Automated Large-Scale Analysis of Cookie Notice Compliance
Ahmed Bouhoula
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
The internet browsing experience is frequently disrupted by ubiquitous cookie notices, a direct consequence of privacy regulations like the European Union's **General Data Protection Regulation (GDPR)** and **ePrivacy Directive**. These regulations mandate explicit, freely given, unambiguous, and specific consent for the use of non-essential cookies. However, the practical implementation of these requirements on a vast scale has proven challenging, leading to widespread non-compliance and the proliferation of **dark patterns** that subtly manipulate users into accepting tracking. This talk by Ahmed Bouhoula presents a groundbreaking automated methodology for large-scale analysis of cookie notice compliance, addressing the limitations of previous studies which were often manual, restricted to specific consent providers, or only examined the first layer of cookie interfaces.
AI review
Bouhoula's research delivers a critical, automated framework for large-scale analysis of cookie notice compliance, exposing rampant disregard for user privacy and legal mandates. Leveraging ML and intelligent crawling, it reveals a "facade of compliance" where popular sites ignore user rejections, providing actionable data for regulators and industry alike.