Checking Websites’ GDPR Consent Compliance for Marketing Emails

Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium Pub Date : 2022-03-03 DOI:10.2478/popets-2022-0046

Karel Kubicek, Jakob Merane, C. C. Jiménez, A. Stremitzer, S. Bechtold, D. Basin

{"title":"Checking Websites’ GDPR Consent Compliance for Marketing Emails","authors":"Karel Kubicek, Jakob Merane, C. C. Jiménez, A. Stremitzer, S. Bechtold, D. Basin","doi":"10.2478/popets-2022-0046","DOIUrl":null,"url":null,"abstract":"Abstract The sending of marketing emails is regulated to protect users from unsolicited emails. For instance, the European Union’s ePrivacy Directive states that marketers must obtain users’ prior consent, and the General Data Protection Regulation (GDPR) specifies further that such consent must be freely given, specific, informed, and unambiguous. Based on these requirements, we design a labeling of legal characteristics for websites and emails. This leads to a simple decision procedure that detects potential legal violations. Using our procedure, we evaluated 1000 websites and the 5000 emails resulting from registering to these websites. Both datasets and evaluations are available upon request. We find that 21.9% of the websites contain potential violations of privacy and unfair competition rules, either in the registration process (17.3%) or email communication (17.7%). We demonstrate with a statistical analysis the possibility of automatically detecting such potential violations.","PeriodicalId":74556,"journal":{"name":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","volume":"2022 1","pages":"282 - 303"},"PeriodicalIF":0.0000,"publicationDate":"2022-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings on Privacy Enhancing Technologies. Privacy Enhancing Technologies Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.2478/popets-2022-0046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

Abstract The sending of marketing emails is regulated to protect users from unsolicited emails. For instance, the European Union’s ePrivacy Directive states that marketers must obtain users’ prior consent, and the General Data Protection Regulation (GDPR) specifies further that such consent must be freely given, specific, informed, and unambiguous. Based on these requirements, we design a labeling of legal characteristics for websites and emails. This leads to a simple decision procedure that detects potential legal violations. Using our procedure, we evaluated 1000 websites and the 5000 emails resulting from registering to these websites. Both datasets and evaluations are available upon request. We find that 21.9% of the websites contain potential violations of privacy and unfair competition rules, either in the registration process (17.3%) or email communication (17.7%). We demonstrate with a statistical analysis the possibility of automatically detecting such potential violations.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

检查网站对营销邮件的GDPR同意合规性

摘要为了防止用户收到不请自来的电子邮件，对营销邮件的发送进行了监管。例如，欧盟的电子隐私指令规定，营销人员必须事先获得用户的同意，通用数据保护条例(GDPR)进一步规定，这种同意必须是自由的、具体的、知情的和明确的。基于这些要求，我们设计了一个网站和电子邮件的法律特征标签。这导致了一个简单的决策过程，可以检测潜在的违法行为。使用我们的程序，我们评估了1000个网站和注册这些网站所产生的5000封电子邮件。数据集和评估均可应要求提供。我们发现21.9%的网站存在潜在的违反隐私和不正当竞争规则的行为，无论是在注册过程中(17.3%)还是在电子邮件通信中(17.7%)。我们用统计分析证明了自动检测此类潜在违规行为的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