Deceptive Patterns
‹ All reading

Measuring Compliance of Consent Revocation on the Web

Author
Gayatri Priyadarsini Kancherla, N. Bielova, C. Santos, Abhishek Bichhawat
Date
23 Nov 2024
Publisher
Proceedings on Privacy Enhancing Technologies
Focus
Law & Policy
Category
Academic Scholar

It is found that on 101 websites, third parties that have received consent upon user’s acceptance, are not informed of revocation, leading to the illegal processing of users’ data by such third parties according to EU laws.

The EU General Data Protection Regulation (GDPR) requires websites to facilitate the right to revoke consent from Web users. Prior works have examined consent management by auditing that user choices are correctly stored, and comparing cookies set upon acceptance versus rejection to assess compliance. While these studies measured compliance of consent with respect to the various consent requirements, no prior work has studied consent revocation on the Web. Therefore, it is unclear how difficult it is to revoke consent on the websites’ interfaces, and whether the revoked consent is properly stored and communicated behind the user interface. Our work aims to fill this gap by measuring compliance of consent revocation on the Web on Tranco’s top-200 websites.