Notice
This is not the latest version of this item. The latest version can be found at:https://dspace.mit.edu/handle/1721.1/129999.2
Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence
dc.contributor.author | Nouwens, Midas | |
dc.contributor.author | Liccardi, Ilaria | |
dc.contributor.author | Veale, Michael | |
dc.contributor.author | Karger, David R | |
dc.contributor.author | Kagal, Lalana | |
dc.date.accessioned | 2021-02-24T21:03:49Z | |
dc.date.available | 2021-02-24T21:03:49Z | |
dc.date.issued | 2020-04 | |
dc.identifier.isbn | 9781450367080 | |
dc.identifier.uri | https://hdl.handle.net/1721.1/129999 | |
dc.description.abstract | New consent management platforms (CMPs) have been introduced to the web to conform with the EU's General Data Protection Regulation, particularly its requirements for consent when companies collect and process users' personal data. This work analyses how the most prevalent CMP designs affect people's consent choices. We scraped the designs of the five most popular CMPs on the top 10,000 websites in the UK (n=680). We found that dark patterns and implied consent are ubiquitous; only 11.8% meet our minimal requirements based on European law. Second, we conducted a field experiment with 40 participants to investigate how the eight most common designs affect consent choices. We found that notification style (banner or barrier) has no effect; removing the opt-out button from the first page increases consent by 22-23 percentage points; and providing more granular controls on the first page decreases consent by 8-20 percentage points. This study provides an empirical basis for the necessary regulatory action to enforce the GDPR, in particular the possibility of focusing on the centralised, third-party CMP services as an effective way to increase compliance. | en_US |
dc.description.sponsorship | NSF (Award 1639994) | en_US |
dc.language.iso | en | |
dc.publisher | Association for Computing Machinery (ACM) | en_US |
dc.relation.isversionof | http://dx.doi.org/10.1145/3313831.3376321 | en_US |
dc.rights | Creative Commons Attribution-Noncommercial-Share Alike | en_US |
dc.rights.uri | http://creativecommons.org/licenses/by-nc-sa/4.0/ | en_US |
dc.source | arXiv | en_US |
dc.title | Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence | en_US |
dc.type | Article | en_US |
dc.identifier.citation | Nouwens, Midas et al. "Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence." Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems, April 2020, Honolulu, Hawaii, Association for Computing Machinery, April 2020. © 2020 ACM | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Computer Science and Artificial Intelligence Laboratory | en_US |
dc.contributor.department | Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science | en_US |
dc.relation.journal | Proceedings of the 2020 CHI Conference on Human Factors in Computing Systems | en_US |
dc.eprint.version | Original manuscript | en_US |
dc.type.uri | http://purl.org/eprint/type/ConferencePaper | en_US |
eprint.status | http://purl.org/eprint/status/NonPeerReviewed | en_US |
dc.date.updated | 2020-12-23T15:56:35Z | |
dspace.orderedauthors | Nouwens, M; Liccardi, I; Veale, M; Karger, D; Kagal, L | en_US |
dspace.date.submission | 2020-12-23T15:56:39Z | |
mit.license | OPEN_ACCESS_POLICY | |
mit.metadata.status | Complete |