{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,6]],"date-time":"2026-03-06T22:51:56Z","timestamp":1772837516489,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":67,"publisher":"ACM","license":[{"start":{"date-parts":[[2023,11,26]],"date-time":"2023-11-26T00:00:00Z","timestamp":1700956800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2237327\/2237328\/2237329"],"award-info":[{"award-number":["2237327\/2237328\/2237329"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2023,11,26]]},"DOI":"10.1145\/3603216.3624963","type":"proceedings-article","created":{"date-parts":[[2023,11,23]],"date-time":"2023-11-23T01:38:42Z","timestamp":1700703522000},"page":"107-121","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Trends in Privacy Dialog Design after the GDPR: The Impact of Industry and Government Actions"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0003-1282-259X","authenticated-orcid":false,"given":"Logan","family":"Warberg","sequence":"first","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3565-9692","authenticated-orcid":false,"given":"Vincent","family":"Lefrere","sequence":"additional","affiliation":[{"name":"Institut Mines Telecom, Paris, France"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1221-1978","authenticated-orcid":false,"given":"Cristobal","family":"Cheyre","sequence":"additional","affiliation":[{"name":"Cornell University, Itaca, NY, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-6582-6178","authenticated-orcid":false,"given":"Alessandro","family":"Acquisti","sequence":"additional","affiliation":[{"name":"Carnegie Mellon University, Pittsburgh, PA, USA"}]}],"member":"320","published-online":{"date-parts":[[2023,11,26]]},"reference":[{"key":"e_1_3_2_1_1_1","first-page":"50","article-title":"Nudges for privacy and security: Understanding and assisting users' choices online","author":"Acquisti A.","year":"2017","unstructured":"A. Acquisti, I. Adjerid, R. Balebako, L. Brandimarte, L.F. Cranor, S. Komanduri, P.G. Leon, N. Sadeh, F. Schaub, M. Sleeper, Y. Wang, and S. Wilson. Nudges for privacy and security: Understanding and assisting users' choices online. ACM Computing Surveys, 50, 2017.","journal-title":"ACM Computing Surveys"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.86"},{"key":"e_1_3_2_1_3_1","first-page":"2022","article-title":"Developers say the darnedest things: Privacy compliance processes followed by developers of child-directed apps","volume":"4","author":"Alomar Noura","year":"2022","unstructured":"Noura Alomar and Serge Egelman. Developers say the darnedest things: Privacy compliance processes followed by developers of child-directed apps. Proceedings on Privacy Enhancing Technologies, 4:2022, 2022.","journal-title":"Proceedings on Privacy Enhancing Technologies"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.4236\/ijcns.2016.910034"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450048"},{"key":"e_1_3_2_1_6_1","volume-title":"Institutionalizing HIPAA compliance: Organizations and competing logics in US health care. Journal of health and social behavior, 55(1):108--124","author":"Anthony Denise L","year":"2014","unstructured":"Denise L Anthony, Ajit Appari, and M Eric Johnson. Institutionalizing HIPAA compliance: Organizations and competing logics in US health care. Journal of health and social behavior, 55(1):108--124, 2014."},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1093\/idpl\/ipy001"},{"key":"e_1_3_2_1_8_1","volume-title":"Proceedings of the ACM on human-computer interaction, 5(CSCW2):1--22","author":"Fernandez Carlos Bermejo","year":"2021","unstructured":"Carlos Bermejo Fernandez, Dimitris Chatzopoulos, Dimitrios Papadopoulos, and Pan Hui. This website uses nudging: Mturk workers' behaviour on cookie consent notices. Proceedings of the ACM on human-computer interaction, 5(CSCW2):1--22, 2021."},{"key":"e_1_3_2_1_9_1","unstructured":"European Data Protection Board. The CNIL's restricted committee imposes a financial penalty of 50 million euros against Google LLC 1."},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1002\/smj.2022"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1080\/16522354.2013.11073576"},{"key":"e_1_3_2_1_12_1","first-page":"95","article-title":"Estimation of random utility models in R: The mlogit package","author":"Croissant Yves","year":"2020","unstructured":"Yves Croissant. Estimation of random utility models in R: The mlogit package. Journal of Statistical Software, 95, 2020.","journal-title":"Journal of Statistical Software"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1007\/s00287-019-01201-1"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.2139\/ssrn.3950094"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976749.2978313"},{"key":"e_1_3_2_1_16_1","volume-title":"GDPR guidance: Legitimate Interests Assessments (LIA) for digital advertising, 3","author":"Europe IAB","year":"2021","unstructured":"IAB Europe. GDPR guidance: Legitimate Interests Assessments (LIA) for digital advertising, 3 2021."