Add reference for GDPR
This commit is contained in:
parent
173acfa323
commit
39a1cf4a46
27
defenses.tex
27
defenses.tex
@ -44,18 +44,19 @@ For either opt-out or opt-in to work, a web site has to provide an option for
|
||||
doing so. Because web sites increasingly use third parties to manage data
|
||||
collection on their site, consent or rejection has to be passed to these third
|
||||
parties and they have to be willing to accept such a decision. Since the
|
||||
European's \gls{GDPR} came into force in 2018, service providers operating in
|
||||
the European Union are required to ask users for explicit consent before
|
||||
collecting any data, except when that data is absolutely necessary to ensure
|
||||
basic functionality. It is not allowed to notify the user that by continuing to
|
||||
visit the web site, consent to data collection is given. Furthermore, if consent
|
||||
is not given, the web site provider is not allowed to block the user from
|
||||
visiting the web site. Even before the \gls{GDPR}, the EU required web sites to
|
||||
ask for informed consent via the ePrivacy Directive which came into force in
|
||||
2013. \citet{trevisanYearsEUCookie2019} use their tool \emph{CookieCheck} to
|
||||
evaluate how many of the surveyed 35.000 sites comply with the legislation put
|
||||
forth in the ePrivacy Directive. Their findings indicate that almost half (49\%)
|
||||
of the web sites use profiling technologies without consent. Similarly,
|
||||
European's \gls{GDPR} \cite{europeanparliamentGeneralDataProtection2016} came
|
||||
into force in 2018, service providers operating in the European Union are
|
||||
required to ask users for explicit consent before collecting any data, except
|
||||
when that data is absolutely necessary to ensure basic functionality. It is not
|
||||
allowed to notify the user that by continuing to visit the web site, consent to
|
||||
data collection is given. Furthermore, if consent is not given, the web site
|
||||
provider is not allowed to block the user from visiting the web site. Even
|
||||
before the \gls{GDPR}, the EU required web sites to ask for informed consent via
|
||||
the ePrivacy Directive which came into force in 2013.
|
||||
\citet{trevisanYearsEUCookie2019} use their tool \emph{CookieCheck} to evaluate
|
||||
how many of the surveyed 35.000 sites comply with the legislation put forth in
|
||||
the ePrivacy Directive. Their findings indicate that almost half (49\%) of the
|
||||
web sites use profiling technologies without consent. Similarly,
|
||||
\citet{sanchez-rolaCanOptOut2019a} show that tracking is still prevalent and
|
||||
happens already before user consent is given after the \gls{GDPR} has been in
|
||||
force for a year. \citet{huCharacterisingThirdParty2019} come to a a similar
|
||||
@ -75,7 +76,7 @@ in chapter~\ref{chap:tracking methods} can be defended against.
|
||||
|
||||
For our purposes, clearing the browser history means not only clearing the web
|
||||
sites that have been visited but also cookies and other relevant data that is
|
||||
saved with a visit to a web site. All major browser offer this functionality and
|
||||
saved with a visit to a web site. All major browsers offer this functionality and
|
||||
what they delete is similar. Firefox, for example, allows clearing the browsing
|
||||
and search history, form and search history, cookies (also flash cookies), the
|
||||
cache, active logins, offline web site data and site preferences such as
|
||||
|
||||
@ -461,8 +461,9 @@
|
||||
author = {European Parliament and European Council},
|
||||
year = {2016},
|
||||
month = apr,
|
||||
url = {https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679\&from=EN\#d1e6620-1-1},
|
||||
urldate = {2020-08-25}
|
||||
url = {https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679},
|
||||
urldate = {2020-08-25},
|
||||
note = {Accessed 2020-08-25}
|
||||
}
|
||||
|
||||
@inproceedings{falahrastegarTrackingPersonalIdentifiers2016,
|
||||
@ -494,7 +495,8 @@ Web cache timing attacks},
|
||||
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
|
||||
author = {Fielding, Roy and Reschke, Julian},
|
||||
url = {https://tools.ietf.org/html/rfc7232\#section-2.3},
|
||||
urldate = {2020-08-25}
|
||||
urldate = {2020-08-25},
|
||||
note = {Accessed 2020-08-25}
|
||||
}
|
||||
|
||||
@misc{fieldingHTTPLastModified,
|
||||
@ -502,7 +504,8 @@ Web cache timing attacks},
|
||||
shorttitle = {Hypertext {{Transfer Protocol}} ({{HTTP}}/1.1)},
|
||||
author = {Fielding, Roy and Reschke, Julian},
|
||||
url = {https://tools.ietf.org/html/rfc7232\#section-2.2},
|
||||
urldate = {2020-08-25}
|
||||
urldate = {2020-08-25},
|
||||
note = {Accessed 2020-08-25}
|
||||
}
|
||||
|
||||
@misc{fieldingHTTPSemanticsContent2014,
|
||||
@ -1183,7 +1186,8 @@ Impact of CSS-based history detection},
|
||||
year = {2018},
|
||||
month = aug,
|
||||
url = {https://tools.ietf.org/html/rfc8446},
|
||||
urldate = {2020-08-25}
|
||||
urldate = {2020-08-25},
|
||||
note = {Accessed 2020-08-25}
|
||||
}
|
||||
|
||||
@inproceedings{reznichenkoAuctionsDonottrackCompliant2011,
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user