Skip to Main content Skip to Navigation
Journal articles

Are cookie banners indeed compliant with the law?: Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners

Cristiana Santos 1 Nataliia Bielova 2 Célestin Matte
2 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : In this paper, we describe how cookie banners, as a consent mechanism in web applications, should be designed and implemented to be compliant with the ePrivacy Directive and the GDPR, defining 22 legal requirements. While some are provided by legal sources, others result from the domain expertise of computer scientists. We perform a technical assessment of whether technical (with computer science tools), manual (with a human operator) or user studies verification is needed. We show that it is not possible to assess legal compliance for the majority of requirements because of the current architecture of the web. With this approach, we aim to support policy makers assessing compliance in cookie banners, especially under the current revision of the EU ePrivacy framework.
Complete list of metadata

Cited literature [45 references]  Display  Hide  Download

https://hal.inria.fr/hal-02875447
Contributor : Nataliia Bielova Connect in order to contact the contributor
Submitted on : Wednesday, September 23, 2020 - 1:52:11 PM
Last modification on : Tuesday, April 20, 2021 - 8:27:03 AM

File

2020-09-22-journal.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Cristiana Santos, Nataliia Bielova, Célestin Matte. Are cookie banners indeed compliant with the law?: Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners. Technology and Regulation, Tilburg University, 2020, 2020, pp.91-135. ⟨10.26116/TECHREG.2020.009⟩. ⟨hal-02875447v2⟩

Share

Metrics

Record views

2091

Files downloads

2392