Van Hong Tran, Aarushi Mehrotra, Ranya Sharma, Marshini Chetty, Nick Feamster, Jens Frankenreiter, Lior Strahilevitz
{"title":"选择退出程序中的黑暗模式与加州消费者隐私法案 (CCPA) 的合规性","authors":"Van Hong Tran, Aarushi Mehrotra, Ranya Sharma, Marshini Chetty, Nick Feamster, Jens Frankenreiter, Lior Strahilevitz","doi":"arxiv-2409.09222","DOIUrl":null,"url":null,"abstract":"To protect consumer privacy, the California Consumer Privacy Act (CCPA)\nmandates that businesses provide consumers with a straightforward way to opt\nout of the sale and sharing of their personal information. However, the control\nthat businesses enjoy over the opt-out process allows them to impose hurdles on\nconsumers aiming to opt out, including by employing dark patterns. Motivated by\nthe enactment of the California Privacy Rights Act (CPRA), which strengthens\nthe CCPA and explicitly forbids certain dark patterns in the opt-out process,\nwe investigate how dark patterns are used in opt-out processes and assess their\ncompliance with CCPA regulations. Our research reveals that websites employ a\nvariety of dark patterns. Some of these patterns are explicitly prohibited\nunder the CCPA; others evidently take advantage of legal loopholes. Despite the\ninitial efforts to restrict dark patterns by policymakers, there is more work\nto be done.","PeriodicalId":501541,"journal":{"name":"arXiv - CS - Human-Computer Interaction","volume":"127 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-09-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA)\",\"authors\":\"Van Hong Tran, Aarushi Mehrotra, Ranya Sharma, Marshini Chetty, Nick Feamster, Jens Frankenreiter, Lior Strahilevitz\",\"doi\":\"arxiv-2409.09222\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"To protect consumer privacy, the California Consumer Privacy Act (CCPA)\\nmandates that businesses provide consumers with a straightforward way to opt\\nout of the sale and sharing of their personal information. However, the control\\nthat businesses enjoy over the opt-out process allows them to impose hurdles on\\nconsumers aiming to opt out, including by employing dark patterns. Motivated by\\nthe enactment of the California Privacy Rights Act (CPRA), which strengthens\\nthe CCPA and explicitly forbids certain dark patterns in the opt-out process,\\nwe investigate how dark patterns are used in opt-out processes and assess their\\ncompliance with CCPA regulations. Our research reveals that websites employ a\\nvariety of dark patterns. Some of these patterns are explicitly prohibited\\nunder the CCPA; others evidently take advantage of legal loopholes. Despite the\\ninitial efforts to restrict dark patterns by policymakers, there is more work\\nto be done.\",\"PeriodicalId\":501541,\"journal\":{\"name\":\"arXiv - CS - Human-Computer Interaction\",\"volume\":\"127 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-09-13\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Human-Computer Interaction\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2409.09222\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Human-Computer Interaction","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2409.09222","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
为保护消费者隐私,《加利福尼亚消费者隐私法》(CCPA)规定,企业应向消费者提供一种直接的方式,让消费者选择不出售和分享其个人信息。然而,企业对选择退出程序的控制使其能够对希望退出的消费者设置障碍,包括采用暗箱操作。加州隐私权法案》(California Privacy Rights Act,简称 CPRA)的颁布加强了《加州隐私权法案》(CCPA),并明确禁止在退出过程中使用某些暗模式,受此推动,我们调查了暗模式在退出过程中的使用情况,并评估了它们是否符合《加州隐私权法案》的规定。我们的研究显示,网站采用了多种暗模式。其中一些模式是 CCPA 明令禁止的,另一些则明显利用了法律漏洞。尽管政策制定者为限制暗箱操作模式做出了初步努力,但仍有更多工作要做。
Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA)
To protect consumer privacy, the California Consumer Privacy Act (CCPA)
mandates that businesses provide consumers with a straightforward way to opt
out of the sale and sharing of their personal information. However, the control
that businesses enjoy over the opt-out process allows them to impose hurdles on
consumers aiming to opt out, including by employing dark patterns. Motivated by
the enactment of the California Privacy Rights Act (CPRA), which strengthens
the CCPA and explicitly forbids certain dark patterns in the opt-out process,
we investigate how dark patterns are used in opt-out processes and assess their
compliance with CCPA regulations. Our research reveals that websites employ a
variety of dark patterns. Some of these patterns are explicitly prohibited
under the CCPA; others evidently take advantage of legal loopholes. Despite the
initial efforts to restrict dark patterns by policymakers, there is more work
to be done.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