},{"key":"e_1_3_2_1_17_1","unstructured":"Interactive Advertising Bureau Europe. IAB Europe & IAB tech lab release updated transparency & consent framework 8 2019."},{"key":"e_1_3_2_1_18_1","volume-title":"Transparency and consent framework v2.0, 8","author":"Interactive Advertising Bureau Europe.","year":"2019","unstructured":"Interactive Advertising Bureau Europe. Transparency and consent framework v2.0, 8 2019."},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411763.3451230"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445148"},{"key":"e_1_3_2_1_21_1","volume-title":"John Fox and Sanford Weisberg. An {R} Companion to Applied Regression. Sage, Thousand Oaks {CA}","year":"2011","unstructured":"John Fox and Sanford Weisberg. An {R} Companion to Applied Regression. Sage, Thousand Oaks {CA}, second edition, 2011."},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1080\/10438590310001627893"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445779"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/3479521"},{"key":"e_1_3_2_1_25_1","first-page":"4","article-title":"An evaluation of cookie consent interfaces. pages 1--27","author":"Habib Hana","year":"2022","unstructured":"Hana Habib, Megan Li, Ellie Young, and Lorrie Cranor. ?okay, whatever\": An evaluation of cookie consent interfaces. pages 1--27. ACM, 4 2022.","journal-title":"ACM"},{"key":"e_1_3_2_1_26_1","first-page":"4","article-title":"it's a scavenger hunt","author":"Habib Hana","year":"2020","unstructured":"Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. \"it's a scavenger hunt\": Usability of websites' opt-out and data deletion choices. ACM, 4 2020.","journal-title":"ACM"},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445387"},{"key":"e_1_3_2_1_28_1","first-page":"10","article-title":"Measuring the emergence of consent management on the web","author":"Hils Maximilian","year":"2020","unstructured":"Maximilian Hils, DanielW.Woods, and Rainer B\u00f6hme. Measuring the emergence of consent management on the web. ACM, 10 2020.","journal-title":"ACM"},{"key":"e_1_3_2_1_29_1","volume-title":"stargazer: Well-Formatted Regression and Summary Statistics Tables","author":"Hlavac Marek","year":"2015","unstructured":"Marek Hlavac. stargazer: Well-Formatted Regression and Summary Statistics Tables, 2015."},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3359230"},{"key":"e_1_3_2_1_31_1","first-page":"20","article-title":"guide to the GDPR","volume":"98","author":"Jones Meg Leta","year":"2020","unstructured":"Meg Leta Jones and Margot Kaminski. An American's guide to the GDPR. Denver Law Review, 98:20--33, 6 2020.","journal-title":"Denver Law Review"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/3544902.3546234"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1145\/3365524"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466722"},{"key":"e_1_3_2_1_35_1","first-page":"8","article-title":"How do app vendors respond to subject access requests? a longitudinal privacy study on iOS and Android apps. pages 1--10","author":"Kr\u00f6ger Jacob Leon","year":"2020","unstructured":"Jacob Leon Kr\u00f6ger, Jens Lindemann, and Dominik Herrmann. How do app vendors respond to subject access requests? a longitudinal privacy study on iOS and Android apps. pages 1--10. ACM, 8 2020.","journal-title":"ACM"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11002-014-9310-5"},{"key":"e_1_3_2_1_37_1","volume-title":"Does privacy regulation harm content providers? a longitudinal analysis of the impact of the GDPR. A Longitudinal Analysis of the Impact of the GDPR (October 5","author":"Lefrere Vincent","year":"2022","unstructured":"Vincent Lefrere, Logan Warberg, Cristobal Cheyre, Veronica Marotta, and Alessandro Acquisti. Does privacy regulation harm content providers? a longitudinal analysis of the impact of the GDPR. A Longitudinal Analysis of the Impact of the GDPR (October 5, 2022), 2022."