当前位置: X-MOL 学术ACM Trans. Web › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
Cookie Banners and Privacy Policies: Measuring the Impact of the GDPR on the Web
ACM Transactions on the Web ( IF 2.6 ) Pub Date : 2021-07-14 , DOI: 10.1145/3466722
Michael Kretschmer 1 , Jan Pennekamp 2 , Klaus Wehrle 2
Affiliation  

The General Data Protection Regulation (GDPR) is in effect since May of 2018. As one of the most comprehensive pieces of legislation concerning privacy, it sparked a lot of discussion on the effect it would have on users and providers of online services in particular, due to the large amount of personal data processed in this context. Almost three years later, we are interested in revisiting this question to summarize the impact this new regulation has had on actors in the World Wide Web. Using Scopus, we obtain a vast corpus of academic work to survey studies related to changes on websites since and around the time the GDPR went into force. Our findings show that the emphasis on privacy increased w.r.t. online services, but plenty potential for improvements remains. Although online services are on average more transparent regarding data processing practices in their public data policies, a majority of these policies still either lack information required by the GDPR (e.g., contact information for users to file privacy inquiries) or do not provide this information in a user-friendly form. Additionally, we summarize that online services more often provide means for their users to opt out of data processing, but regularly obstruct convenient access to such means through unnecessarily complex and sometimes illegitimate interface design. Our survey further details that this situation contradicts the preferences expressed by users both verbally and through their actions, and researchers have proposed multiple approaches to facilitate GDPR-conform data processing without negatively impacting the user experience. Thus, we compiled reoccurring points of criticism by privacy researchers and data protection authorities into a list of four guidelines for service providers to consider.

中文翻译:

Cookie 横幅和隐私政策:衡量 GDPR 对网络的影响

通用数据保护条例 (GDPR) 自 2018 年 5 月起生效。作为关于隐私的最全面的立法之一,它引发了很多关于它对用户和在线服务提供商的影响的讨论,特别是,由于在这种情况下处理了大量的个人数据。大约三年后,我们有兴趣重新审视这个问题,以总结这项新法规对万维网参与者的影响。使用 Scopus,我们获得了大量学术工作,以调查自 GDPR 生效以来和前后有关网站变化的研究。我们的研究结果表明,对隐私的重视增加了在线服务,但仍有很大的改进潜力。尽管在线服务在其公共数据政策中的数据处理实践平均而言更加透明,但这些政策中的大多数仍然要么缺乏 GDPR 要求的信息(例如,用户提交隐私查询的联系信息),要么未在一个用户友好的表格。此外,我们总结说,在线服务更多地为其用户提供选择退出数据处理的方式,但经常通过不必要的复杂且有时非法的界面设计阻碍对此类方式的便捷访问。我们的调查进一步详细说明,这种情况与用户口头和通过他们的行为表达的偏好相矛盾,研究人员提出了多种方法来促进符合 GDPR 的数据处理,而不会对用户体验产生负面影响。
更新日期:2021-07-14
down
wechat
bug