Checking Websites’ GDPR Consent Compliance for Marketing Emails-Reference-Cited by-同舟云学术

Checking Websites’ GDPR Consent Compliance for Marketing Emails

Published:2022-03-03 Issue:2 Volume:2022 Page:282-303
ISSN:2299-0984
Container-title:Proceedings on Privacy Enhancing Technologies
language:en
Short-container-title:

Author:

Kubíček Karel¹,Merane Jakob¹,Cotrini Carlos¹,Stremitzer Alexander¹,Bechtold Stefan¹,Basin David¹

Affiliation:

1. ETH Zurich

Abstract

Abstract The sending of marketing emails is regulated to protect users from unsolicited emails. For instance, the European Union’s ePrivacy Directive states that marketers must obtain users’ prior consent, and the General Data Protection Regulation (GDPR) specifies further that such consent must be freely given, specific, informed, and unambiguous. Based on these requirements, we design a labeling of legal characteristics for websites and emails. This leads to a simple decision procedure that detects potential legal violations. Using our procedure, we evaluated 1000 websites and the 5000 emails resulting from registering to these websites. Both datasets and evaluations are available upon request. We find that 21.9% of the websites contain potential violations of privacy and unfair competition rules, either in the registration process (17.3%) or email communication (17.7%). We demonstrate with a statistical analysis the possibility of automatically detecting such potential violations.

Publisher

Privacy Enhancing Technologies Symposium Advisory Board

Subject

General Medicine

Link

https://www.sciendo.com/pdf/10.2478/popets-2022-0046

Reference69 articles.

1. [1] F. Al Maqbali and C. J. Mitchell. “Web Password Recovery: A Necessary Evil?” In: Proceedings of the Future Technologies Conference. Springer. 2018, pp. 324–341.10.1007/978-3-030-02683-7_23

2. [2] R. Amos, G. Acar, E. Lucherini, M. Kshirsagar, A. Narayanan, and J. Mayer. “Privacy Policies over Time: Curation and Analysis of a Million-Document Dataset.” In: Proceedings of The Web Conference 2021. WWW ’21. Association for Computing Machinery, Apr. 19, 2021, p. 22. doi: 10.1145/3442381.3450048.10.1145/3442381.3450048

3. [3] Art. 29 Data Protection Working Party. Opinion 5/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002/58/EC. Feb. 2004.

4. [4] Austrian Data Protection Authority (Datenschutzbehörde). DSB-D130.073/0008-DSB/2019. https://gdprhub.eu/index.php?title=DSB_-_DSB-D130.073/0008-DSB/2019. 2019.

5. [5] Baden-Württemberg Data Protection Authority (LfDI Baden-Württemberg). LfDI - O 1018/115. https://gdprhub.eu/index.php?title=LfDI_-_O_1018/115. 2018.

Cited by 5 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations;2024 IEEE Symposium on Security and Privacy (SP);2024-05-19

2. Automating Website Registration for Studying GDPR Compliance;Proceedings of the ACM Web Conference 2024;2024-05-13

3. Enforcing the GDPR;Lecture Notes in Computer Science;2024

4. General Data Protection Runtime: Enforcing Transparent GDPR Compliance for Existing Applications;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15

5. Kurzeinführung zum aktuellen Stand der DSGVO;Datenschutz für Entscheider in Marketing und Vertrieb;2023