The Unwanted Sharing Economy: An Analysis of Cookie Syncing and User Transparency under GDPR

by   Tobias Urban, et al.

The European General Data Protection Regulation (GDPR), which went into effect in May 2018, leads to important changes in this area: companies are now required to ask for users' consent before collecting and sharing personal data and by law users now have the right to gain access to the personal information collected about them. In this paper, we study and evaluate the effect of the GDPR on the online advertising ecosystem. In a first step, we measure the impact of the legislation on the connections (regarding cookie syncing) between third-parties and show that the general structure how the entities are arranged is not affected by the GDPR. However, we find that the new regulation has a statistically significant impact on the number of connections, which shrinks by around 40 the subject access right process of popular companies in this ecosystem and observe differences between the processes implemented by the companies and how they interpret the new legislation. We exercised our right of access under GDPR with 36 companies that had tracked us online. Although 32 companies (89 inquired replied within the period defined by law, only 21 (58 process by the deadline set in the GDPR. Our work has implications regarding the implementation of privacy law as well as what online tracking companies should do to be more compliant with the new regulation.


page 1

page 2

page 3

page 4


Protecting User Privacy in Online Settings via Supervised Learning

Companies that have an online presence-in particular, companies that are...

rgpdOS: GDPR Enforcement By The Operating System

The General Data Protection Regulation (GDPR) forces IT companies to com...

Second layer data governance for permissioned blockchains: the privacy management challenge

Data privacy is a trending topic in the internet era. Given such importa...

A novel algorithm for clearing financial obligations between companies – an application within the Romanian Ministry of Economy

The concept of clearing or netting, as defined in the glossaries of Euro...

Centralization is about Control, not Protocols (Position Paper)

Many common “consumer” applications, i.e., applications widely used by n...

GDPArrrrr: Using Privacy Laws to Steal Identities

The General Data Protection Regulation (GDPR) has become a touchstone mo...

Health Advertising on Facebook: Privacy Policy Considerations

In this study we analyzed content and marketing tactics of digital medic...

Please sign up or login with your details

Forgot password? Click here to reset