Ecole d'ingénieur et centre de recherche en Sciences du numérique

Can I opt out yet? GDPR and the global illusion of cookie control

Sanchez-Rola, Iskander; Dell?Amico, Matteo; Kotzias, Platon; Balzarotti, Davide; Bilge, Leyla; Vervier, Pierre-Antoine; Santos, Igor

ASIACCS 2019, 14th ACM Asia Conference on Computer and Communications Security, 7-12 July, Auckland, New Zealand

The European Union's (EU) General Data Protection Regulation (GDPR), in effect since May 2018, enforces strict limitations on handling users' personal data, hence impacting their activity tracking on the Web. In this study, we perform an evaluation of the tracking performed in 2,000 high-traffic websites, hosted both inside and outside of the EU. We evaluate both the information presented to users and the actual tracking implemented through cookies; we find that the GDPR has impacted website behavior in a truly global way, both directly and indirectly: USA-based websites behave similarly to EUbased ones, while third-party opt-out services reduce the amount of tracking even for websites which do not put any effort in respecting the new law. On the other hand, we find that tracking remains ubiquitous. In particular, we found cookies that can identify users when visiting more than 90% of the websites in our dataset--and we also encountered a large number of websites that present deceiving information, making it it very difficult, if at all possible, for users to avoid being tracked. 

Document Doi Bibtex

Titre:Can I opt out yet? GDPR and the global illusion of cookie control
Mots Clés:user privacy; browser cookies; GDPR
Type:Conférence
Langue:English
Ville:Auckland
Pays:NOUVELLE-ZÉLANDE
Date:
Département:Sécurité numérique
Eurecom ref:5941
Copyright: © ACM, 2019. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ASIACCS 2019, 14th ACM Asia Conference on Computer and Communications Security, 7-12 July, Auckland, New Zealand http://dx.doi.org/10.1145/3321705.3329806
Bibtex: @inproceedings{EURECOM+5941, doi = {http://dx.doi.org/10.1145/3321705.3329806}, year = {2019}, title = {{C}an {I} opt out yet? {GDPR} and the global illusion of cookie control}, author = {{S}anchez-{R}ola, {I}skander and {D}ell?{A}mico, {M}atteo and {K}otzias, {P}laton and {B}alzarotti, {D}avide and {B}ilge, {L}eyla and {V}ervier, {P}ierre-{A}ntoine and {S}antos, {I}gor}, booktitle = {{ASIACCS} 2019, 14th {ACM} {A}sia {C}onference on {C}omputer and {C}ommunications {S}ecurity, 7-12 {J}uly, {A}uckland, {N}ew {Z}ealand}, address = {{A}uckland, {NOUVELLE}-{Z}{\'{E}}{LANDE}}, month = {07}, url = {http://www.eurecom.fr/publication/5941} }
Voir aussi: