Measuring Compliance of Consent Revocation on the Web
Gayatri Priyadarsini Kancherla, Nataliia Bielova, Cristiana Santos, Abhishek Bichhawat
TL;DR
This study evaluates how well top websites comply with GDPR requirements for consent revocation, revealing significant issues in interface usability, data deletion, and communication with third parties, highlighting the need for improved compliance.
Contribution
First comprehensive measurement of consent revocation compliance on the Web, identifying key deficiencies and legal violations in current implementations.
Findings
19.87% of websites make revocation difficult
20.5% require more effort to revoke than to accept
2.48% do not provide revocation options at all
Abstract
The GDPR requires websites to facilitate the right to revoke consent from Web users. While numerous studies measured compliance of consent with the various consent requirements, no prior work has studied consent revocation on the Web. Therefore, it remains unclear how difficult it is to revoke consent on the websites' interfaces, nor whether revoked consent is properly stored and communicated behind the user interface. Our work aims to fill this gap by measuring compliance of consent revocation on the Web on the top-200 websites. We found that 19.87% of websites make it difficult for users to revoke consent throughout different interfaces, 20.5% of websites require more effort than acceptance, and 2.48% do not provide consent revocation at all, thus violating legal requirements for valid consent. 57.5% websites do not delete the cookies after consent revocation enabling continuous…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInformation and Cyber Security