research-article

Webtracking under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI

Authors:

Gunnar Stevens,

Anna-Magdalena Seufert,

Max BeckerAuthors Info & Claims

MuC '19: Proceedings of Mensch und Computer 2019

Pages 309 - 319

https://doi.org/10.1145/3340764.3340790

Published: 08 September 2019 Publication History

Abstract

The GDPR regulates at present the handling with personal data fundamentally new and thereby opens new leeway. At the same time, it creates great uncertainty among those affected. One example of this is web trackers that help designers to improve the utility and usability of their websites on the basis of, in part, extensive (personal) data collection, or enable operators to finance them. Against this background, in this article we first show the practical relevance of web tracking by collecting the web trackers of the 100 most popular pages of each of the 28 EU member states. Building on this, we show which data these trackers collect and analyze their legal bases. Finally, we discuss possible design and architectural consequences for fulfilling the legally outlined requirements, taking into account the user's perspective.

References

[1]

Achara, J.P. et al. 2016. Mytrackingchoices: Pacifying the ad-block war by enforcing user privacy preferences. arXiv preprint arXiv:1604.04495. (2016).

[2]

Ajzen, I. and Fishbein, M. 1977. Attitude-behavior relations: A theoretical analysis and review of empirical research. Psychological Bulletin. 84, 5 (1977), 888--918.

[3]

Akkus, I.E. et al. 2012. Non-tracking web analytics. Proceedings of the 2012 ACM conference on Computer and communications security (2012), 687--698.

Digital Library

[4]

Angulo, J. et al. 2012. Towards usable privacy policy display and management. Information Management & Computer Security. 20, 1 (2012), 4--17.

[5]

Balebako, R. et al. 2015. The Impact of Timing on the Salience of Smartphone App Privacy Notices. (2015), 63--74.

Digital Library

[6]

Beales, H. 2010. The value of behavioral targeting. Network Advertising Initiative. 1, (2010).

[7]

Becker, M. 2017. Ein Recht auf datenerhebungsfreie Produkte. JuristenZeitung. 72, 4 (2017), 170--181.

[8]

Brecht, F. et al. 2012. Communication Anonymizers: Personality, Internet Privacy Literacy and their Influence on Technology Acceptance. ECIS (2012), 214.

[9]

Bujlow, T. et al. 2017. A survey on web tracking: Mechanisms, implications, and defenses. Proceedings of the IEEE. 105, 8 (2017), 1476--1510.

[10]

Calo, R. 2013. Digital Market Manipulation. George Washington Law Review, Forthcoming. (2013).

[11]

Clarke, N. et al. 2012. Towards usable privacy policy display and management. Information Management & Computer Security. 20, 1 (2012), 4--17.

[12]

Clifton, B. 2012. Advanced web metrics with Google Analytics. John Wiley & Sons.

Digital Library

[13]

Cookie Hinweis: Benötigt jede Webseite einen Cookie Hinweis? https://www.e-recht24.de/artikel/datenschutz/8451-hinweispflicht-fuer-cookies.html. Accessed: 2019-04-05.

[14]

Cranor, L.F. 2002. Web privacy with P3P. O'Reilly Media, Inc.

Digital Library

[15]

Datta, A. et al. 2015. Automated experiments on ad privacy settings. Proceedings on privacy enhancing technologies. 2015, 1 (2015), 92--112.

[16]

Degeling, M. et al. 2018. We Value Your Privacy... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy. arXiv preprint arXiv:1808.05096. (2018).

[17]

Englehardt, S. and Narayanan, A. 2016. Online tracking: A 1-million-site measurement and analysis. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security (2016), 1388--1401.

Digital Library

[18]

Ermakova, T. et al. 2018. Web Tracking-A Literature Review on the State of Research. (2018).

[19]

Europäische Kommission 2017. Vorschlag für eine VERORDNUNG DES EUROPÄISCHEN PARLAMENTS UND DES RATES über die Achtung des Privatlebens und den Schutz personenbezogener Daten in der elektronischen Kommunikation und zur Aufhebung der Richtlinie 2002/58/EG (Verordnung über Privatsphäre und elektronische Kommunikation).

[20]

European Parliament of the Council 2016. REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. Official Journal of the European Union L 119/2016. Volume 59, L119 (May 2016).

