The Crux of Cookies Consent: A Legal and Technical Analysis of Shortcomings of Cookie Policies in the Age of the GDPR

Research output: Contribution to journalArticlepeer-review



External departments

  • FH Joanneum University of Applied Sciences


Publication type

Research output: Contribution to journalArticlepeer-review


EU legislation such as the ePrivacy Regulation and the GDPR impose a variety of obligations on how browser cookies need to be implemented on web pages. While almost all website operators adhere to the letter of the law, many websites fail to uphold the spirit of the law. Website operators may nudge visitors into accepting superfluous cookies by carefully crafting cookie popups; thus impinging on visitors’ right to self-determination of their data. The authors propose to define a machine-readable representation for cookie policies. This representation can then be used to present the cookie policy to website visitors in a standardized manner, thus reducing the potential for deceptive cookie policies.