The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American,and Canadian websites from each of 18 countries. We detect cookie notices on 40% of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences,as proxies for differences in privacy rules. Using a series of regression models, we find that the website’s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings.
Original languageEnglish
Title of host publicationIEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro '19)
Publication statusPublished - May 2019

    Research areas

  • Cookie Notice, Web Privacy Measurement, ePrivacy, GDPR, VPN

ID: 56926385