[21]

Felt, A.P. et al. 2012. Android permissions: User attention, comprehension, and behavior. Proceedings of the Eighth Symposium on Usable Privacy and Security (2012), 3.

Digital Library

[22]

Greengard, S. 2012. Advertising gets personal. Commun. ACM. 55, 8 (2012), 18--20.

Digital Library

[23]

Internetpenetrationsrate weltweit 2021 | Prognose: https://de.statista.com/statistik/daten/studie/369362/umfrage/prognose-der-internetpenetrationsrate-weltweit/. Accessed: 2019-04-05.

[24]

Jakobi, T. et al. 2019. It's About What They Could Do with the Data: A User Perspective on Privacy in Smart Metering. ACM Trans. Comput.-Hum. Interact. 9, 4 (2019), 43.

Digital Library

[25]

Jakobi, T. et al. 2018. Privacy-By-Design für das Connected Car: Architekturen aus Verbrauchersicht. Datenschutz und Datensicherheit-DuD. 42, 11 (2018), 704--707.

[26]

Joinson, A.N. et al. 2010. Privacy, trust, and self-disclosure online. Human-Computer Interaction. 25, 1 (2010), 1--24.

[27]

Klug, C. and Golar, P. 2018. Die Entwicklung des Datenschutzrechts im ersten Halbjahr 2018. NJW. Heft 36 (2018), 2608--2611.

[28]

Kontaxis, G. and Chew, M. 2015. Tracking protection in firefox for privacy and performance. arXiv preprint arXiv:1506.04104. (2015).

[29]

Kranig, T. 2019. Digitale Dienste im Datenschutzcheck. Bayerisches Landesamt für Datenschutzaufsicht.

[30]

Krishnamurthy, B. and Wills, C.E. 2006. Generating a privacy footprint on the internet. Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (2006), 65--70.

Digital Library

[31]

Leenes, R. and Kosta, E. 2015. Taming the cookie monster with dutch law-a tale of regulatory failure. Computer Law & Security Review. 31, 3 (2015), 317--335.

[32]

Leon, P. et al. 2012. Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (2012), 589--598.

Digital Library

[33]

Leon, P.G. et al. 2013. What matters to users?: factors that affect users' willingness to share information with online advertisers. Proceedings of the ninth symposium on usable privacy and security (2013), 7.

Digital Library

[34]

Mayer, J.R. and Mitchell, J.C. 2012. Third-party web tracking: Policy and technology. 2012 IEEE Symposium on Security and Privacy (2012), 413--427.

Digital Library

[35]

McDonald, A.M. and Cranor, L.F. 2010. Americans' attitudes about internet behavioral advertising practices. Proceedings of the 9th annual ACM workshop on Privacy in the electronic society (2010), 63--72.

Digital Library

[36]

Melicher, W. et al. 2016. (Do Not) Track me sometimes: users' contextual preferences for web tracking. Proceedings on Privacy Enhancing Technologies. 2016, 2 (2016), 135--154.

[37]

Merzdovnik, G. et al. 2017. Block me if you can: A large-scale study of tracker-blocking tools. 2017 IEEE European Symposium on Security and Privacy (EuroS&P) (2017), 319--333.

[38]

Müller, K. 2019. EuGH-Generalanwalt unterstützt vzbv-Position zum Setzen von Cookies. Verbraucherzentrale Bundesverband.

[39]

Nithyanand, R. et al. 2016. Adblocking and counter blocking: A slice of the arms race. 6th ${$USENIX$}$ Workshop on Free and Open Communications on the Internet (${$FOCI$}$ 16) (2016).

[40]

Priebe, A. 2018. Was nach der DSGVO-Panik bleibt: Kreative Strategien zur Einholung des Consents. OnlineMarketing.de.

[41]

Pugliese, G. 2015. Web Tracking: Overview and applicability in digital investigations. it-Information Technology. 57, 6 (2015), 366--375.

[42]

Pujol, E. et al. 2015. Annoyed users: Ads and ad-block usage in the wild. Proceedings of the 2015 Internet Measurement Conference (2015), 93--106.

Digital Library

[43]

Purcell, K. et al. 2012. Search engine use 2012. (2012).

[44]

Roesner, F. et al. 2012. Detecting and defending against third-party tracking on the web. Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation (2012), 12--12.

Digital Library

[45]

Sanchez-Rola, I. et al. 2017. The web is watching you: A comprehensive review of web-tracking techniques and countermeasures. Logic Journal of the IGPL. 25, 1 (2017), 18--29.

