received consent upon user's acceptance, are not informed of user's revocation, leading to the illegal processing of users' data by such third parties. Our findings emphasise the need for improved legal compliance of consent revocation, and proper, consistent, and uniform implementation of revocation communication and data deletion practices.
Related papers
- Analysis of Terms of Service on Social Media Platforms: Consent Challenges and Assessment Metrics [2.0304958287672448]
Social media platforms typically obtain user consent through Terms of Service presented at account creation.<n>This study investigates whether consent-related information is clearly communicated within these ToS documents.<n>Using a combination of computational and qualitative analyses, we assess ToS from 13 major social media platforms.
arXiv Detail & Related papers (2026-03-05T00:47:28Z) - From Clicks to Consensus: Collective Consent Assemblies for Data Governance [8.312192184427762]
Notice and consent, the standard for collecting consent, has been criticized.<n>This paper argues that a collective approach to consent is worth exploring.<n>We propose collective consent, operationalized through consent assemblies, as one alternative framework.
arXiv Detail & Related papers (2026-01-23T13:57:04Z) - Breaking the illusion: Automated Reasoning of GDPR Consent Violations [9.488261532697814]
We present Cosmic, a novel automated framework for detecting consent-related privacy violations in web forms.<n>Cosmic detects 3384 violations on 94.1% of consent forms, covering key principles such as freely given consent purpose disclosure, and withdrawal options.
arXiv Detail & Related papers (2025-12-28T05:22:00Z) - A Cross-Country Analysis of GDPR Cookie Banners and Flexible Methods for Scraping Them [6.533686617147407]
We examine the top 10,000 websites across 31 countries under the ePrivacy Directive and consent-observatory.eu.
We show that 67% of websites use consent interfaces, but only 15% are minimally compliant, mostly because they lack a reject option.
There is little evidence that regulators' guidance and fines have impacted compliance rates, but 18% of compliance variance is explained by CMPs.
arXiv Detail & Related papers (2025-03-25T13:44:26Z) - SafeArena: Evaluating the Safety of Autonomous Web Agents [65.49740046281116]
LLM-based agents are becoming increasingly proficient at solving web-based tasks.
With this capability comes a greater risk of misuse for malicious purposes.
We propose SafeArena, the first benchmark to focus on the deliberate misuse of web agents.
arXiv Detail & Related papers (2025-03-06T20:43:14Z) - Contrastive Learning to Improve Retrieval for Real-world Fact Checking [84.57583869042791]
We present Contrastive Fact-Checking Reranker (CFR), an improved retriever for fact-checking complex claims.
We leverage the AVeriTeC dataset, which annotates subquestions for claims with human written answers from evidence documents.
We find a 6% improvement in veracity classification accuracy on the dataset.
arXiv Detail & Related papers (2024-10-07T00:09:50Z) - Are LLM-based methods good enough for detecting unfair terms of service? [67.49487557224415]
Large language models (LLMs) are good at parsing long text-based documents.
We build a dataset consisting of 12 questions applied individually to a set of privacy policies.
Some open-source models are able to provide a higher accuracy compared to some commercial models.
arXiv Detail & Related papers (2024-08-24T09:26:59Z) - Consent in Crisis: The Rapid Decline of the AI Data Commons [74.68176012363253]
General-purpose artificial intelligence (AI) systems are built on massive swathes of public web data.
We conduct the first, large-scale, longitudinal audit of the consent protocols for the web domains underlying AI training corpora.
arXiv Detail & Related papers (2024-07-20T16:50:18Z) - Privacy Policies and Consent Management Platforms: Growth and Users'
Interactions over Time [4.356242302111725]
Consent platforms (CMPs) have emerged as practical solutions to make it easier for website administrators to manage user consent.
This paper presents a detailed analysis of the evolution of CMPs spanning nine years.
We observe how even small changes in the design of Privacy Banners have a critical impact on the user's giving or denying their consent to data collection.
arXiv Detail & Related papers (2024-02-28T13:36:27Z) - Tag Your Fish in the Broken Net: A Responsible Web Framework for
Protecting Online Privacy and Copyright [30.05760947688919]
This paper introduces a user-controlled consent tagging framework for online data.
With this framework, users have the ability to tag their online data at the time of transmission, and subsequently, they can track and request the withdrawal of consent for their data from the data holders.
arXiv Detail & Related papers (2023-10-11T21:56:16Z) - User Attitudes to Content Moderation in Web Search [49.1574468325115]
We examine the levels of support for different moderation practices applied to potentially misleading and/or potentially offensive content in web search.
We find that the most supported practice is informing users about potentially misleading or offensive content, and the least supported one is the complete removal of search results.
More conservative users and users with lower levels of trust in web search results are more likely to be against content moderation in web search.
arXiv Detail & Related papers (2023-10-05T10:57:15Z) - Data Exfiltration by Hotjar Revisited [55.2480439325792]
Session replay scripts allow website owners to record the interaction of each web site visitor.
Previous research identified such techniques as privacy intrusive.
This position paper updates the information on data collection by Hotjar.
arXiv Detail & Related papers (2023-09-20T12:23:34Z) - Can Workers Meaningfully Consent to Workplace Wellbeing Technologies? [65.15780777033109]
This paper unpacks the challenges workers face when consenting to workplace wellbeing technologies.
We show how workers are vulnerable to "meaningless" consent as they may be subject to power dynamics that minimize their ability to withhold consent.
To meaningfully consent, participants wanted changes to the technology and to the policies and practices surrounding the technology.
arXiv Detail & Related papers (2023-03-13T16:15:07Z) - Proposals for Resolving Consenting Issues with Signals and User-side
Dialogues [0.0]
This work presents known problems based on requirements grouped into two categories: (i) UI/UX for consenting; and (ii) power imbalance in expressing consent.
To resolve this, it presents two proposals: First, the use of automation through privacy signals to better govern consenting processes and to reduce consent-fatigue'
arXiv Detail & Related papers (2022-08-09T16:30:32Z) - A Fait Accompli? An Empirical Study into the Absence of Consent to
Third-Party Tracking in Android Apps [27.58278290929534]
Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices.
This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent.
This paper investigates whether and to what extent consent is implemented in mobile apps.
arXiv Detail & Related papers (2021-06-17T11:44:49Z) - Limits of Individual Consent and Models of Distributed Consent in Online
Social Networks [1.0276024900942875]
A user who consents to allow access to their profile can expose the personal data of their network connections to non-consented access.
We introduce both a platform-specific model of "distributed consent" and a cross-platform model of a "consent passport"
In both models, individuals and groups can coordinate by giving consent conditional on that of their network connections.
arXiv Detail & Related papers (2020-06-29T16:00:11Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.