{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:32:40Z","timestamp":1766442760968,"version":"3.48.0"},"publisher-location":"New York, NY, USA","reference-count":79,"publisher":"ACM","license":[{"start":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T00:00:00Z","timestamp":1763769600000},"content-version":"vor","delay-in-days":3,"URL":"http:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["2105734, 2334996"],"award-info":[{"award-number":["2105734, 2334996"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765072","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:42:02Z","timestamp":1763854922000},"page":"3177-3191","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":0,"title":["Layered, Overlapping, and Inconsistent: A Large-Scale Analysis of the Multiple Privacy Policies and Controls of U.S. Banks"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0000-0001-8120-1012","authenticated-orcid":false,"given":"Lu","family":"Xian","sequence":"first","affiliation":[{"name":"University of Michigan, Ann Arbor, Michigan, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0835-8598","authenticated-orcid":false,"given":"Van Hong","family":"Tran","sequence":"additional","affiliation":[{"name":"University of Chicago, Chicago, Illinois, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-2287-9127","authenticated-orcid":false,"given":"Lauren","family":"Lee","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, Michigan, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-3433-4067","authenticated-orcid":false,"given":"Meera","family":"Kumar","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, Michigan, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0004-9078-794X","authenticated-orcid":false,"given":"Yichen","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Wisconsin-Madison, Madison, Wisconsin, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1039-7155","authenticated-orcid":false,"given":"Florian","family":"Schaub","sequence":"additional","affiliation":[{"name":"University of Michigan, Ann Arbor, Michigan, USA"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"volume-title":"Division 8","year":"2025","key":"e_1_3_2_2_1_1","unstructured":"2003. California Business and Professions Code, Division 8, Chapter 22 -- Internet Privacy Requirements. https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText. xhtml?division=8.&chapter=22.&lawCode=BPC Accessed March 17, 2025."},{"key":"e_1_3_2_2_2_1","volume-title":"MA Manazir Ahsan, and Huzeyfe Kocabas","author":"Al-Ameen Mahdi Nasrullah","year":"2020","unstructured":"Mahdi Nasrullah Al-Ameen, Apoorva Chauhan, MA Manazir Ahsan, and Huzeyfe Kocabas. 2020. ''Most Companies Share Whatever They Can to Make Money!'': Comparing User's Perceptions with the Data Practices of IoT Devices. In Human Aspects of Information Security and Assurance: 14th IFIP WG 11.12 International Symposium, HAISA 2020, Mytilene, Lesbos, Greece, July 8--10, 2020, Proceedings 14. Springer, 329--340."},{"key":"e_1_3_2_2_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/3442381.3450048"},{"key":"e_1_3_2_2_4_1","volume-title":"Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie.","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. {PolicyLint}: investigating internal privacy policy contradictions on google play. In 28th USENIX security symposium (USENIX security 19). 585--602."},{"key":"e_1_3_2_2_5_1","volume-title":"Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie.","author":"Andow Benjamin","year":"2019","unstructured":"Benjamin Andow, Samin Yaseer Mahmud, Wenyu Wang, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Tao Xie. 2019. {PolicyLint}: Investigating Internal Privacy Policy Contradictions on Google Play. 585--602. https:\/\/www. usenix.org\/conference\/usenixsecurity19\/presentation\/andow"},{"key":"e_1_3_2_2_6_1","volume-title":"Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman.","author":"Andow Benjamin","year":"2020","unstructured":"Benjamin Andow, Samin Yaseer Mahmud, Justin Whitaker, William Enck, Bradley Reaves, Kapil Singh, and Serge Egelman. 2020. Actions Speak Louder thanWords: {Entity-Sensitive} Privacy Policy and Data Flow Analysis with {PoliCheck}. 985--1002. