The Impact of User Location on Cookie Notices: (Inside and Outside of the European Union)

Rob Van Eijk; Hadi Asghari; Philipp Winter; Arvind Narayanan

The Impact of User Location on Cookie Notices: (Inside and Outside of the European Union)

Rob Van Eijk, Hadi Asghari, Philipp Winter, Arvind Narayanan

Organisation & Governance

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

383 Downloads (Pure)

Abstract

The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American,and Canadian websites from each of 18 countries. We detect cookie notices on 40% of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences,as proxies for differences in privacy rules. Using a series of regression models, we find that the website’s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when accessing.com domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings.

Original language	English
Title of host publication	IEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro '19)
Publisher	IEEE
Publication status	Published - 2019

Keywords

Cookie Notice
Web Privacy Measurement
ePrivacy
GDPR
VPN

Access to Document

vaneijk-conpro19Accepted author manuscript, 177 KB

https://ssrn.com/abstract=3361360

Cite this

@inproceedings{bfb82c57273545d3ad6e2c44e17cdf64,

title = "The Impact of User Location on Cookie Notices: (Inside and Outside of the European Union)",

abstract = "The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American,and Canadian websites from each of 18 countries. We detect cookie notices on 40% of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences,as proxies for differences in privacy rules. Using a series of regression models, we find that the website{\textquoteright}s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when accessing.com domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings. ",

keywords = "Cookie Notice, Web Privacy Measurement, ePrivacy, GDPR, VPN",

author = "{Van Eijk}, Rob and Hadi Asghari and Philipp Winter and Arvind Narayanan",

year = "2019",

language = "English",

booktitle = "IEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro '19)",

publisher = "IEEE",

address = "United States",

}

The Impact of User Location on Cookie Notices: (Inside and Outside of the European Union). / Van Eijk, Rob; Asghari, Hadi; Winter, Philipp et al.
IEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro '19). IEEE, 2019.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - The Impact of User Location on Cookie Notices

T2 - (Inside and Outside of the European Union)

AU - Van Eijk, Rob

AU - Asghari, Hadi

AU - Winter, Philipp

AU - Narayanan, Arvind

PY - 2019

Y1 - 2019

N2 - The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American,and Canadian websites from each of 18 countries. We detect cookie notices on 40% of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences,as proxies for differences in privacy rules. Using a series of regression models, we find that the website’s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when accessing.com domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings.

AB - The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American,and Canadian websites from each of 18 countries. We detect cookie notices on 40% of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences,as proxies for differences in privacy rules. Using a series of regression models, we find that the website’s Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the users vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when accessing.com domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings.

KW - Cookie Notice

KW - Web Privacy Measurement

KW - ePrivacy

KW - GDPR

KW - VPN

M3 - Conference contribution

BT - IEEE Security & Privacy Workshop on Technology and Consumer Protection (ConPro '19)

PB - IEEE

ER -

The Impact of User Location on Cookie Notices: (Inside and Outside of the European Union)

Abstract

Keywords

Access to Document

Fingerprint

Cite this