Tracking Walls, Take-It-Or-Leave-It Choices, the GDPR, and the ePrivacy Regulation

• URL: http://arxiv.org/abs/2510.25339v1
• Date: Wed, 29 Oct 2025 09:52:44 GMT
• Title: Tracking Walls, Take-It-Or-Leave-It Choices, the GDPR, and the ePrivacy Regulation
• Authors: Frederik J. Zuiderveen Borgesius, Sanne Kruikemeier, Sophie C. Boerman, Natali Helberger,
• Abstract summary: Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties.<n>We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls.<n>We explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation.
• Score: 1.3007851628964147
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: On the internet, we encounter take-it-or-leave-it choices regarding our privacy on a daily basis. In Europe, online tracking for targeted advertising generally requires the internet users' consent to be lawful. Some websites use a tracking wall, a barrier that visitors can only pass if they consent to tracking by third parties. When confronted with such a tracking wall, many people click 'I agree' to tracking. A survey that we conducted shows that most people find tracking walls unfair and unacceptable. We analyse under which conditions the ePrivacy Directive and the General Data Protection Regulation allow tracking walls. We provide a list of circumstances to assess when a tracking wall makes consent invalid. We also explore how the EU lawmaker could regulate tracking walls, for instance in the ePrivacy Regulation. It should be seriously considered to ban tracking walls, at least in certain circumstances.

Related papers

• RegTrack: Uncovering Global Disparities in Third-party Advertising and Tracking [2.625007842420751]
  Third party advertising and tracking (A&T) are pervasive across the web, yet user exposure varies significantly with browser choice, browsing location, and hosting jurisdiction.<n>Our analysis reveals that browser choice, user location, and hosting jurisdiction each shape tracking exposure in distinct ways.
  arXiv  Detail & Related papers  (2026-03-03T07:21:15Z)
• Every Keystroke You Make: A Tech-Law Measurement and Analysis of Event Listeners for Wiretapping [15.823783000812158]
  Despite the growing body of research documenting widespread lack of compliance with new privacy laws, there is a lack of robust enforcement.<n>We focus on a particularly invasive tracking technique: the use of JavaScript event listeners by third-party trackers for real-time keystroke interception on websites.<n>We find evidence that 38.52% websites installed third-party event listeners to intercept keystrokes, and that at least 3.18% websites transmitted intercepted information to a third-party server.
  arXiv  Detail & Related papers  (2025-08-27T12:20:52Z)
• Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
  Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
  arXiv  Detail & Related papers  (2024-11-18T20:32:31Z)
• PrivacyLens: Evaluating Privacy Norm Awareness of Language Models in Action [54.11479432110771]
  PrivacyLens is a novel framework designed to extend privacy-sensitive seeds into expressive vignettes and further into agent trajectories.<n>We instantiate PrivacyLens with a collection of privacy norms grounded in privacy literature and crowdsourced seeds.<n>State-of-the-art LMs, like GPT-4 and Llama-3-70B, leak sensitive information in 25.68% and 38.69% of cases, even when prompted with privacy-enhancing instructions.
  arXiv  Detail & Related papers  (2024-08-29T17:58:38Z)
• Can LLMs Keep a Secret? Testing Privacy Implications of Language Models via Contextual Integrity Theory [82.7042006247124]
  We show that even the most capable AI models reveal private information in contexts that humans would not, 39% and 57% of the time, respectively. Our work underscores the immediate need to explore novel inference-time privacy-preserving approaches, based on reasoning and theory of mind.
  arXiv  Detail & Related papers  (2023-10-27T04:15:30Z)
• Characterizing Browser Fingerprinting and its Mitigations [0.0]
  This work explores one of these tracking techniques: browser fingerprinting. We detail how browser fingerprinting works, how prevalent it is, and what defenses can mitigate it.
  arXiv  Detail & Related papers  (2023-10-12T20:31:24Z)
• Propagate And Calibrate: Real-time Passive Non-line-of-sight Tracking [84.38335117043907]
  We propose a purely passive method to track a person walking in an invisible room by only observing a relay wall. To excavate imperceptible changes in videos of the relay wall, we introduce difference frames as an essential carrier of temporal-local motion messages. To evaluate the proposed method, we build and publish the first dynamic passive NLOS tracking dataset, NLOS-Track.
  arXiv  Detail & Related papers  (2023-03-21T12:18:57Z)
• "I feel invaded, annoyed, anxious and I may protect myself": Individuals' Feelings about Online Tracking and their Protective Behaviour across Gender and Country [11.38723572165938]
  Online tracking is a primary concern for Internet users, yet previous research has not found a clear link between the cognitive understanding of tracking and protective actions. We conducted an online study, with N=614 participants, across the UK, Germany and France, to investigate how users feel about third-party tracking. We found that most participants' feelings about tracking were negative, described as deeply intrusive. We also observed indications of a privacy gender gap', where women feel more negatively about tracking, yet are less likely to take protective actions, compared to men.
  arXiv  Detail & Related papers  (2022-02-09T19:08:14Z)
• Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
  In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
  arXiv  Detail & Related papers  (2021-12-28T16:21:31Z)
• A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps [27.58278290929534]
  Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. This paper investigates whether and to what extent consent is implemented in mobile apps.
  arXiv  Detail & Related papers  (2021-06-17T11:44:49Z)
• Differential Tracking Across Topical Webpages of Indian News Media [3.721918008485747]
  We propose a novel method for automatic extraction and categorization of Indian news topical subpages based on the details in their URLs. We find differential user tracking among subpages, and between subpages and homepages. embedded third-parties tend to track specific subpages simultaneously, revealing possible user profiling in action.
  arXiv  Detail & Related papers  (2021-03-07T20:20:47Z)
• PGLP: Customizable and Rigorous Location Privacy through Policy Graph [68.3736286350014]
  We propose a new location privacy notion called PGLP, which provides a rich interface to release private locations with customizable and rigorous privacy guarantee. Specifically, we formalize a user's location privacy requirements using a textitlocation policy graph, which is expressive and customizable. Third, we design a private location trace release framework that pipelines the detection of location exposure, policy graph repair, and private trajectory release with customizable and rigorous location privacy.
  arXiv  Detail & Related papers  (2020-05-04T04:25:59Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.