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/andow"},{"key":"e_1_3_2_2_7_1","volume-title":"Proceedings on Privacy Enhancing Technologies","author":"Bakar Aziz Muhammad Abu","year":"2024","unstructured":"Muhammad Abu Bakar Aziz and Christo Wilson. 2024. Johnny Still Can't Optout: Assessing the IAB CCPA Compliance Framework. Proceedings on Privacy Enhancing Technologies (2024)."},{"key":"e_1_3_2_2_8_1","volume-title":"SoK: Technical Implementation and Human Impact of Internet Privacy Regulations. arXiv preprint arXiv:2312.15383","author":"Birrell Eleanor","year":"2023","unstructured":"Eleanor Birrell, Jay Rodolitz, Angel Ding, Jenna Lee, Emily McReynolds, Jevan Hutson, and Ada Lerner. 2023. SoK: Technical Implementation and Human Impact of Internet Privacy Regulations. arXiv preprint arXiv:2312.15383 (2023)."},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/3460120.3484536"},{"key":"e_1_3_2_2_10_1","unstructured":"California Legislature. 2003. California Financial Code \u00a7 4050--4060 -- California Financial Information Privacy Act (CalFIPA). https:\/\/leginfo.legislature.ca. gov\/faces\/codes_displaySection.xhtml'sectionNum=4050.&nodeTreePath=7& lawCode=FIN. https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displaySection. xhtml'sectionNum=4050.&nodeTreePath=7&lawCode=FIN Effective January 1 2004; operative July 1 2004."},{"key":"e_1_3_2_2_11_1","volume-title":"Accessed","author":"Legislature California","year":"2025","unstructured":"California Legislature. 2025. California Civil Code \u00a7 1798.140: Definitions. https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displaySection.xhtml? lawCode=CIV\u00a7ionNum=1798.140. Accessed April 12, 2025."},{"key":"e_1_3_2_2_12_1","volume-title":"California Consumer Privacy Act Regulations. https:\/\/cppa.ca.gov\/regulations\/consumer_privacy_act.html Final regulations approved and effective as of","author":"California Privacy Protection Agency","year":"2023","unstructured":"California Privacy Protection Agency. 2023. California Consumer Privacy Act Regulations. https:\/\/cppa.ca.gov\/regulations\/consumer_privacy_act.html Final regulations approved and effective as of March 29, 2023."},{"key":"e_1_3_2_2_13_1","volume-title":"Accessed","author":"California Privacy Protection Agency","year":"2024","unstructured":"California Privacy Protection Agency. 2024. DIVISION 6. CALIFORNIA PRIVACY PROTECTION AGENCY. https:\/\/cppa.ca.gov\/regulations\/pdf\/cppa_regs.pdf. Accessed March 24, 2025."},{"volume-title":"Consumer Protection in the Age of the 'Information Economy","author":"Cate Fred H.","key":"e_1_3_2_2_14_1","unstructured":"Fred H. Cate. 2016. The Failure of Fair Information Practice Principles. In Consumer Protection in the Age of the 'Information Economy'. Routledge, 341--377."},{"key":"e_1_3_2_2_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/3463676.3485601"},{"key":"e_1_3_2_2_16_1","volume-title":"States Congress.","author":"United","year":"1999","unstructured":"United States Congress. 1999. Public Law 106--102 - Gramm-Leach-Bliley Act. Available at https:\/\/www.govinfo.gov\/content\/pkg\/PLAW-106publ102\/ pdf\/PLAW-106publ102.pdf."},{"key":"e_1_3_2_2_17_1","volume-title":"Accessed","author":"Consumer Financial Protection Bureau","year":"2025","unstructured":"Consumer Financial Protection Bureau. [n.d.]. Appendix to Part 1016 - Model Privacy Form. https:\/\/www.consumerfinance.gov\/rules-policy\/regulations\/1016\/ a\/. Accessed March 17, 2025."},{"key":"e_1_3_2_2_18_1","first-page":"273","article-title":"Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice","volume":"10","author":"Cranor Lorrie Faith","year":"2012","unstructured":"Lorrie Faith Cranor. 2012. Necessary but Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice. Journal on Telecommunications and High Technology Law 10 (2012), 273.","journal-title":"Journal on Telecommunications and High Technology Law"},{"key":"e_1_3_2_2_19_1","first-page":"273","article-title":"Necessary but not sufficient: Standardized mechanisms for privacy notice and choice","author":"Cranor Lorrie Faith","year":"2012","unstructured":"Lorrie Faith Cranor. 2012. Necessary but not sufficient: Standardized mechanisms for privacy notice and choice. J. on Telecomm. & High Tech. L. 10 (2012), 273.","journal-title":"J. on Telecomm. & High Tech."