Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Interdisciplinary Research Group in Socio-technical Cybersecurity

Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

Cristiana Santos , Arianna Rossi, Lorena Sanchez Chamorro, Kerstin Bongard, Ruba Abu-Salma
Abstract:
A cookie banner pops up when a user visits a website for the first time, requesting consent to the use of cookies and other trackers for a variety of purposes. Unlike prior work that has focused on evaluating the user interface (UI) design of cookie banners, this paper presents an in-depth analysis of what cookie banners say to users to get their consent. We took an interdisciplinary approach to determining what cookie banners should say. Following the legal requirements of the ePrivacy Directive (ePD) and the General Data Protection Regulation (GDPR), we manually annotated around 400 cookie banners presented on the most popular English-speaking websites visited by users residing in the EU. We focused on analyzing the purposes of cookie banners and how these purposes were expressed (e.g., any misleading or vague language, any use of jargon). We found that 89% of cookie banners violated applicable laws. In particular, 61% of banners violated the purpose specificity requirement by mentioning vague purposes, including “user experience enhancement”. Further, 30% of banners used positive framing, breaching the freely given and informed consent requirements. Based on these findings, we provide recommendations that regulators can find useful. We also describe future research directions.
Authors:
Cristiana Santos , Arianna Rossi, Lorena Sanchez Chamorro, Kerstin Bongard, Ruba Abu-Salma
Publication date:
15-Nov-2021
Published in:
Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security (CCS '21), 20th Workshop on Privacy in the Electronic Society, Seoul, South Korea
Reference:
Cristiana Santos , Arianna Rossi, Lorena Sanchez Chamorro, Kerstin Bongard, Ruba Abu-Salma. Cookie Banners, What’s the Purpose? Analyzing Cookie Banner Text Through a Legal Lens, 20th Workshop on Privacy in the Electronic Society, Seoul, South Korea

Get in touch with us

SnT – Interdisciplinary Centre for Security, Reliability and Trust
Maison du Nombre, 6, avenue de la Fonte L-4364 Esch-sur-Alzette
info-irisc-lab@uni.lu