An Automated Approach to Auditing Disclosure of Third-Party Data Collection in Website Privacy Policies

05/03/2018
by   Timothy Libert, et al.
0

A dominant regulatory model for web privacy is "notice and choice". In this model, users are notified of data collection and provided with options to control it. To examine the efficacy of this approach, this study presents the first large-scale audit of disclosure of third-party data collection in website privacy policies. Data flows on one million websites are analyzed and over 200,000 websites' privacy policies are audited to determine if users are notified of the names of the companies which collect their data. Policies from 25 prominent third-party data collectors are also examined to provide deeper insights into the totality of the policy environment. Policies are additionally audited to determine if the choice expressed by the "Do Not Track" browser setting is respected. Third-party data collection is wide-spread, but fewer than 15 data flows are disclosed. The third-parties most likely to be disclosed are those with consumer services users may be aware of, those without consumer services are less likely to be mentioned. Policies are difficult to understand and the average time requirement to read both a given sites policy and the associated third-party policies exceeds 84 minutes. Only 7 first-party site policies mention the Do Not Track signal, and the majority of such mentions are to specify that the signal is ignored. Among third-party policies examined, none offer unqualified support for the Do Not Track signal. Findings indicate that current implementations of "notice and choice" fail to provide notice or respect choice.

READ FULL TEXT

page 1

page 2

page 3

page 4

research
10/13/2021

State of Security and Privacy Practices of Top Websites in the East African Community (EAC)

Growth in technology has resulted in the large-scale collection and proc...
research
06/13/2022

Consent verification monitoring

Advances in service personalization are driven by low-cost data collecti...
research
09/20/2023

Data Exfiltration by Hotjar Revisited

Session replay scripts allow website owners to record the interaction of...
research
03/21/2022

Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Modern websites frequently use and embed third-party services to facilit...
research
02/17/2023

More Data Types More Problems: A Temporal Analysis of Complexity, Stability, and Sensitivity in Privacy Policies

Collecting personally identifiable information (PII) on data subjects ha...
research
09/06/2023

Measuring Website Password Creation Policies At Scale

Researchers have extensively explored how password creation policies inf...
research
05/20/2019

Secure Extensibility for System State Extraction via Plugin Sandboxing

We introduce a new mechanism to securely extend systems data collection ...

Please sign up or login with your details

Forgot password? Click here to reset