On Compliance of Cookie Purposes with the Purpose Specification Principle - Archive ouverte HAL Access content directly
Conference Papers Year : 2020

On Compliance of Cookie Purposes with the Purpose Specification Principle

(1) , (2) , (3) , (1) , (4)
1
2
3
4

Abstract

The enforcement of the General Data Protection Regulation and the ePrivacy Directive relies upon auditing legal compliance of websites. Data controllers, as part of their accountability and transparency obligations, need to declare the purposes of cookies that they use in their websites. This leads to relevant questions such as: How should purposes be described according to the purpose specification principle? And how to ensure a scalable auditing, enabled by automated means, for legal compliance of cookie purposes? In this paper, we investigate the legal compliance of purposes for 20,218 third-party cookies. Surprisingly, only 12.85% of third-party cookies have a corresponding cookie policy where a cookie is even mentioned. Overall, we find out that purposes declared in cookie policies do not comply with the purpose specification principle in 95% of cases in our automatized audit. Finally, we provide recommendations on standardized specification of purposes following the recent draft recommendation of the French Data Protection Authority (CNIL) on cookies.
Fichier principal
Vignette du fichier
Cookie_Purposes__IWPE_2020_.pdf (239.62 Ko) Télécharger le fichier
Origin : Files produced by the author(s)
Loading...

Dates and versions

hal-02567022 , version 1 (07-05-2020)

Identifiers

  • HAL Id : hal-02567022 , version 1

Cite

Imane Fouad, Cristiana Santos, Feras Al Kassar, Nataliia Bielova, Stefano Calzavara. On Compliance of Cookie Purposes with the Purpose Specification Principle. IWPE 2020 - International Workshop on Privacy Engineering, Sep 2020, Genova, Italy. pp.1-8. ⟨hal-02567022⟩
621 View
1156 Download

Share

Gmail Facebook Twitter LinkedIn More