P. Papadopoulos, N. Kourtellis, and E. Markatos, Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask, The World Wide Web Conference, pp.1432-1442, 2019.

A. Sabelfeld and A. C. Myers, Language-based information-flow security, IEEE J. Sel. Areas Commun, vol.21, issue.1, pp.5-19, 2003.

D. Hedin, L. Bello, and A. Sabelfeld, Information-flow security for JavaScript and its APIs, J. Comput. Secur, vol.24, issue.2, pp.181-234, 2016.

B. Livshits, Dynamic taint tracking in managed runtimes, 2012.

J. Magazinius, D. Hedin, and A. Sabelfeld, Architectures for Inlining Security Monitors in Web Applications, ESSoS, vol.2014, pp.141-160, 2012.

A. Mathur, G. Acar, M. J. Friedman, E. Lucherini, J. Mayer et al., Dark Patterns at Scale: Findings from a Crawl of 11K Shopping Websites, 2019.

M. Nouwens, I. Liccardi, M. Veale, D. R. Karger, and L. Kagal, Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence, vol.2020

D. German,

, Since a consent is revocable, a corresponding option for revocation must be implemented. The revocation must be as easy as the granting of consent, Art, vol.7, issue.3

, Opinion 4/2010 (29WP 174) on the European code of conduct of FEDMA for the use of personal data in direct marketing, p.13, 2010.

D. Greek, Guidelines on Cookies and Trackers, vol.42

D. Irish and . Guidance, , vol.37

, R6 Accessibility of information page ? R7 Necessary information on BTT ? R8 Information on consent banner configuration ? R9 Information on the data controller ? R10 Information on rights

, The European Commission, it its portal, states that "data is deleted unless it can be processed on another legal ground (for example storage requirements or as far as it is a necessity to fulfill the contract, 2020.

, It is noticeable that the request for revoking consent does not imply data erasure. For the data to be erased, the data subject needs to exercise this right to erasure. However, revoking consent should imply deletion of data as an immediate

C. Libert,

I. Sanchez-rola, M. Dell"amico, P. Kotzias, D. Balzarotti, L. Bilge et al., Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control, ACM Asia Conference on Computer and Communications Security (AsiaCCS "19), 2019.

C. Libert, , vol.128

C. Libert,

C. A. Brodie, C. Karat, and J. Karat, An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench, Proceedings of the second symposium on Usable privacy and security (SOUPS '06), pp.8-19, 2006.

W. Shomir, F. Schaub, A. Dara, F. Liu, S. Cherivirala et al., Mads Schaarup Andersen

E. H. Norton, J. R. Hovy, N. M. Reidenberg, and . Sadeh, The Creation and Analysis of a Website Privacy Policy Corpus, ACL, 2016.

W. Ammar, S. Wilson, N. Sadeh, and N. A. Smith, Automatic categorization of privacy policies: A pilot study

H. Harkous, K. Fawaz, R. Lebret, F. Schaub, G. Kang et al., Polisis: Automated Analysis and Presentation of Privacy Policies Using Deep Learning, USENIX Security Symposium, 2018.

R. L. Razieh-nokhbeh-zaeem, K. German, and . Barber, Privacycheck: Automatic summarization of privacy policies using data mining, ACM Transactions on Internet Technology (TOIT), vol.18, issue.4, p.53, 2018.

S. Razieh-nokhbeh-zaeem and . Barber, Policies-of-Government-Agencies-and-Companies-a-Study-Using-Privacy-Policy-Analysis-Tools.pdf> accessed 18 th, 2020.

V. Morel and R. Pardo, Three dimensions of privacy policies, 2019.

, CNIL draft recommendation 2020

. Cf, . German, and . Guidelines,

D. German, FAQ about Cookies and Tracking, 2019.

, German Federal Court of Justice for consent to telephone advertising and cookie storage, 2020.

. Edpb-press-release, The Spanish Data Protection Authority fined the company Vueling for the cookie policy used on its website with 30,000 euros, 2019.

D. Spanish and . Decision, Procedimiento PS/00127/2019" (2019) <www.aepd.es/resoluciones/PS-00127-2019_ORI.pdf> accessed 7, 2020.

D. French, Decision n°, 2018.

C. Carpineto, D. Lo-re, and G. Romano, Automatic assessment of website compliance to the European cookie law with CooLCheck, Proceedings of the 2016 ACM on Workshop on Privacy in the Electronic Society, pp.135-138, 2016.

S. Traverso, M. Trevisan, L. Giannantoni, and M. Mellia, Benchmark and comparison of tracker-blockers: Should you trust them?, Network Traffic Measurement and Analysis Conference, pp.1-9, 2017.

M. Trevisan, S. Traverso, E. Bassi, and M. Mellia, 4 Years of EU Cookie Law: Results and Lessons Learned, Proceedings on Privacy Enhancing Technologies, vol.2, pp.126-145, 2019.

R. Van-eijk, H. Asghari, P. Winter, and A. Narayanan, The Impact of User Location on Cookie Notices (Inside and Outside of the European Union, Workshop on Technology and Consumer Protection (ConPro '19), 2019.

M. Degeling,

I. Sanchez-rola, M. Dell&apos;amico, P. Kotzias, D. Balzarotti, L. Bilge et al., Can I Opt Out Yet? GDPR and the Global Illusion of Cookie Control, ACM Asia Conference on Computer and Communications Security (AsiaCCS '19), 2019.

T. Libert, L. Graves, and . Rasmus-kleis-nielsen, Changes in third-party content on European news websites after GDPR" (Reuters Institute for the Study of Journalism Reports: Factsheet, Reuters Institute for the Study of Journalism, 2018.

C. Cf and . Utz,

. Matte,

. Nouwens,

R. Leenes and E. Kosta, Taming the Cookie Monster with Dutch Law -A Tale of Regulatory Failure, Computer Law & Security Review, vol.31, issue.3, pp.317-335, 2015.