A Study on Subject Data Access in Online Advertising After the GDPR

Online tracking has mostly been studied by passively measuring the presence of tracking services on websites (i) without knowing what data these services collect, (ii) the reasons for which specific purposes it is collected, (iii) or if the used practices are disclosed in privacy policies. The European General Data Protection Regulation (GDPR) came into effect on May 25, 2018 and introduced new rights for users to access data collected about them.

[1]  Ana Rodríguez,et al.  Online advertising: analysis of privacy threats and protection approaches , 2016 .

[2]  Evangelos P. Markatos,et al.  The Cost of Digital Advertisement: Comparing User and Advertiser Views , 2018, WWW.

[3]  Sokol Kosta,et al.  Before and After GDPR: The Changes in Third Party Presence at Public and Private European Websites , 2019, WWW.

[4]  Cédric Lauradoux,et al.  Security Analysis of Subject Access Request Procedures - How to Authenticate Data Subjects Safely When They Request for Their Data , 2019, APF.

[5]  Jordi Forné,et al.  Online advertising: Analysis of privacy threats and protection approaches , 2017, Comput. Commun..

[6]  Gianclaudio Malgieri,et al.  The right to data portability in the GDPR: Towards user-centric interoperability of digital services , 2017, Comput. Law Secur. Rev..

[7]  Julia Powles,et al.  "Meaningful Information" and the Right to Explanation , 2017, FAT.

[8]  Qiang Ma,et al.  Adscape: harvesting and analyzing online display ads , 2014, WWW.

[9]  Norbert Pohlmann,et al.  GDPiRated - Stealing Personal Information On- and Offline , 2019, ESORICS.

[10]  Saikat Guha,et al.  Challenges in measuring online advertising systems , 2010, IMC '10.

[11]  Feiyue Wang,et al.  A survey on real time bidding advertising , 2014, Proceedings of 2014 IEEE International Conference on Service Operations and Logistics, and Informatics.

[12]  Thorsten Holz,et al.  We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR's Impact on Web Privacy , 2019, NDSS.

[13]  Wim Lamotte,et al.  Personal Information Leakage by Abusing the GDPR 'Right of Access' , 2019, SOUPS @ USENIX Security Symposium.

[14]  Leyla Bilge,et al.  Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control , 2019, AsiaCCS.

[15]  Edgar R. Weippl,et al.  Measuring Cookies and Web Privacy in a Post-GDPR World , 2019, PAM.

[16]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[17]  Josep M. Pujol,et al.  WhoTracks.Me: Monitoring the online tracking landscape at scale , 2018, ArXiv.

[18]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[19]  Norbert Pohlmann,et al.  Towards Understanding Privacy Implications of Adware and Potentially Unwanted Programs , 2018, ESORICS.

[20]  Jon M. Peha,et al.  Track Gap: Policy Implications of User Expectations for the 'Do Not Track' Internet Privacy Feature , 2011 .