Analyzing Website Compliance with Privacy Regulations (GDPR and ePrivacy)

While the GDPR significantly improves the users' rights by limiting data collection, usage, and storage, the enforcement comes behind despite potentially massive fines, which are up to 20 million EUR or 4% of worldwide turnover. This project's goal is automating compliance analysis and simplifying regulatory authorities' work, enforcing user's rights.

We focus on several areas:

• Email marketing: How do the marketing email's senders get my email address? Do they acquire proper consent? Do the unsubscribe links really work?
• Website cookies and trackers: Are cookie consents indeed compliant? Do they work as intended? How can we provide users an easier way of enforcing their preferences?

Desirable Prerequisites for Student Projects

Detailed information in the proposals, but in general interest in web technologies and machine learning (Introduction to Machine Learning for Bachelors, Advanced Machine Learning and Big Data for Masters).

Available Theses

• protected pageGDPR: Mapping Legal Requirements, Threats and Remedieslock (contact Ahmed Bouhoula or François Hublet)

Previous Theses

• external pageLaura-Vanessa Soldner: "Quantifying Mechanisms behind Cookie Consent (Non-)Compliance: A Notification Study of Audit Tools"call_made
• Elias Datler: "Intended Compliance: An Automated Analysis of GDPR-related GitHub Issues"
• external pageTruong Hoang Long: "Privacy Observatory: Collecting Privacy Policies and Terms of Service on a Regular Basis"call_made
• Ahmed Bouhoula: "Automated Detection of GDPR Violations in Cookie Notices Using Machine Learning"
• Florian Turati: "Analysing and exploiting Google’s FLoC advertising proposal"
• Rita Ganz: "Understanding GDPR compliance of tracking pixel declarations using privacy filter lists"
• Luka Lodrant: "Designing a generic web forms crawler to enable legal compliance analysis of authentication sections"
• external pageDino Bollinger: Analyzing Cookies Compliance with the GDPRcall_made
• external pagePatrice Kast: Automating website registration for GDPR compliance analysiscall_made
• external pageFabian Engler: Automated Logging of Function Calls in Java, Python, and Gocall_made

Further Information

Please contact Ahmed Bouhoula or Karel Kubíček or see the group's project page.