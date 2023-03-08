New algorithms to analyse compliance with the GDPR

Beyond the analysis results, the importance of this research lies in the algorithms used to study compliance with online privacy laws. The sheer number of pages and platforms on the internet makes it imperative to automate the process, as studying each case manually would be infeasible. Besides, some of the web-tracking techniques used are extremely hard to detect, with no clear markers to indicate their presence. To overcome these challenges, the researchers developed a proprietary method involving four algorithms and a measure – the Websites Level of Confidence – to assess the state of regulatory compliance.

"Our method uses a combination of automation and manual inspection. The implemented algorithms automatically browse the analysed websites and take screenshots that are then manually inspected," said Pérez-Solà; "In order to detect web-tracking techniques, we also used a tool developed by the European Data Protection Supervisor called the Website Evidence Collector. This tool is designed to perform privacy inspections on websites and makes it possible to detect the use of cookies, web beacons and browser fingerprinting tools."

Each of the algorithms used by the researchers has a well-defined function:

• The Consent Inspector Algorithm (CIA) captures clear images of the website's cookie banners and identifies buttons that should allow users to customize the use of these tracking elements.

(CIA) captures clear images of the website's cookie banners and identifies buttons that should allow users to customize the use of these tracking elements. • The Website Evidence Collector (WEC) gathers information on the different web-tracking techniques being used on each website.

(WEC) gathers information on the different web-tracking techniques being used on each website. • The Cookies Detector Algorithm (CDA) categorizes the cookies that websites use in the browsers without user consent, based on the data provided by the WEC.

(CDA) categorizes the cookies that websites use in the browsers without user consent, based on the data provided by the WEC. • The Web Beacons Detection Algorithm (BDA) not only extracts web beacons detected by the WEC, but also identifies browser fingerprinting techniques.

"Our study focuses on analysing compliance with the General Data Protection Regulation by the most visited websites in Spain," Pérez-Solà added; "We selected the 500 most visited websites according to the Alexa ranking and analysed their use of these web-tracking techniques as well as the information they give to users and the alternative options they provide them with. Finally, we compiled the results of this analysis into a measure, the Websites Level of Confidence, which makes it possible to assess the current state of compliance."

"Understanding the details of the regulations that apply at any given time and knowing how to tell what techniques a website is using are beyond the grasp of most users," she concluded; "Our proposed Websites Level of Confidence (WLoC) measure provides users with insight into the compliance status of the most popular websites and lets them see how it changes over time without the need for legal or technical knowledge."

This research supports Sustainable Development Goal (SDG) 9, Build resilient infrastructure, promote sustainable industrialization and foster innovation.

