Analyzing Website Compliance with Privacy Regulations (GDPR and ePrivacy)

Introduction

Users provide valuable and private data to web services, often without realizing the consequences of their actions. In such a situation, the websites would have no incentive to protect their users' privacy, which directly contradicts their marketing goals of knowing as much as possible about their customers. Therefore, privacy regulations come into force, namely General Data Protection Regulation (GDPR) in the EU and EEA from May 2018, and in Switzerland from September 2023.

While the GDPR significantly improves the users' rights by limiting data collection, usage, and storage, the enforcement comes behind despite potentially massive fines, which are up to 20 million EUR or 4% of worldwide turnover. This project's goal is automating compliance analysis and simplifying regulatory authorities' work - enforcing user's rights.

We focus on several areas.

• Email marketing: How do the marketing email's senders get my email address? Do they acquire proper consent? Do the unsubscribe links really work?
• Website cookies and trackers: Are cookie consents indeed compliant? Do they work as intended? How can we provide users an easier way of enforcing their preferences?