},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/3699527"},{"key":"e_1_3_2_2_21_1","doi-asserted-by":"publisher","DOI":"10.1145\/2911988"},{"key":"e_1_3_2_2_22_1","volume-title":"We value your privacy... now take some cookies: Measuring the GDPR's impact on web privacy. arXiv preprint arXiv:1808.05096","author":"Degeling Martin","year":"2018","unstructured":"Martin Degeling, Christine Utz, Christopher Lentzsch, Henry Hosseini, Florian Schaub, and Thorsten Holz. 2018. We value your privacy... now take some cookies: Measuring the GDPR's impact on web privacy. arXiv preprint arXiv:1808.05096 (2018)."},{"key":"e_1_3_2_2_23_1","volume-title":"Accessed","author":"Developers Scrapy","year":"2008","unstructured":"Scrapy Developers. 2008. Scrapy: An open source web scraping framework for Python. https:\/\/scrapy.org\/. Accessed March 17, 2025."},{"volume-title":"Accessed","year":"2025","key":"e_1_3_2_2_24_1","unstructured":"Fanboy, MonztA, Khrin, Yuki2718, and PiQuark6046. 2025. EasyList. https: \/\/easylist.to\/. Accessed March 23, 2025."},{"key":"e_1_3_2_2_25_1","volume-title":"BankFind Suite: Bulk Data Download. https:\/\/banks.data.fdic.gov\/bankfind-suite\/bulkData\/bulkDataDownload Accessed","author":"Federal Deposit Insurance Corporation","year":"2025","unstructured":"Federal Deposit Insurance Corporation. 2025. BankFind Suite: Bulk Data Download. https:\/\/banks.data.fdic.gov\/bankfind-suite\/bulkData\/bulkDataDownload Accessed March 23, 2025."},{"key":"e_1_3_2_2_26_1","unstructured":"Federal Trade Commission. 2002. How to Comply with the Privacy of Consumer Financial Information Rule under the Gramm-Leach-Bliley Act. https:\/\/www.ftc.gov\/business-guidance\/resources\/how-comply-privacyconsumer- financial-information-rule-gramm-leach-bliley-act. Accessed January 26 2025."},{"key":"e_1_3_2_2_27_1","volume-title":"Accessed","author":"Federal Trade Commission","year":"2008","unstructured":"Federal Trade Commission. 2008. Fair Information Practice Principles. https: \/\/www.ftc.gov\/fair-information-practice-principles. Accessed January 26, 2025."},{"key":"e_1_3_2_2_28_1","volume-title":"Marketing Your Mobile App: Get It Right from the Start. https:\/\/www.ftc.gov\/business-guidance\/resources\/marketing-yourmobile- app-get-it-right-start Accessed","author":"Federal Trade Commission","year":"2025","unstructured":"Federal Trade Commission. 2012. Marketing Your Mobile App: Get It Right from the Start. https:\/\/www.ftc.gov\/business-guidance\/resources\/marketing-yourmobile- app-get-it-right-start Accessed March 17, 2025."},{"key":"e_1_3_2_2_29_1","unstructured":"Federal Trade Commission. 2012. Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers. Technical Report. Federal Trade Commission. https:\/\/www.ftc.gov\/reports\/protecting-consumerprivacy- era-rapid-change-recommendations-businesses-policymakers Accessed April 12 2025."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1111\/j.1745-6606.2012.01226.x"},{"key":"e_1_3_2_2_31_1","volume-title":"Accessed","author":"Control Global Privacy","year":"2025","unstructured":"Global Privacy Control. 2025. Take control of your privacy. https:\/\/globalprivacycontrol.org\/. Accessed March 24, 2025."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.jss.2023.111707"},{"key":"e_1_3_2_2_33_1","unstructured":"Kleimann Communication Group. 2006. Evolution of a Prototype Financial Privacy Notice: A Report on the Form Development Project. Technical Report. Federal Trade Commission. https:\/\/www.ftc.gov\/reports\/evolution-prototype-financialprivacy- notice-report-form-development-project"},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/3491102.3501985"},{"key":"e_1_3_2_2_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376511"},{"key":"e_1_3_2_2_36_1","volume-title":"Fifteenth Symposium on Usable Privacy and Security (SOUPS","author":"Habib Hana","year":"2019","unstructured":"Hana Habib, Yixin Zou, Aditi Jannu, Neha Sridhar, Chelse Swoopes, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. 2019. An empirical analysis of data deletion and {Opt-Out} choices on 150 websites. In Fifteenth Symposium on Usable Privacy and Security (SOUPS 2019). 387--406."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1145\/3411764.3445387"},{"key":"e_1_3_2_2_38_1","volume-title":"27th USENIX Security Symposium (USENIX Security 18)","author":"Harkous Hamza","year":"2018","unstructured":"Hamza Harkous, Kassem Fawaz, R\u00e9mi Lebret, Florian Schaub, Kang G Shin, and Karl Aberer. 