We Value Your Privacy ... Now Take Some Cookies

Degeling, Martin; Utz, Christine; Lentzsch, Christopher; Hosseini, Henry; Schaub, Florian; Holz, Thorsten

doi:10.1007/s00287-019-01201-1

Cited by 59 publications

(14 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This regulation’s aims are to set high standards for the collection and processing of personal data as well as enhance consumer empowerment. As a result, GDPR impacts how data collection on the web is designed, what data are collected, how users are informed about these practices and what rights they have (Degeling et al, 2019). This might mean that while in the Netherlands training privacy behaviors is effective in increasing protection behavior, this may be different in countries in which consumers are offered less information and privacy rights.…”

Section: Discussionmentioning

confidence: 99%

“…Self-management of online privacy is particularly important as regulations and privacy law (such as the GDPR) mostly delegate the responsibility of privacy protection to users (Degeling et al, 2019; Strycharz et al, 2021). Research has shown that whether people protect their privacy depends on their privacy concerns and attitudes, knowledge, internet and digital skills, experience with privacy violations, education, gender, and age (e.g., Baruh et al, 2017; Büchi et al, 2017; Dienlin & Trepte, 2015; Smit et al, 2014).…”

mentioning

confidence: 99%

See 1 more Smart Citation

How Can We Increase Privacy Protection Behavior? A Longitudinal Experiment Testing Three Intervention Strategies

Boerman

Strycharz

Smit

2023

Communication Research

View full text Add to dashboard Cite

This study investigates which intervention strategies most effectively increase privacy protection behavior. Drawing upon Protection Motivation Theory, we examine the short- and long-term effects of (combinations) of three strategies: (1) increasing awareness of the threat to privacy, (2) training effective privacy protection behavior, and (3) addressing and combating privacy fatigue. We conducted a longitudinal experiment in the Netherlands with three waves ( Nwave1 = 1,000, 2 weeks later Nwave2 = 799, 2 months later Nwave3 = 465) and eight between subjects conditions (no strategy and all possible combinations of the strategies). Results show that the training strategy increased self-efficacy and response efficacy, immediately increased all privacy protection behaviors, and positively impacted tracking blocking behavior in the short- and long-term, actual cookie rejection in the short-term (2 weeks later), and deletion behavior in the long-term (2 months later). The threat and fatigue strategies did not have their anticipated effects, but the threat strategy did immediately increase tracking blocking intentions, and the fatigue strategy had a positive, short-term effect on cookie rejection behavior.

show abstract

Section: Discussionmentioning

confidence: 99%

mentioning

confidence: 99%

How Can We Increase Privacy Protection Behavior? A Longitudinal Experiment Testing Three Intervention Strategies

Boerman

Strycharz

Smit

2023

Communication Research

View full text Add to dashboard Cite

show abstract

“…There has been a growing body of literature in CHI and related communities measuring responses of entities to privacy-related regulations such as the Gramm-Leach-Bliley Act [10] and European regulations such General Data Privacy Regulation (GDPR) [12,44]. For example, Nguyen et al studies whether consent for processing of users' personal data is given freely and in an informed manner by automating the interaction with and collection of consent notices and analyzing those notices.…”

Section: Privacy-related Regulationsmentioning

confidence: 99%

“…For example, Nguyen et al studies whether consent for processing of users' personal data is given freely and in an informed manner by automating the interaction with and collection of consent notices and analyzing those notices. Degeling et al [12] measures the impacts of the GDPR on web privacy by monitoring and analyzing changes in the privacy policies of websites in European countries over time. Some work, on the other hand, examines how privacy-related regulations aect the user experience on dierent services and apps, and also whether dierent apps or services are compliant with regulations such as the Children's Online Privacy Protection Act (COPPA) [4,21,49,59].…”

Section: Privacy-related Regulationsmentioning

confidence: 99%

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Tran,

Mehrotra,

Chetty

et al. 2024

Proceedings of the CHI Conference on Human Factors in Computing Systems

View full text Add to dashboard Cite

The widespread sharing of consumers' personal information with third parties raises signicant privacy concerns. The California Consumer Privacy Act (CCPA) mandates that online businesses oer consumers the option to opt out of the sale and sharing of personal information. Our study automatically tracks the presence of the opt-out link longitudinally across multiple states after the California Privacy Rights Act (CPRA) went into eect. We categorize websites based on whether they are subject to CCPA and investigate cases of potential non-compliance. We nd a number of websites that implement the opt-out link early and across all examined states but also nd a signicant number of CCPA-subject websites that fail to oer any opt-out methods even when CCPA is in eect. Our ndings can shed light on how websites are reacting to the CCPA and identify potential gaps in compliance and optout method designs that hinder consumers from exercising CCPA opt-out rights.

show abstract

“…Considering the findings of existing research on post-GDPR transparency practices, most studies have found GDPR to have indeed led to increased information disclosures among organizations (see Degeling, Utz, Lentzsch, Hosseini, Schaub, & Holz, 2019; Linden, Khandelwal, Harkous, & Fawaz, 2020; Sanchez-Rola et al, 2019; Utz, Degeling, Fahl, Schaub, & Holz, 2019). For example, Degeling et al (2019) found that 84.5 percent of the most popular websites in the EU had published privacy policies after May 25, 2018, when GDPR took effect, and that 72.6 percent of them updated their policies close to this date. Regarding the quality of such policies, another study by Urban, Tatang, Degeling, Holz, and Pohlmann (2018: 11) of companies that shared personal data with third parties found that 36 of 39 (92 percent) “[fulfilled] the minimum requirements for privacy policies” imposed by the law.…”

Section: Data Transparency and (Im)maturitymentioning

confidence: 99%

Dark Sides of Data Transparency: Organized Immaturity After GDPR?

Schade

2023

Bus. Ethics Q.

View full text Add to dashboard Cite

Organized immaturity refers to the capacity of widely institutionalized sociotechnical systems to challenge qualities of human enlightenment, autonomy, and self-determination. In the context of surveillance capitalism, where these qualities are continuously put at risk, data transparency is increasingly proposed as a means of restoring human maturity by allowing individuals insight and choice vis-à-vis corporate data processing. In this article, however, I draw on research on General Data Protection Regulation–mandated data transparency practices to argue that transparency—while potentially fostering maturity—itself risks producing new forms of organized immaturity by facilitating user ignorance, manipulation, and loss of control of personal data. Considering data transparency’s relative “successes” and “failures” regarding the cultivation of maturity, I outline a set of possible remedies while arguing for a general need to develop more sophisticated ethical appreciations of transparency’s complex and potentially problematic implications for organized (im)maturity in the digital age.

show abstract

We Value Your Privacy ... Now Take Some Cookies

Cited by 59 publications

References 5 publications

How Can We Increase Privacy Protection Behavior? A Longitudinal Experiment Testing Three Intervention Strategies

How Can We Increase Privacy Protection Behavior? A Longitudinal Experiment Testing Three Intervention Strategies

Measuring Compliance with the California Consumer Privacy Act Over Space and Time

Dark Sides of Data Transparency: Organized Immaturity After GDPR?

Contact Info

Product

Resources

About