[46]

Schaub, F. et al. 2015. A design space for effective privacy notices. Eleventh Symposium On Usable Privacy and Security (SOUPS 2015) (2015), 1--17.

Digital Library

[47]

Schaub, F. et al. 2016. Watching them watching me: Browser extensions impact on user privacy awareness and concern. NDSS workshop on usable security (2016).

[48]

Schelter, S. and Kunegis, J. 2018. On the ubiquity of web tracking: Insights from a billion-page web crawl. The Journal of Web Science. 4, 4 (2018), 53--66.

[49]

Schleipfer, S. 2017. Datenschutzkonformes Webtracking nach Wegfall des TMG.Was bringen die DS-GVO und die ePrivacy-Verordnung? 10/2017 (2017), 460--466.

[50]

Schwartz, A. 2009. Looking back at P3P: lessons for the future. Center for Democracy & Technology, https://www.cdt.org/files/pdfs/P3P_Retro_Final_0.pdf. (2009).

[51]

Spindler, G. and Schmitz, P. 2018. Telemediengesetz: TMG mit Netzwerkdurchsetzungsgesetz (NetzDG). C.H.BECK.

[52]

Stevens, G. et al. 2014. Mehrseitige, barrierefreie Sicherheit intelligenter Messsysteme. Datenschutz und Datensicherheit. 38, 8/2014 (2014), 536--544.

[53]

Trudeau, S. et al. 2009. The effects of introspection on creating privacy policy. Proceedings of the 8th ACM workshop on Privacy in the electronic society (2009), 1--10.

Digital Library

[54]

Turow, J. et al. 2009. Americans reject tailored advertising and three activities that enable it. Available at SSRN 1478214. (2009).

[55]

Ur, B. et al. 2012. Smart, useful, scary, creepy: perceptions of online behavioral advertising. proceedings of the eighth symposium on usable privacy and security (2012), 4.

Digital Library

[56]

Yu, Z. et al. 2016. Tracking the trackers. Proceedings of the 25th International Conference on World Wide Web (2016), 121--132.

Digital Library

[57]

Zuboff, S. 2019. The Age of Surveillance Capitalism: The Fight for a Human Future at the New Frontier of Power. PublicAffairs.

Digital Library

Cited By

Wang YYang S(2024)Constructing and Testing AI International Legal Education Coupling-Enabling ModelSustainability10.3390/su1604152416:4(1524)Online publication date: 10-Feb-2024
https://doi.org/10.3390/su16041524
Jakobi Tvon Grafenstein MLegner CLabadie CMertens PÖksüz AStevens G(2020)The Role of IS in the Conflicting Interests Regarding GDPRBusiness & Information Systems Engineering10.1007/s12599-020-00633-462:3(261-272)Online publication date: 9-Mar-2020
https://doi.org/10.1007/s12599-020-00633-4

Index Terms

Webtracking under the New Data Protection Law: Design Potentials at the Intersection of Jurisprudence and HCI
1. Security and privacy
  1. Human and societal aspects of security and privacy

Recommendations

Cross-border issues under EU data protection law with regards to personal data protection

We are living in an inter-connected, global digital society where the services of different operating systems are universal in nature, but many Internet activities are still being tackled by national laws and regulations. A long-existing question is ...
Issues In Internet Law: Society, Technology, and the Law 11th edition
Concise European Data Protection, E-Commerce and IT Law

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

MuC '19: Proceedings of Mensch und Computer 2019

September 2019

863 pages

ISBN:9781450371988

DOI:10.1145/3340764

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 08 September 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

MuC'19

MuC'19: Mensch-und-Computer

September 8 - 11, 2019

Hamburg, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
211
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)4

Reflects downloads up to 27 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Wang YYang S(2024)Constructing and Testing AI International Legal Education Coupling-Enabling ModelSustainability10.3390/su1604152416:4(1524)Online publication date: 10-Feb-2024
https://doi.org/10.3390/su16041524
Jakobi Tvon Grafenstein MLegner CLabadie CMertens PÖksüz AStevens G(2020)The Role of IS in the Conflicting Interests Regarding GDPRBusiness & Information Systems Engineering10.1007/s12599-020-00633-462:3(261-272)Online publication date: 9-Mar-2020
https://doi.org/10.1007/s12599-020-00633-4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten