当前位置:
X-MOL 学术
›
arXiv.cs.CY
›
论文详情
Our official English website, www.x-mol.net, welcomes your
feedback! (Note: you will need to create a separate account there.)
A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android~Apps
arXiv - CS - Computers and Society Pub Date : 2021-06-17 , DOI: arxiv-2106.09407 Konrad Kollnig, Reuben Binns, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt
arXiv - CS - Computers and Society Pub Date : 2021-06-17 , DOI: arxiv-2106.09407 Konrad Kollnig, Reuben Binns, Pierre Dewitte, Max Van Kleek, Ge Wang, Daniel Omeiza, Helena Webb, Nigel Shadbolt
Third-party tracking allows companies to collect users' behavioural data and
track their activity across digital devices. This can put deep insights into
users' private lives into the hands of strangers, and often happens without
users' awareness or explicit consent. EU and UK data protection law, however,
requires consent, both 1) to access and store information on users' devices and
2) to legitimate the processing of personal data as part of third-party
tracking, as we analyse in this paper. This paper further investigates whether and to what extent consent is
implemented in mobile apps. First, we analyse a representative sample of apps
from the Google Play Store. We find that most apps engage in third-party
tracking, but few obtained consent before doing so, indicating potentially
widespread violations of EU and UK privacy law. Second, we examine the most
common third-party tracking libraries in detail. While most acknowledge that
they rely on app developers to obtain consent on their behalf, they typically
fail to put in place robust measures to ensure this: disclosure of consent
requirements is limited; default consent implementations are lacking; and
compliance guidance is difficult to find, hard to read, and poorly maintained.
中文翻译:
既成事实?Android~Apps 中第三方跟踪不同意的实证研究
第三方跟踪允许公司收集用户的行为数据并跟踪他们跨数字设备的活动。这可以让陌生人深入了解用户的私人生活,并且经常在用户不知情或明确同意的情况下发生。然而,欧盟和英国的数据保护法需要同意,1) 访问和存储用户设备上的信息和 2) 作为第三方跟踪的一部分,合法处理个人数据,正如我们在本文中分析的那样。本文进一步调查了移动应用程序中是否以及在多大程度上实现了同意。首先,我们分析来自 Google Play 商店的代表性应用样本。我们发现大多数应用程序都参与了第三方跟踪,但很少有人在这样做之前获得同意,这表明可能广泛违反欧盟和英国的隐私法。其次,我们详细检查了最常见的第三方跟踪库。虽然大多数人承认他们依赖应用程序开发人员代表他们获得同意,但他们通常没有采取强有力的措施来确保这一点:同意要求的披露是有限的;缺乏默认的同意实施;合规指南很难找到、难以阅读且维护不善。
更新日期:2021-06-18
中文翻译:
既成事实?Android~Apps 中第三方跟踪不同意的实证研究
第三方跟踪允许公司收集用户的行为数据并跟踪他们跨数字设备的活动。这可以让陌生人深入了解用户的私人生活,并且经常在用户不知情或明确同意的情况下发生。然而,欧盟和英国的数据保护法需要同意,1) 访问和存储用户设备上的信息和 2) 作为第三方跟踪的一部分,合法处理个人数据,正如我们在本文中分析的那样。本文进一步调查了移动应用程序中是否以及在多大程度上实现了同意。首先,我们分析来自 Google Play 商店的代表性应用样本。我们发现大多数应用程序都参与了第三方跟踪,但很少有人在这样做之前获得同意,这表明可能广泛违反欧盟和英国的隐私法。其次,我们详细检查了最常见的第三方跟踪库。虽然大多数人承认他们依赖应用程序开发人员代表他们获得同意,但他们通常没有采取强有力的措施来确保这一点:同意要求的披露是有限的;缺乏默认的同意实施;合规指南很难找到、难以阅读且维护不善。