Purpose: The goal of this project is to establish a data archiving infrastructure for consent pop-ups across the European web. This will allow researchers, policy makers, and data protection authorities to better understand how different regulatory instruments impact the presence and design of these consent pop-ups over longer periods of time.
Support Type: Feasibility
Description: One of the biggest challenges of regulating the web is not coming up with new legislation, but effectively enforcing it. As we approach the General Data Protection Regulation’s third anniversary, the now ubiquitous consent pop-ups created to capture web users’ permission for data processing are still overwhelmingly flouting the requirements for legally valid consent. A major bottleneck for the Data Protection Authorities (DPA) tasked with regulating this area is the lack of insight into how the consent pop-up ecosystem responds to their fines and guidance; virtually all DPAs continue to use small-scale, real-time snapshot methods to study compliance.
The online data harvesting industry has responded to changes in European data protection regulation by designing so-called consent management platforms: interactive pop-ups that ask users to signal to the website what kind of data can be collected about them. Previous work has shown that many of these CMPs on UK websites are designed in non-compliant ways (Nouwens et al, 2020). This project aims to scale up the measurement of CMPs to the entire European Web, in a recurring way, and make the archive available for other researchers.
Support period: Autumn 2022
Midas Nouwens, Assistant Professor at the Department of Digital Design and Information Studies, Aarhus University