2018. Polisis: Automated analysis and presentation of privacy policies using deep learning. In 27th USENIX Security Symposium (USENIX Security 18). 531--548."},{"key":"e_1_3_2_2_39_1","unstructured":"Katherine Hausladen OliverWang Sophie Eng JocelynWang Francisca Wijaya Matthew May and Sebastian Zimmeck. [n.d.]. Websites' Global Privacy Control Compliance at Scale and over Time. ([n.d.])."},{"key":"e_1_3_2_2_40_1","volume-title":"PolicyLR: A Logic Representation For Privacy Policies. arXiv preprint arXiv:2408.14830 (aug","author":"Hooda Ashish","year":"2024","unstructured":"Ashish Hooda, Rishabh Khandelwal, Prasad Chalasani, Kassem Fawaz, and Somesh Jha. 2024. PolicyLR: A Logic Representation For Privacy Policies. arXiv preprint arXiv:2408.14830 (aug 2024). https:\/\/arxiv.org\/pdf\/2408.14830"},{"key":"e_1_3_2_2_41_1","volume-title":"Accessed","author":"Artifex Software Inc.","year":"2025","unstructured":"Artifex Software Inc. 2025. PyMuPDF - Python bindings for MuPDF. https:\/\/pypi.org\/project\/PyMuPDF\/. Accessed March 17, 2025."},{"key":"e_1_3_2_2_42_1","volume-title":"California Consumer Privacy Act of","author":"Information California Legislative","year":"2018","unstructured":"California Legislative Information. [n.d.]. California Consumer Privacy Act of 2018. https:\/\/leginfo.legislature.ca.gov\/faces\/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 Accessed November 14, 2024."},{"key":"e_1_3_2_2_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/1572532.1572538"},{"key":"e_1_3_2_2_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/3466722"},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.4135\/9781071878781"},{"key":"e_1_3_2_2_46_1","unstructured":"Alan Levy and Manoj Hastak. 2008. Consumer Comprehension of Financial Privacy Notices: A Report on the Results of the Quantitative Testing. Technical Report. https:\/\/www.ftc.gov\/system\/files\/documents\/reports\/quantitativeresearch- levy-hastak-report\/quantitative_research_-_levy-hastak_report.pdf"},{"key":"e_1_3_2_2_47_1","volume-title":"Proceedings of the 2018 World Wide Web Conference (WWW '18). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE, 207--216","author":"Libert Timothy","year":"2018","unstructured":"Timothy Libert. 2018. An Automated Approach to Auditing Disclosure of Third- Party Data Collection inWebsite Privacy Policies. In Proceedings of the 2018 World Wide Web Conference (WWW '18). International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, CHE, 207--216. doi:10.1145\/ 3178876.3186087"},{"key":"e_1_3_2_2_48_1","doi-asserted-by":"publisher","DOI":"10.1093\/jla\/laaa006"},{"key":"e_1_3_2_2_49_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP40000.2020.00076"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3548606.3560564"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1162\/DAED_a_00113"},{"key":"e_1_3_2_2_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/3313831.3376321"},{"key":"e_1_3_2_2_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/3463676.3485598"},{"key":"e_1_3_2_2_54_1","volume-title":"Large Commercial Banks. https:\/\/www.federalreserve.gov\/releases\/lbr\/20231231\/default.htm Accessed","author":"Federal Reserve System Board","year":"2025","unstructured":"Board of Governors of the Federal Reserve System. 2024. Large Commercial Banks. https:\/\/www.federalreserve.gov\/releases\/lbr\/20231231\/default.htm Accessed March 27, 2025."},{"volume-title":"https:\/\/chromewebstore.google.com\/detail\/ optmeowt\/hdbnkdbhglahihjdbodmfefogcjbpgbo?hl=en-US Accessed","year":"2025","key":"e_1_3_2_2_55_1","unstructured":"Privactechlab. [n.d.]. OptMeowt. https:\/\/chromewebstore.google.com\/detail\/ optmeowt\/hdbnkdbhglahihjdbodmfefogcjbpgbo?hl=en-US Accessed March 17, 2025."},{"key":"e_1_3_2_2_56_1","unstructured":"Ashwini Rao Florian Schaub Norman Sadeh Alessandro Acquisti and Ruogu Kang. 2016. Expecting the Unexpected: Understanding Mismatched Privacy Expectations Online. 77--96. https:\/\/www.usenix.org\/conference\/soups2016\/technical-sessions\/presentation\/rao"},{"key":"e_1_3_2_2_57_1","doi-asserted-by":"publisher","DOI":"10.1086\/688669"},{"key":"e_1_3_2_2_58_1","volume-title":"Accessed","author":"Richardson Leonard","year":"2025","unstructured":"Leonard Richardson. 2025. BeautifulSoup 4. https:\/\/pypi.org\/project\/beautifulsoup4\/. Accessed March 17, 2025."