Abstract
Privacy policies and the use of cookies on websites serve important functions but also raise concerns regarding user privacy and tracking. In order to address these concerns and adhere to legal requirements, web service providers utilize pop-ups to obtain user consent based on the notice-and-choice principle. However, a significant issue arises when users accept all policies without thoroughly reading or comprehending them, resulting in difficulties in managing and recalling accepted policies across various websites. To tackle this challenge, we propose PrivacySmart: an innovative system that handles privacy and cookie policy pop-ups for users as they navigate and access online services, all while taking their privacy preferences into account. The system comprises two essential components: a plug-in that necessitates installation on users’ browsers and a smartphone application that consolidates all accepted policies from different plug-ins. This system empowers users by granting them control over the policies they have agreed to and the corresponding websites, while avoiding them the policies management overhead. By implementing the tool as a Firefox extension, we have conducted thorough evaluations and obtained promising results from the experiments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
GDPR Cookies https://gdpr.eu/cookies/.
- 2.
Didomi: https://www.didomi.io/es/.
- 3.
CookieYes: https://www.cookieyes.com/.
- 4.
Cookie Notice: https://cookiesnotice.com/.
- 5.
OneTrust: https://www.onetrust.es/.
- 6.
- 7.
HyperText Markup Language: https://developer.mozilla.org/en-US/docs/Web/HTML.
- 8.
Cascading Style Sheets: https://developer.mozilla.org/en-US/docs/Web/CSS.
- 9.
Source Code: https://github.com/EduardBel/PrivacySmart.
- 10.
Web3.js: https://web3js.org/#/.
- 11.
Ganache: https://trufflesuite.com/ganache/.
References
Barati, M., Rana, O.: Tracking GDPR compliance in cloud-based service delivery. IEEE Trans. Serv. Comput., 1 (2020). https://doi.org/10.1109/TSC.2020.2999559
Bu-Pasha, S., Alen-Savikko, A., Mäkinen, J.S., Guinness, R., Korpisaari, P.: EU law perspectives on location data privacy in smartphones and informed consent for transparency. Eur. Data Prot. Law Rev. 2(3/2016), 312–323 (2016)
CodyMcCodington: Auto cookie optout (2022). https://addons.mozilla.org/en-GB/firefox/addon/auto-cookie-optout/
Cookie, N.: Ninja cookie (2020). https://addons.mozilla.org/en-GB/firefox/addon/ninja-cookie/
Daudén-Esmel, C., Castellà-Roca, J., Viejo, A., Domingo-Ferrer, J.: Lightweight blockchain-based platform for GDPR-compliant personal data management. In: 5th IEEE International Conference on Cryptography, Security and Privacy, CSP 2021, Zhuhai, China, 8–10 January 2021, pp. 68–73 (2021)
Davari, M., Bertino, E.: Access control model extensions to support data privacy protection based on GDPR. In: 2019 IEEE International Conference on Big Data (Big Data), pp. 4017–4024. December 2019. https://doi.org/10.1109/BigData47090.2019.9006455
Deloitte: Deloitte: Cookie benchmark study (2020). https://www2.deloitte.com/content/dam/Deloitte/nl/Documents/risk/deloitte-nl-risk-cookie-benchmark-study.pdf
Esteve, A.: The business of personal data: Google, Facebook, and privacy issues in the EU and the USA. Int. Data Priv. Law 7(1), 36–47 (03 2017). https://doi.org/10.1093/idpl/ipw026
Faber, B., Michelet, G., Weidmann, N., Mukkamala, R.R., Vatrapu, R.: BPDIMS: a blockchain-based personal data and identity management system. In: Conference: Hawaii International Conference on System Sciences, January 2019. https://doi.org/10.24251/HICSS.2019.821
Ha, V., Inkpen, K., Al Shaar, F., Hdeib, L.: An examination of user perception and misconception of internet cookies. In: CHI 2006 Extended Abstracts on Human Factors in Computing Systems, pp. 833–838 (2006)
hawkeye116477, krystian3w: Polish cookie consent (2022). https://addons.mozilla.org/en-GB/firefox/addon/polish-cookie-consent/
Houser, K., Voss, W.: GDPR: the end of google and Facebook or a new paradigm in data privacy? SSRN Electron. J. (2018). https://doi.org/10.2139/ssrn.3212210
Jung, S.S., Lee, S.J., Euom, I.C.: Delegation-based personal data processing request notarization framework for GDPR based on private blockchain. Appl. Sci. 11(22) (2021). https://doi.org/10.3390/app112210574. https://www.mdpi.com/2076-3417/11/22/10574
