Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR-Reference-Cited by-同舟云学术

Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR

Published:2020-04-01 Issue:2 Volume:2020 Page:481-498
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Machuletz Dominique¹,Böhme Rainer²

Affiliation:

1. Independet, Work carried out while at the University of Münster , Germany .

2. University of Innsbruck , Austria

Abstract

Abstract The European Union’s General Data Protection Regulation (GDPR) requires websites to ask for consent to the use of cookies for specific purposes. This enlarges the relevant design space for consent dialogs. Websites could try to maximize click-through rates and positive consent decision, even at the risk of users agreeing to more purposes than intended. We evaluate a practice observed on popular websites by conducting an experiment with one control and two treatment groups (N = 150 university students in two countries). We hypothesize that users’ consent decision is influenced by (1) the number of options, connecting to the theory of choice proliferation, and (2) the presence of a highlighted default button (“select all”), connecting to theories of social norms and deception in consumer research. The results show that participants who see a default button accept cookies for more purposes than the control group, while being less able to correctly recall their choice. After being reminded of their choice, they regret it more often and perceive the consent dialog as more deceptive than the control group. Whether users are presented one or three purposes has no significant effect on their decisions and perceptions. We discuss the results and outline policy implications.

Publisher

Walter de Gruyter GmbH

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2020-0037

Reference71 articles.

1. [1] European Parliament and the Council of the European Union. Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016)

2. [2] European Parliament and the Council of the European Union. Directive 2002/58/EC of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications) (2002)

3. [3] European Parliament and the Council of the European Union. Directive 2009/136/EC of 25 November 2009 amending Directive 2002/22/EC universal service and users' rights relating to electronic communications networks and services, Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector and Regulation

4. (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws. (2009)

5. [4] R. Leenes, E. Kosta. Taming the cookie monster with Dutch law — A tale of regulatory failure. Computer Law & Security Review (2015) 31, 3, 317–335

Cited by 62 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Reimagining Online Consent for More Responsible and Human-Centred Data Collection;Extended Abstracts of the CHI Conference on Human Factors in Computing Systems;2024-05-11

3. More than just informed: The importance of consent facets in smart homes;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

4. “It doesn’t tell me anything about how my data is used”: User Perceptions of Data Collection Purposes;Proceedings of the CHI Conference on Human Factors in Computing Systems;2024-05-11

5. CSChecker: Revisiting GDPR and CCPA Compliance of Cookie Banners on the Web;Proceedings of the IEEE/ACM 46th International Conference on Software Engineering;2024-04-12