},{"key":"e_1_3_2_2_59_1","volume-title":"Accessed","author":"Riebold John","year":"2023","unstructured":"John Riebold. 2023. BoilerPy3 - Python port of Boilerpipe. https:\/\/pypi.org\/project\/boilerpy3\/. Accessed March 17, 2025."},{"key":"e_1_3_2_2_60_1","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0072"},{"key":"e_1_3_2_2_61_1","volume-title":"Eleventh symposium on usable privacy and security (SOUPS","author":"Schaub Florian","year":"2015","unstructured":"Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Eleventh symposium on usable privacy and security (SOUPS 2015). 1--17."},{"key":"e_1_3_2_2_62_1","unstructured":"U.S. Securities and Exchange Commission. 2009. Final Model Privacy Form under the Gramm-Leach-Bliley Act. https:\/\/www.sec.gov\/files\/rules\/final\/2009\/34--61003.pdf Release No. 34--61003 available at https:\/\/www.sec.gov\/files\/rules\/final\/2009\/34--61003.pdf."},{"key":"e_1_3_2_2_63_1","doi-asserted-by":"publisher","DOI":"10.1007\/s10897-008-9181-0"},{"key":"e_1_3_2_2_64_1","volume-title":"The Impact of Visibility on the Right to Opt-out of Sale under CCPA. arXiv preprint arXiv:2206.10545","author":"Siebel Aden","year":"2022","unstructured":"Aden Siebel and Eleanor Birrell. 2022. The Impact of Visibility on the Right to Opt-out of Sale under CCPA. arXiv preprint arXiv:2206.10545 (2022)."},{"key":"e_1_3_2_2_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2884781.2884855"},{"volume-title":"Accessed","year":"2024","key":"e_1_3_2_2_66_1","unstructured":"Sparx. 2024. Understanding Literacy in the US. https:\/\/www.sparxservices.org\/blog\/us-literacy-statistics-literacy-rate-average-reading-level. Accessed March 24, 2025."},{"key":"e_1_3_2_2_67_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/2021.acl-long.532"},{"key":"e_1_3_2_2_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/3613904.3642597"},{"key":"e_1_3_2_2_69_1","volume-title":"Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA). arXiv preprint arXiv:2409.09222","author":"Tran Van Hong","year":"2024","unstructured":"Van Hong Tran, Aarushi Mehrotra, Ranya Sharma, Marshini Chetty, Nick Feamster, Jens Frankenreiter, and Lior Strahilevitz. 2024. Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA). arXiv preprint arXiv:2409.09222 (2024)."},{"key":"e_1_3_2_2_70_1","volume-title":"States Congress. 2010","author":"United","year":"2025","unstructured":"United States Congress. 2010. 15 U.S. Code \u00a7 6801 - Protection of nonpublic personal information. https:\/\/uscode.house.gov\/view.xhtml?req=granuleid:USCprelim-title15-section6801&edition=prelim. Accessed: 2025-04-02."},{"key":"e_1_3_2_2_71_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3354212"},{"key":"e_1_3_2_2_72_1","doi-asserted-by":"publisher","DOI":"10.2478\/popets-2022-0030"},{"key":"e_1_3_2_2_73_1","doi-asserted-by":"publisher","DOI":"10.1145\/3590152"},{"key":"e_1_3_2_2_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/3590152"},{"key":"e_1_3_2_2_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3363200"},{"key":"e_1_3_2_2_76_1","doi-asserted-by":"publisher","DOI":"10.18653\/v1\/P16-1126"},{"key":"e_1_3_2_2_77_1","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2022-0106"},{"key":"e_1_3_2_2_78_1","volume-title":"32nd USENIX Security Symposium (USENIX Security 23)","author":"Zhou Lu","year":"2023","unstructured":"Lu Zhou, Chengyongxiao Wei, Tong Zhu, Guoxing Chen, Xiaokuan Zhang, Suguo Du, Hui Cao, and Haojin Zhu. 2023. {POLICYCOMP}: counterpart comparison of privacy policies uncovers overbroad personal data collection practices. In 32nd USENIX Security Symposium (USENIX Security 23). 1073--1090."},{"key":"e_1_3_2_2_79_1","doi-asserted-by":"publisher","DOI":"10.56553\/popets-2023-0052"}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"],"location":"Taipei Taiwan","acronym":"CCS '25"},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765072","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765072","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:31:15Z","timestamp":1766442675000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765072"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":79,"alternative-id":["10.1145\/3719027.3765072","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765072","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}