Abstract
Cookie banners are devices implemented by websites to allow users to manage their privacy settings with respect to the use of cookies. They are part of a user’s daily web browsing experience since legislation in Europe requires websites to show such notices. In this paper, we carry out a large-scale study of more than 17,000 websites including more than 7,500 cookie banners in Greece and the UK to determine compliance and tracking transparency levels. Our analysis shows that although more than 60% of websites store third-party cookies in both countries, only less than 50% show a cookie notice and hence a substantial proportion do not comply with the law even at the very basic level. We find only a small proportion of the surveyed websites providing a direct opt-out option, with an overwhelming majority either nudging users towards privacy-intrusive choices or making cookie rejection much harder than consent. Our results differ significantly in some cases from previous smaller-scale studies and hence underline the importance of large-scale studies for a better understanding of the big picture in cookie practices.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bailey, M.M.: NRCLex (2019). GitHub Repository. https://github.com/metalcorebear/NRCLex
Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., Holz, T.: We value your privacy ... now take some cookies: measuring the GDPR’s impact on web privacy. In: NDSS. The Internet Society (2019)
van Eijk, R., Asghari, H., Winter, P., Narayanan, A.: The impact of user location on cookie notices (inside and outside of the European union). In: Workshop on Technology and Consumer Protection (ConPro 2019) (2019)
Englehardt, S., Narayanan, A.: Online tracking: A 1-million-site measurement and analysis. In: Proceedings of ACM CCS 2016 (2016)
European Commission: Digital Economy and Society Index (DESI) Report 2020: Use of internet services (2020)
European Data Protection Board: Guidelines 05/2020 on consent under Regulation 2016/679. Version 1.1 (2020)
European Union: Directive 2002/58/EC of the European Parliament and of the Council. Official Journal of the European Communities: L 201/37 (2002)
Habib, H., et al.: An empirical analysis of data deletion and opt-out choices on 150 websites. In: Symposium on Usable Privacy and Security (SOUPS) (2019)
Kulyk, O., Hilt, A., Gerber, N., Volkamer, M.: This website uses cookies: users’ perceptions and reactions to the cookie disclaimer. In: European Workshop on Usable Security (EuroUSEC) (2018)
Le Pochat, V., Van Goethem, T., Tajalizadehkhoob, S., Korczyński, M., Joosen, W.: Tranco: a research-oriented top sites ranking hardened against manipulation. In: Network and Distributed System Security Symposium. NDSS (2019)
Matte, C., Bielova, N., Santos, C.: Do cookie banners respect my choice?: measuring legal compliance of banners from IAB Europe’s transparency and consent framework. In: IEEE Symposium on Security & Privacy, pp. 791–809. IEEE (2020)
Norwegian Consumer Council: Deceived by design, how tech companies use dark patterns to discourage us from exercising our rights to privacy. Norwegian Consumer Council Report (2018)
Nouwens, M., Liccardi, I., Veale, M., Karger, D., Kagal, L.: Dark patterns after the GDPR: scraping consent pop-ups and demonstrating their influence. In: CHI Conference on Human Factors in Computing Systems, pp. 1–13 (2020)
Utz, C., Degeling, M., Fahl, S., Schaub, F., Holz, T.: (Un)informed consent: studying GDPR consent notices in the field. In: ACM SIGSAC Conference on Computer and Communications Security, pp. 973–990 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 IFIP International Federation for Information Processing
About this paper
Cite this paper
Kampanos, G., Shahandashti, S.F. (2021). Accept All: The Landscape of Cookie Banners in Greece and the UK. In: Jøsang, A., Futcher, L., Hagen, J. (eds) ICT Systems Security and Privacy Protection. SEC 2021. IFIP Advances in Information and Communication Technology, vol 625. Springer, Cham. https://doi.org/10.1007/978-3-030-78120-0_14
Download citation
DOI: https://doi.org/10.1007/978-3-030-78120-0_14
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-78119-4
Online ISBN: 978-3-030-78120-0
eBook Packages: Computer ScienceComputer Science (R0)
