What is in your cookie box? Explaining ingredients of web cookies with knowledge graphs

The General Data Protection Regulation (GDPR) has imposed strict requirements for data sharing, one of which is informed consent. A common way to request consent online is via cookies. However, commonly, users accept online cookies being unaware of the meaning of the given consent and the following implications. Once consent is given, the cookie “disappears”, and one forgets that consent was given in the first place. Retrieving cookies and consent logs becomes challenging, as most information is stored in the specific Internet browser’s logs. To make users aware of the data sharing implied by cookie consent and to support transparency and traceability within systems, we present a knowledge graph (KG) based tool for personalised cookie consent information visualisation. The KG is based on the OntoCookie ontology, which models cookies in a machine-readable format and supports data interpretability across domains. Evaluation results confirm that the users’ comprehension of the data shared through cookies is vague and insufficient. Furthermore, our work has resulted in an increase of 47.5% in the users’ willingness to be cautious when viewing cookie banners before giving consent. These and other evaluation results confirm that our cookie data visualisation approach and tool help to increase users’ awareness of cookies and data sharing.

[1]  Tek Raj Chhetri,et al.  Automated GDPR Contract Compliance Verification Using Knowledge Graphs , 2022, Inf..

[2]  Tek Raj Chhetri,et al.  Data Protection by Design Tool for Automated GDPR Compliance Verification Based on Semantically Modeled Informed Consent , 2022, Sensors.

[3]  Tek Raj Chhetri,et al.  Knowledge Graph Based Hard Drive Failure Prediction , 2022, Sensors.

[4]  Antonio J. Roa-Valverde,et al.  Raising Consent Awareness With Gamification and Knowledge Graphs: An Automotive Use Case , 2022, Int. J. Semantic Web Inf. Syst..

[5]  Dhiren A. Audich,et al.  Improving Readability of Online Privacy Policies through DOOP: A Domain Ontology for Online Privacy , 2021, Digit..

[6]  Ruba Abu-Salma,et al.  Cookie Banners, What's the Purpose?: Analyzing Cookie Banner Text Through a Legal Lens , 2021, WPES@CCS.

[7]  Tek Raj Chhetri,et al.  Consent through the lens of semantics: State of the art survey and best practices , 2021, Semantic Web.

[8]  Anna Fensel,et al.  Raising Awareness of Data Sharing Consent Through Knowledge Graph Visualisation , 2021, SEMANTiCS.

[9]  P. Papadopoulos,et al.  User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users , 2021, WWW.

[10]  Jonathan Mayer,et al.  What Makes a Dark Pattern... Dark?: Design Attributes, Normative Considerations, and Measurement Methods , 2021, CHI.

[11]  Tim Finin,et al.  Creating Cybersecurity Knowledge Graphs From Malware After Action Reports , 2020, IEEE Access.

[12]  P. Grünewald,et al.  The trust gap: Social perceptions of privacy data for energy services in the United Kingdom , 2020, Energy Research & Social Science.

[13]  Rong Jiang,et al.  Attack Analysis Framework for Cyber-Attack and Defense Test Platform , 2020, Electronics.

[14]  Olha Drozd,et al.  Privacy CURE: Consent Comprehension Made Easy , 2020, SEC.

[15]  Than Htut Soe,et al.  Circumvention by design - dark patterns in cookie consent for online news outlets , 2020, NordiCHI.

[16]  Jingju Liu,et al.  Review on the Application of Knowledge Graph in Cyber Security Assessment , 2020, IOP Conference Series: Materials Science and Engineering.

[17]  Meg Leta Jones Cookies: a legacy of controversy , 2020 .

[18]  Nataliia Bielova,et al.  Are cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners , 2019, ArXiv.

[19]  Nuno Freire,et al.  Automated interpretability of linked data ontologies: : an evaluation within the cultural heritage domain , 2019, 2019 IEEE International Conference on Big Data (Big Data).

[20]  Nataliia Bielova,et al.  Do Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe's Transparency and Consent Framework , 2019, ArXiv.

[21]  Bo Fu,et al.  Towards Adaptive Information Visualization - A Study of Information Visualization Aids and the Role of User Cognitive Style , 2019, Front. Artif. Intell..

[22]  D. Norrie,et al.  Ontologies , 2019, Multi-Agent Systems for Concurrent Intelligent Design and Manufacturing.

[23]  Martin Degeling,et al.  (Un)informed Consent: Studying GDPR Consent Notices in the Field , 2019, CCS.

[24]  Olha Drozd,et al.  I Agree: Customize Your Personal Data Processing with the CoRe User Interface , 2019, TrustBus.

