In 2002, the European Union (EU) introduced the ePrivacy Directive to regulate the usage of online tracking technologies. Its aim is to make tracking mechanisms explicit while increasing privacy awareness in users. It mandates websites to ask for explicit consent before using any kind of profiling methodology, e.g., cookies. Starting from 2013 the Directive is mandatory, and now most of European websites embed a "Cookie Bar" to explicitly ask user's consent. To the best of our knowledge, no study focused in checking whether a website respects the Directive. For this, we engineer CookieCheck, a simple tool that makes this check automatic. We use it to run a measurement campaign on more than 35,000 websites. Results depict a dramatic picture: 65% of websites do not respect the Directive and install tracking cookies before the user is even offered the accept button. In few words, we testify the failure of the ePrivacy Directive. Among motivations, we identify the absence of rules enabling systematic auditing procedures, the lack of tools to verify its implementation by the deputed agencies, and the technical difficulties of webmasters in implementing it.
[1]
Eleni Kosta,et al.
Taming the cookie monster with Dutch law - A tale of regulatory failure
,
2015,
Comput. Law Secur. Rev..
[2]
Eleni Kosta,et al.
ePrivacy Directive : Assessment of transposition, effectiveness and compatibility with the proposed Data Protections Regulation
,
2015
.
[3]
Martino Trevisan,et al.
Benchmark and comparison of tracker-blockers: Should you trust them?
,
2017,
2017 Network Traffic Measurement and Analysis Conference (TMA).
[4]
Edward W. Felten,et al.
Cookies That Give You Away: The Surveillance Implications of Web Tracking
,
2015,
WWW.
[5]
Bert-Jaap Koops,et al.
The trouble with European data protection law
,
2014
.
[6]
Arturo Azcorra,et al.
Understanding the Detection of View Fraud in Video Content Portals
,
2016,
WWW.
[7]
Arvind Narayanan,et al.
Online Tracking: A 1-million-site Measurement and Analysis
,
2016,
CCS.
[8]
C. Markou.
Behavioural Advertising and the New ‘EU Cookie Law’ as a Victim of Business Resistance and a Lack of Official Determination
,
2016
.
[9]
J. Turow,et al.
Americans Reject Tailored Advertising and Three Activities that Enable It
,
2009
.