Will EU's GDPR Act as an Effective Enforcer to Gain Consent?

Junhyoung Oh, Jinhyoung Hong, Changsoo Lee, Jemin Justin Lee, Simon S. Woo, Kyungho Lee

    Research output: Contribution to journalArticlepeer-review

    6 Citations (Scopus)

    Abstract

    Since the GDPR was implemented in 2018, organizations that collect data from the EU residents are required to receive the user's consent. Organizational measures to ensure that the organizations are compliant to the recently enacted GDPR are still abstract and ambiguous. Moreover, data subjects and controllers have demanded the practice of obtaining consent from organizations. By observing the case law and guidelines related to the GDPR provisions, we deduced four consent conditions. Then, we examined how online service provider's websites are making efforts to implement the GDPR framework. For this, we identified key characteristics of these websites, such as the existence of consent buttons. In order to help the data subjects obtain consent, we proposed an automatic tool that can check the consent conditions by checking the websites. Our study examined 10,000 websites for 26 days using the Python libraries with the tool automatically crawling the website information and analyzes the HTML structure according to the specified conditions. In addition, this tool crawls the privacy policy of each website. Moreover, it automatically determines whether it meets the four consent conditions by calculating it according to the formula defined in the consent condition. To evaluate the tool's accuracy, the researchers manually analyzed 500 websites and compared the manual analysis with the results of the tool's automatic analysis. We found that this tool differentiates itself through qualitative comparisons with other GDPR meters.

    Original languageEnglish
    Article number9440969
    Pages (from-to)79477-79490
    Number of pages14
    JournalIEEE Access
    Volume9
    DOIs
    Publication statusPublished - 2021

    Bibliographical note

    Funding Information:
    This work was supported in part by the Grant of Korean Health Technology Research and Development Project, Ministry of Health and Welfare, Republic of Korea, under Grant HI19C0866, and in part by the Institute for Information Communications Technology Promotion (IITP) Grant funded by the Ministry of Science and ICT (MSIT) of Korea government under Grant 2018-0-00261.

    Publisher Copyright:
    © 2013 IEEE.

    Keywords

    • GDPR
    • consent
    • privacy
    • privacy policy

    ASJC Scopus subject areas

    • General Engineering
    • General Materials Science
    • General Computer Science

    Fingerprint

    Dive into the research topics of 'Will EU's GDPR Act as an Effective Enforcer to Gain Consent?'. Together they form a unique fingerprint.

    Cite this