},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2020-0004"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.2753\/MIS0742-1222300208"},{"key":"e_1_3_2_1_40_1","first-page":"2020","article-title":"Multiple purposes, multiple problems: A user study of consent dialogs after GDPR","volume":"4","author":"Machuletz Dominique","year":"2020","unstructured":"Dominique Machuletz and Rainer B\u00f6hme. Multiple purposes, multiple problems: A user study of consent dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, 2020, 4 2020.","journal-title":"Proceedings on Privacy Enhancing Technologies"},{"key":"e_1_3_2_1_41_1","first-page":"83","volume-title":"Identifying and classifying ambiguity for regulatory requirements. In 2014 IEEE 22nd international requirements engineering conference (RE)","author":"Massey Aaron K","year":"2014","unstructured":"Aaron K Massey, Richard L Rutledge, Annie I Ant\u00f3n, and Peter P Swire. Identifying and classifying ambiguity for regulatory requirements. In 2014 IEEE 22nd international requirements engineering conference (RE), pages 83--92. IEEE, 2014."},{"key":"e_1_3_2_1_42_1","volume-title":"Three years under the EU GDPR: An implementation progress report, 5","author":"Mass\u00e9 Estelle","year":"2021","unstructured":"Estelle Mass\u00e9. Three years under the EU GDPR: An implementation progress report, 5 2021."},{"key":"e_1_3_2_1_43_1","first-page":"5","article-title":"What makes a dark pattern... dark? pages 1--18","author":"Mathur Arunesh","year":"2021","unstructured":"Arunesh Mathur, Mihir Kshirsagar, and Jonathan Mayer. What makes a dark pattern... dark? pages 1--18. ACM, 5 2021.","journal-title":"ACM"},{"key":"e_1_3_2_1_44_1","first-page":"5","article-title":"Do cookie banners respect my choice? : Measuring legal compliance of banners from IAB Europe's transparency and consent framework. pages 791--809","author":"Matte Celestin","year":"2020","unstructured":"Celestin Matte, Nataliia Bielova, and Cristiana Santos. Do cookie banners respect my choice? : Measuring legal compliance of banners from IAB Europe's transparency and consent framework. pages 791--809. IEEE, 5 2020.","journal-title":"IEEE"},{"key":"e_1_3_2_1_45_1","first-page":"163","volume-title":"APF 2020, Lisbon, Portugal, October 22--23, 2020, Proceedings 8","author":"Matte C\u00e9lestin","year":"2020","unstructured":"C\u00e9lestin Matte, Cristiana Santos, and Nataliia Bielova. Purposes in IAB Europe's TCF: which legal basis and how are they used by advertisers? In Privacy Technologies and Policy: 8th Annual Privacy Forum, APF 2020, Lisbon, Portugal, October 22--23, 2020, Proceedings 8, pages 163--185. Springer, 2020."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/MSEC.2019.2938445"},{"key":"e_1_3_2_1_47_1","volume-title":"Cookies and other tracking devices: the CNIL publishes new guidelines. 7","author":"Commission nationale de l'informatique et des libert\u00e9s.","year":"2019","unstructured":"Commission nationale de l'informatique et des libert\u00e9s. Cookies and other tracking devices: the CNIL publishes new guidelines. 7 2019."},{"key":"e_1_3_2_1_48_1","first-page":"4","article-title":"Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence","author":"Nouwens Midas","year":"2020","unstructured":"Midas Nouwens, Ilaria Liccardi, Michael Veale, David Karger, and Lalana Kagal. Dark patterns after the GDPR: Scraping consent pop-ups and demonstrating their influence. ACM, 4 2020.","journal-title":"ACM"},{"key":"e_1_3_2_1_49_1","volume-title":"Websites moeten toegankelijk blijven bij weigeren tracking cookies, 3","author":"Persoonsgegevens Autoriteit","year":"2019","unstructured":"Autoriteit Persoonsgegevens. Websites moeten toegankelijk blijven bij weigeren tracking cookies, 3 2019."},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1515\/popets-2018-0021"},{"key":"e_1_3_2_1_51_1","volume-title":"Lorrie Faith Cranor, and Batya Friedman. Privacy patterns for online interactions. page 1","author":"Romanosky Sasha","year":"2006","unstructured":"Sasha Romanosky, Alessandro Acquisti, Jason Hong, Lorrie Faith Cranor, and Batya Friedman. Privacy patterns for online interactions. page 1. ACM Press, 2006."},{"key":"e_1_3_2_1_52_1","first-page":"340","volume-title":"Can I opt out yet? GDPR and the global illusion of cookie control","author":"Sanchez-Rola Iskander","year":"2019","unstructured":"Iskander Sanchez-Rola, Matteo Dell'Amico, Platon Kotzias, Davide Balzarotti, Leyla Bilge, Pierre-Antoine Vervier, and Igor Santos. Can I opt out yet? GDPR and the global illusion of cookie control. pages 340--351, 2019."