IEEE Access (Jan 2021)

Will EU’s GDPR Act as an Effective Enforcer to Gain Consent?

  • Junhyoung Oh,
  • Jinhyoung Hong,
  • Changsoo Lee,
  • Jemin Justin Lee,
  • Simon S. Woo,
  • Kyungho Lee

DOI
https://doi.org/10.1109/ACCESS.2021.3083897
Journal volume & issue
Vol. 9
pp. 79477 – 79490

Abstract

Read online

Since the GDPR was implemented in 2018, organizations that collect data from the EU residents are required to receive the user’s consent. Organizational measures to ensure that the organizations are compliant to the recently enacted GDPR are still abstract and ambiguous. Moreover, data subjects and controllers have demanded the practice of obtaining consent from organizations. By observing the case law and guidelines related to the GDPR provisions, we deduced four consent conditions. Then, we examined how online service provider’s websites are making efforts to implement the GDPR framework. For this, we identified key characteristics of these websites, such as the existence of consent buttons. In order to help the data subjects obtain consent, we proposed an automatic tool that can check the consent conditions by checking the websites. Our study examined 10,000 websites for 26 days using the Python libraries with the tool automatically crawling the website information and analyzes the HTML structure according to the specified conditions. In addition, this tool crawls the privacy policy of each website. Moreover, it automatically determines whether it meets the four consent conditions by calculating it according to the formula defined in the consent condition. To evaluate the tool’s accuracy, the researchers manually analyzed 500 websites and compared the manual analysis with the results of the tool’s automatic analysis. We found that this tool differentiates itself through qualitative comparisons with other GDPR meters.

Keywords