The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR

Gerhard Seuchter; Sabine Prossnegg; Veronika Beimrohr; Dawn Branley-Bell

doi:10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2

The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR

Gerhard Seuchter, Sabine Prossnegg, Veronika Beimrohr, Dawn Branley-Bell

Psychology Department

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

EU legislation such as the ePrivacy Regulation and the GDPR impose a variety of obligations on how browser cookies need to be implemented on web pages. While almost all website operators adhere to the letter of the law, many websites fail to uphold the spirit of the law. Website operators may nudge visitors into accepting superfluous cookies by carefully crafting cookie popups; thus impinging on visitors’ right to self-determination of their data. The authors propose to define a machine-readable representation for cookie policies. This representation can then be used to present the cookie policy to website visitors in a standardized manner, thus reducing the potential for deceptive cookie policies.

Original language	English
Journal	Jusletter IT
DOIs	https://doi.org/10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2
Publication status	Published - 28 Feb 2020
Event	IRIS (International Legal Informatics Symposium): Responsible Digitalisation - Saltzberg, Austria Duration: 27 Feb 2020 → 29 Feb 2020 https://www.univie.ac.at/RI/IRIS2020/lexisnexis-best-paper-award/

Keywords

cookies
data privacy
profiling
dark patterns
GDPR
legislation
privacy
Internet
nudging

Access to Document

10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2

https://jusletter-it.weblaw.ch/en/issues/2020/IRIS/2-10_the_crux_of_coo_47da31ce08.html__ONCE&login=false

LexisNexis Best Paper Award
Branley-Bell, D. (Recipient), Feb 2020
Prize

Cite this

@article{db2db46fdc944e5b945fdd89fb62b11d,

title = "The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR",

abstract = "EU legislation such as the ePrivacy Regulation and the GDPR impose a variety of obligations on how browser cookies need to be implemented on web pages. While almost all website operators adhere to the letter of the law, many websites fail to uphold the spirit of the law. Website operators may nudge visitors into accepting superfluous cookies by carefully crafting cookie popups; thus impinging on visitors{\textquoteright} right to self-determination of their data. The authors propose to define a machine-readable representation for cookie policies. This representation can then be used to present the cookie policy to website visitors in a standardized manner, thus reducing the potential for deceptive cookie policies.",

keywords = "cookies, data privacy, profiling, dark patterns, GDPR, legislation, privacy, Internet, nudging",

author = "Gerhard Seuchter and Sabine Prossnegg and Veronika Beimrohr and Dawn Branley-Bell",

year = "2020",

month = feb,

day = "28",

doi = "10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2",

language = "English",

journal = "Jusletter IT",

issn = "1664-848X",

publisher = "Weblaw",

note = "IRIS (International Legal Informatics Symposium) : Responsible Digitalisation, IRIS2020 ; Conference date: 27-02-2020 Through 29-02-2020",

url = "https://www.univie.ac.at/RI/IRIS2020/lexisnexis-best-paper-award/",

}

TY - JOUR

T1 - The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR

AU - Seuchter, Gerhard

AU - Prossnegg, Sabine

AU - Beimrohr, Veronika

AU - Branley-Bell, Dawn

PY - 2020/2/28

Y1 - 2020/2/28

N2 - EU legislation such as the ePrivacy Regulation and the GDPR impose a variety of obligations on how browser cookies need to be implemented on web pages. While almost all website operators adhere to the letter of the law, many websites fail to uphold the spirit of the law. Website operators may nudge visitors into accepting superfluous cookies by carefully crafting cookie popups; thus impinging on visitors’ right to self-determination of their data. The authors propose to define a machine-readable representation for cookie policies. This representation can then be used to present the cookie policy to website visitors in a standardized manner, thus reducing the potential for deceptive cookie policies.

AB - EU legislation such as the ePrivacy Regulation and the GDPR impose a variety of obligations on how browser cookies need to be implemented on web pages. While almost all website operators adhere to the letter of the law, many websites fail to uphold the spirit of the law. Website operators may nudge visitors into accepting superfluous cookies by carefully crafting cookie popups; thus impinging on visitors’ right to self-determination of their data. The authors propose to define a machine-readable representation for cookie policies. This representation can then be used to present the cookie policy to website visitors in a standardized manner, thus reducing the potential for deceptive cookie policies.

KW - cookies

KW - data privacy

KW - profiling

KW - dark patterns

KW - GDPR

KW - legislation

KW - privacy

KW - Internet

KW - nudging

U2 - 10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2

DO - 10.38023/5f700184-d8ee-4bdb-b906-7cde70fbf0a2

M3 - Article

SN - 1664-848X

JO - Jusletter IT

JF - Jusletter IT

T2 - IRIS (International Legal Informatics Symposium)

Y2 - 27 February 2020 through 29 February 2020

ER -

The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR

Abstract

Keywords

Access to Document

Fingerprint

Prizes

LexisNexis Best Paper Award

Cite this