(Un)informed Consent: Studying GDPR Consent Notices in the Field

by   Christine Utz, et al.

Since the adoption of the General Data Protection Regulation (GDPR) in May 2018 more than 60 notices to their visitors. This has quickly led to users becoming fatigued with privacy notifications and contributed to the rise of both browser extensions that block these banners and demands for a solution that bundles consent across multiple websites or in the browser. In this work, we identify common properties of the graphical user interface of consent notices and conduct three experiments with more than 80,000 unique users on a German website to investigate the influence of notice position, type of choice, and content framing on consent. We find that users are more likely to interact with a notice shown in the lower (left) part of the screen. Given a binary choice, more users are willing to accept tracking compared to mechanisms that require them to allow cookie use for each category or company individually. We also show that the wide-spread practice of nudging has a large effect on the choices users make. Our experiments show that seemingly small implementation decisions can substantially impact whether and how people interact with consent notices. Our findings demonstrate the importance for regulation to not just require consent, but also provide clear requirements or guidance for how this consent has to be obtained in order to ensure that users can make free and informed choices.


page 6

page 8

page 9

page 11


(Un)clear and (In)conspicuous: The right to opt-out of sale under CCPA

The California Consumer Privacy Act (CCPA)—which began enforcement on Ju...

Characterising Third Party Cookie Usage in the EU after GDPR

The recently introduced General Data Protection Regulation (GDPR) requir...

To Extend or not to Extend: on the Uniqueness of Browser Extensions and Web Logins

Recent works showed that websites can detect browser extensions that use...

User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users

During the past few years, mostly as a result of the GDPR and the CCPA, ...

Cookie Banners, What's the Purpose? Analyzing Cookie Banner Text Through a Legal Lens

A cookie banner pops up when a user visits a website for the first time,...

The Impact of Visibility on the Right to Opt-out of Sale under CCPA

The California Consumer Protection Act (CCPA) gives users the right to o...

Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR

The European Union's General Data Protection Regulation (GDPR) requires ...

Please sign up or login with your details

Forgot password? Click here to reset