},{"key":"e_1_3_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1109\/MIC.2017.75"},{"key":"e_1_3_2_1_54_1","first-page":"1","volume-title":"Eleventh symposium on usable privacy and security (SOUPS 2015","author":"Schaub Florian","year":"2015","unstructured":"Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. A design space for effective privacy notices. In Eleventh symposium on usable privacy and security (SOUPS 2015), pages 1--17, 2015."},{"key":"e_1_3_2_1_55_1","first-page":"115","article-title":"Transatlantic data privacy law","volume":"106","author":"Schwartz Paul M.","year":"2017","unstructured":"Paul M. Schwartz. Transatlantic data privacy law. Georgetown Law Journal, 106:115--180, 11 2017.","journal-title":"Georgetown Law Journal"},{"key":"e_1_3_2_1_56_1","first-page":"771","article-title":"Global data privacy: The EU way","volume":"94","author":"Schwartz Paul M.","year":"2019","unstructured":"Paul M. Schwartz. Global data privacy: The EU way. New York University Law Review, 94:771--818, 10 2019.","journal-title":"New York University Law Review"},{"key":"e_1_3_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1111\/1756-2171.12218"},{"key":"e_1_3_2_1_58_1","first-page":"10","article-title":"Circumvention by design - dark patterns in cookie consent for online news outlets. pages 1--12","author":"Soe Than Htut","year":"2020","unstructured":"Than Htut Soe, Oda Elise Nordberg, Frode Guribye, and Marija Slavkovik. Circumvention by design - dark patterns in cookie consent for online news outlets. pages 1--12. ACM, 10 2020.","journal-title":"ACM"},{"key":"e_1_3_2_1_59_1","first-page":"1880","article-title":"Privacy self-management and the consent dilemma","volume":"126","author":"Solove D.J.","year":"2013","unstructured":"D.J. Solove. Privacy self-management and the consent dilemma. Harvard Law Review, 126:1880--1903, 2013.","journal-title":"Harvard Law Review"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1145\/3308558.3313524"},{"key":"e_1_3_2_1_61_1","first-page":"279","article-title":"Assumed compliance","volume":"72","author":"Tovino Stacey A","year":"2020","unstructured":"Stacey A Tovino. Assumed compliance. Ala. L. Rev., 72:279, 2020.","journal-title":"Ala. L. Rev."},{"key":"e_1_3_2_1_62_1","unstructured":"UK Information Commissioner's Office. The UK GDPR."},{"key":"e_1_3_2_1_63_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354212"},{"key":"e_1_3_2_1_64_1","volume-title":"The impact of user location on cookie notices (inside and outside of the European Union)","author":"van Eijk Rob","year":"2019","unstructured":"Rob van Eijk, Hadi Asghari, Philipp Winter, and Arvind Narayanan. The impact of user location on cookie notices (inside and outside of the European Union). 2019."},{"key":"e_1_3_2_1_65_1","volume-title":"Privacy law's false promise","author":"Waldman Ari Ezra","year":"2020","unstructured":"Ari Ezra Waldman. Privacy law's false promise. Washington University Law Review, 97, 2020."},{"key":"e_1_3_2_1_66_1","volume-title":"Cambridge University Press, 9","author":"Waldman Ari Ezra","year":"2021","unstructured":"Ari Ezra Waldman. Industry Unbound. Cambridge University Press, 9 2021."},{"key":"e_1_3_2_1_67_1","first-page":"1","article-title":"Usability and enforceability of global privacy control","volume":"2","author":"Zimmeck Sebastian","year":"2023","unstructured":"Sebastian Zimmeck, Oliver Wang, Kuba Alicki, Jocelyn Wang, and Sophie Eng. Usability and enforceability of global privacy control. Proceedings on Privacy Enhancing Technologies, 2:1--17, 2023.","journal-title":"Proceedings on Privacy Enhancing Technologies"}],"event":{"name":"CCS '23: ACM SIGSAC Conference on Computer and Communications Security","location":"Copenhagen Denmark","acronym":"CCS '23","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 22nd Workshop on Privacy in the Electronic Society"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603216.3624963","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3603216.3624963","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3603216.3624963","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T22:49:11Z","timestamp":1750286951000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3603216.3624963"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,11,26]]},"references-count":67,"alternative-id":["10.1145\/3603216.3624963","10.1145\/3603216"],"URL":"https:\/\/doi.org\/10.1145\/3603216.3624963","relation":{},"subject":[],"published":{"date-parts":[[2023,11,26]]},"assertion":[{"value":"2023-11-26","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}