[25]  Leyla Bilge,et al.  Can I Opt Out Yet?: GDPR and the Global Illusion of Cookie Control , 2019, AsiaCCS.

[26]  Colin M. Gray,et al.  The Dark (Patterns) Side of UX Design , 2018, CHI.

[27]  Yan Jia,et al.  A Practical Approach to Constructing a Knowledge Graph for Cybersecurity , 2018 .

[28]  Simon de Lusignan,et al.  An Ontology to Improve Transparency in Case Definition and Increase Case Finding of Infectious Intestinal Disease: Database Study in English General Practice , 2017, JMIR medical informatics.

[29]  Axel Küpper,et al.  Designing a GDPR-Compliant and Usable Privacy Dashboard , 2017, Privacy and Identity Management.

[30]  Monica Palmirani,et al.  A Visualization Approach for Adaptive Consent in the European Data Protection Framework , 2017, 2017 Conference for E-Democracy and Open Government (CeDEM).

[31]  Nicholas Jing Yuan,et al.  Collaborative Knowledge Base Embedding for Recommender Systems , 2016, KDD.

[32]  Michael Trusov,et al.  Crumbs of the Cookie: User Profiling in Customer-Base Analysis and Behavioral Targeting , 2016, Mark. Sci..

[33]  Erik Wästlund,et al.  Usable Transparency with the Data Track: A Tool for Visualizing Data Disclosures , 2015, CHI Extended Abstracts.

[34]  Rikke Frank Joergensen The unbearable lightness of user consent , 2014 .

[35]  Bart Schermer,et al.  Privacy Expectations of Social Media Users: The Role of Informed Consent in Privacy Policies , 2014 .

[36]  Asunción Gómez-Pérez,et al.  OOPS! (OntOlogy Pitfall Scanner!): An On-line Tool for Ontology Evaluation , 2014, Int. J. Semantic Web Inf. Syst..

[37]  Anja Bechmann,et al.  Non-Informed Consent Cultures: Privacy Policies and App Contracts on Facebook , 2014 .

[38]  Martin Necaský,et al.  Formal Linked Data Visualization Model , 2013, IIWAS '13.

[39]  Sowmyan Jegatheesan,et al.  Cookies Invading Our Privacy for Marketing Advertising and Security Issues , 2013, ArXiv.

[40]  Anthony D. Miyazaki Online Privacy and the Disclosure of Cookie Use: Effects on Consumer Trust and Anticipated Patronage , 2008 .

[41]  Kori Inkpen Quinn,et al.  An examination of user perception and misconception of internet cookies , 2006, CHI Extended Abstracts.

[42]  Colin Ware,et al.  Information Visualization: Perception for Design , 2000 .

[43]  D. Basin,et al.  Automating Cookie Consent and GDPR Violation Detection , 2022, USENIX Security Symposium.

[44]  N. Sadeh,et al.  FLASH: The Fordham Law Archive of Scholarship and History FLASH: The Fordham Law Archive of Scholarship and History , 2020 .

[45]  Axel Polleres,et al.  Creating A Vocabulary for Data Privacy , 2019 .

[46]  Serena Villata,et al.  Privacy, security and policies: A review of problems and solutions with semantic web technologies , 2018, Semantic Web.

[47]  Norman M. Sadeh,et al.  PrivOnto: A semantic framework for the analysis of privacy policies , 2017 .

[48]  Christophe Debruyne,et al.  Compliance through Informed Consent: Semantic Based Consent Permission and Data Management Model , 2017, PrivOn@ISWC.

[49]  A. McCarthy Design Thinking , 2017, Wirtschaftsinformatik Manag..

[50]  Nicola Greco,et al.  Solid : A Platform for Decentralized Social Applications Based on Linked Data , 2016 .

[51]  Rik Van de Walle,et al.  Visualizing the Information of a Linked Open Data Enabled Research Information System , 2014, CRIS.

[52]  Benjamin Heitmann,et al.  An architecture and methodologies for federated, privacy-enabled personalisation on the Web of Data , 2011 .

[53]  Bittersweet cookies. Some security and privacy considerations , 2011 .

[54]  Amit P. Sheth,et al.  The Semantic Web and Its Applications , 2006, Semantic Web Services, Processes and Applications.

[55]  Simon J. Cox,et al.  The Semantic Web as a Semantic Soup , 2004 .

[56]  Dieter Fensel,et al.  Ontologies: A silver bullet for knowledge management and electronic commerce , 2002 .

[57]  N. F. Noy,et al.  Ontology Development 101: A Guide to Creating Your First Ontology , 2001 .