Kulyk, O., Mayer, P., Volkamer, M., Käfer, O.: A concept and evaluation of usable and fine-grained privacy-friendly cookie settings interface. In: 2018 17th IEEE International Conference on Trust, Security and Privacy in Computing and Communications/12th IEEE International Conference on Big Data Science And Engineering (TrustCom/BigDataSE), pp. 1058–1063. IEEE (2018)
McDonald, A.M., Reeder, R.W., Kelley, P.G., Cranor, L.F.: A comparative study of online privacy policies and formats. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 37–55. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03168-7_3
Merlec, M.M., Lee, Y.K., Hong, S.P., In, H.P.: A smart contract-based dynamic consent management system for personal data usage under GDPR. Sensors 21(23) (2021). https://doi.org/10.3390/s21237994
Palatinus, M., Rusnak, P., Voisine, A., Bowe, S.: BIP39: mnemonic code for generating deterministic keys (2013). https://github.com/bitcoin/bips/blob/master/bip-0039.mediawiki
Squicciarini, A., Bhargav-Spantzel, A., Czeskis, A., Bertino, E.: Traceable and automatic compliance of privacy policies in federated digital identity management. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 78–98. Springer, Heidelberg (2006). https://doi.org/10.1007/11957454_5
Super Agent, Diogo Minhava: Super agent - automatic cookie consent (2023). https://addons.mozilla.org/en-GB/firefox/addon/super-agent/?utm_source=addons.mozilla.org &utm_medium=referral &utm_content=search
Truong, N.B., Sun, K., Lee, G.M., Guo, Y.: GDPR-compliant personal data management: a blockchain-based solution. IEEE Trans. Inf. Forensics Secur. 15, 1746–1761 (2020)
European Union: Regulation (EU) 2016/679 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing directive 95/46/EC (general data protection regulation) (text with EEA relevance). Off. J. Eur. Union L 119 59, 1–88 (2016). https://eur-lex.europa.eu/eli/reg/2016/679/oj
Vyas, N., Squicciarini, A.C., Chang, C.C., Yao, D.: Towards automatic privacy management in web 2.0 with semantic analysis on annotations. In: 2009 5th International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 1–10. IEEE (2009)
Wirth, C., Kolain, M.: Privacy by blockchain design: a blockchain-enabled GDPR-compliant approach for handling personal data. In: Reports of the European Society for Socially Embedded Technologies (EUSSET) (2018)
Wrappalyzer: Cookie compliance technologies market share (2023). https://www.wappalyzer.com/technologies/cookie-compliance/
Wuille, P.: Bip32: Hierarchical deterministic wallets (2012). https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki
Yue, C., Xie, M., Wang, H.: Automatic cookie usage setting with cookiepicker. In: 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2007), pp. 460–470. IEEE (2007)
Yue, C., Xie, M., Wang, H.: An automatic HTTP cookie management system. Comput. Netw. 54(13), 2182–2198 (2010)
Zichichi, M., Ferretti, S., D’Angelo, G., Rodríguez-Doncel, V.: Personal data access control through distributed authorization. In: 2020 IEEE 19th International Symposium on Network Computing and Applications (NCA), pp. 1–4, November 2020. https://doi.org/10.1109/NCA51143.2020.9306721
Acknowledgments and Disclaimer
This research is supported by the project “HERMES” funded by INCIBE and the European Union NextGenerationEU/PRTR, by project PID2021-125962OB-C32 “SECURING/DATA” funded by MCIN/AEI/10.13039/501100011033/ FEDER, UE, and by the grant 2021SGR 00115 from the Government of Catalonia. The first author is also supported by the Spanish Government under an FPU grant (ref. FPU20/03254).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Daudén-Esmel, C., Castellà-Roca, J., Viejo, A., Bel-Ribes, E.J. (2024). PrivacySmart: Automatic and Transparent Management of Privacy Policies. In: Katsikas, S., et al. Computer Security. ESORICS 2023 International Workshops. ESORICS 2023. Lecture Notes in Computer Science, vol 14398. Springer, Cham. https://doi.org/10.1007/978-3-031-54204-6_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-54204-6_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54203-9
Online ISBN: 978-3-031-54204-6
eBook Packages: Computer ScienceComputer Science (R0)