skip to main content
10.1145/3491101.3519683acmconferencesArticle/Chapter ViewAbstractPublication PageschiConference Proceedingsconference-collections
poster

Consent-O-Matic: Automatically Answering Consent Pop-ups Using Adversarial Interoperability

Published: 28 April 2022 Publication History

Abstract

The majority of consent pop-ups on the web do not meet the requirements for legally valid consent laid out in the General Data Protection Regulation (GDPR). In the face of a lack of enforcement, we present the browser extension Consent-O-Matic which uses adversarial interoperability to automatically answer these pop-ups based on the user’s preferences. We document how the current implementation of these pop-ups support and inhibit interoperability, focussing on the difference between static and dynamic HTML, the quality of the semantic markup, and the visibility of the system’s state; and we present the implementation of Consent-O-Matic. Lastly, we discuss the possibilities, limitations, and concerns of an adversarial approach.

Supplementary Material

MP4 File (3491101.3519683-talk-video.mp4)
Talk Video

References

[1]
Advocate General Bobek. 2021. Advocate General’s Opinion in Case C-645/19 Facebook Ireland Limited, Facebook INC, Facebook Belgium BVBA v Gegevensbeschermingsautoriteit. https://curia.europa.eu/juris/document/document_print.jsf?docid=236410&text=&dir=&doclang=EN&part=1&occ=first&mode=req&pageIndex=0&cid=23357612.
[2]
European Data Protection Board. 2021. Overview on resources made available by Member States to the Data Protection Authorities and on enforcement actions by the Data Protection Authorities. (2021). https://edpb.europa.eu/system/files/2021-08/edpb_report_2021_overviewsaressourcesandenforcement_v3_en_0.pdf
[3]
Ian Brown. 2020. Interoperability as a tool for competition regulation. (2020).
[4]
Cliqz International GmbH. 2010. Ghostery. https://www.ghostery.com/ghostery-browser-extension/. v8.5.8.
[5]
Cory Doctorow. 2019. Adversarial Interoperability. Electronic Frontier Foundation(2019). https://www.eff.org/deeplinks/2019/10/adversarial-interoperability
[6]
Electronic Frontier Foundation. 2014. PrivacyBadger. https://privacybadger.org/. v2021.11.23.1.
[7]
European Commission. 2020. Data protection as a pillar of citizens’ empowerment and the EU’s approach to the digital transition - two years of application of the General Data Protection Regulation. https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:52020DC0264&from=EN.
[8]
Lilly C Irani and M Six Silberman. 2013. Turkopticon: Interrupting worker invisibility in amazon mechanical turk. In Proceedings of the SIGCHI conference on human factors in computing systems. 611–620.
[9]
Wolfgang Kerber and Heike Schweitzer. 2017. Interoperability in the digital economy. Journal of Intellectual Property, Information Technology and Electronic Commerce Law 8(2017), 39.
[10]
Natasha Lomas. 2020. GDPR’s two-year review flags lack of ‘vigorous’ enforcement. https://techcrunch.com/2020/06/24/gdprs-two-year-review-flags-lack-of-vigorous-enforcement/.
[11]
Natasha Lomas. 2021. Facebook’s lead EU privacy supervisor hit with corruption complaint. https://techcrunch.com/2021/11/22/facebooks-lead-eu-privacy-supervisor-hit-with-corruption-complaint/.
[12]
Célestin Matte, Nataliia Bielova, and Cristiana Santos. 2019. Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe’s Transparency and Consent Framework. Under review (2019). arXiv:1911.09964
[13]
Georg Merzdovnik, Markus Huber, Damjan Buhov, Nick Nikiforakis, Sebastian Neuner, Martin Schmiedecker, and Edgar Weippl. 2017. Block me if you can: A large-scale study of tracker-blocking tools. In 2017 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 319–333.
[14]
Evgeny Morozov. 2013. To save everything, click here: The folly of technological solutionism. Public Affairs.
[15]
Midas Nouwens, Rolf Bagge, Janus Kristensen, and Clemens Nylandsted Klokmose. 2019. Consent-O-Matic. https://github.com/cavi-au/Consent-O-Matic. v0.9.4.
[16]
Midas Nouwens, Rolf Bagge, Janus Kristensen, and Clemens Nylandsted Klokmose. 2019. Consent-O-Matic. https://chrome.google.com/webstore/detail/consent-o-matic/mdjildafknihdffpkfmmpnpoiajfjnjd?hl=en. v0.9.4.
[17]
Midas Nouwens, Rolf Bagge, Janus Kristensen, and Clemens Nylandsted Klokmose. 2019. Consent-O-Matic. https://addons.mozilla.org/en-US/firefox/addon/consent-o-matic/. v0.9.4.
[18]
Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. 2020. Dark Patterns after the GDPR: Scraping Consent Pop-Ups and Demonstrating Their Influence. Association for Computing Machinery, New York, NY, USA, 1–13. https://doi.org/10.1145/3313831.3376321
[19]
World Wide Web Consortium. 1998. The Platform for Privacy Preferences Specification. https://www.w3.org/TR/P3P/.
[20]
World Wide Web Consortium. 2011. Tracking Preference Expression (DNT). https://www.w3.org/TR/tracking-dnt/.

Cited By

View all
  • (2024)From Awareness to Action: Exploring End-User Empowerment Interventions for Dark Patterns in UXProceedings of the ACM on Human-Computer Interaction10.1145/36373368:CSCW1(1-41)Online publication date: 26-Apr-2024
  • (2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
  • (2023)Generic Consents in Digital Ecosystems: Legal, Psychological, and Technical PerspectivesHuman Factors in Privacy Research10.1007/978-3-031-28643-8_13(255-282)Online publication date: 10-Mar-2023

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CHI EA '22: Extended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems
April 2022
3066 pages
ISBN:9781450391566
DOI:10.1145/3491101
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 April 2022

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. General Data Protection Regulation
  2. adversarial interoperability
  3. browser extension
  4. regulatory enforcement

Qualifiers

  • Poster
  • Research
  • Refereed limited

Conference

CHI '22
Sponsor:
CHI '22: CHI Conference on Human Factors in Computing Systems
April 29 - May 5, 2022
LA, New Orleans, USA

Acceptance Rates

Overall Acceptance Rate 6,164 of 23,696 submissions, 26%

Upcoming Conference

CHI 2025
ACM CHI Conference on Human Factors in Computing Systems
April 26 - May 1, 2025
Yokohama , Japan

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)100
  • Downloads (Last 6 weeks)8
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2024)From Awareness to Action: Exploring End-User Empowerment Interventions for Dark Patterns in UXProceedings of the ACM on Human-Computer Interaction10.1145/36373368:CSCW1(1-41)Online publication date: 26-Apr-2024
  • (2024)SoK: Technical Implementation and Human Impact of Internet Privacy Regulations2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00206(673-696)Online publication date: 19-May-2024
  • (2023)Generic Consents in Digital Ecosystems: Legal, Psychological, and Technical PerspectivesHuman Factors in Privacy Research10.1007/978-3-031-28643-8_13(255-282)Online publication date: 10-Mar-2023

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media