{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T01:49:48Z","timestamp":1756000188653},"reference-count":69,"publisher":"Privacy Enhancing Technologies Symposium Advisory Board","issue":"2","license":[{"start":{"date-parts":[[2022,3,3]],"date-time":"2022-03-03T00:00:00Z","timestamp":1646265600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by-nc-nd\/3.0"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2022,4,1]]},"abstract":"<jats:title>Abstract<\/jats:title>\n               <jats:p>The sending of marketing emails is regulated to protect users from unsolicited emails. For instance, the European Union\u2019s ePrivacy Directive states that marketers must obtain users\u2019 prior consent, and the General Data Protection Regulation (GDPR) specifies further that such consent must be freely given, specific, informed, and unambiguous.<\/jats:p>\n               <jats:p>Based on these requirements, we design a labeling of legal characteristics for websites and emails. This leads to a simple decision procedure that detects potential legal violations. Using our procedure, we evaluated 1000 websites and the 5000 emails resulting from registering to these websites. Both datasets and evaluations are available upon request. We find that 21.9% of the websites contain potential violations of privacy and unfair competition rules, either in the registration process (17.3%) or email communication (17.7%). We demonstrate with a statistical analysis the possibility of automatically detecting such potential violations.<\/jats:p>","DOI":"10.2478\/popets-2022-0046","type":"journal-article","created":{"date-parts":[[2022,3,5]],"date-time":"2022-03-05T04:26:32Z","timestamp":1646454392000},"page":"282-303","source":"Crossref","is-referenced-by-count":9,"title":["Checking Websites\u2019 GDPR Consent Compliance for Marketing Emails"],"prefix":"10.56553","volume":"2022","author":[{"given":"Karel","family":"Kub\u00ed\u010dek","sequence":"first","affiliation":[{"name":"ETH Zurich"}]},{"given":"Jakob","family":"Merane","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]},{"given":"Carlos","family":"Cotrini","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]},{"given":"Alexander","family":"Stremitzer","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]},{"given":"Stefan","family":"Bechtold","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]},{"given":"David","family":"Basin","sequence":"additional","affiliation":[{"name":"ETH Zurich"}]}],"member":"35752","published-online":{"date-parts":[[2022,3,3]]},"reference":[{"key":"2022060207202851836_j_popets-2022-0046_ref_001","doi-asserted-by":"crossref","unstructured":"[1] F. Al Maqbali and C. J. Mitchell. \u201cWeb Password Recovery: A Necessary Evil?\u201d In: Proceedings of the Future Technologies Conference. Springer. 2018, pp. 324\u2013341.10.1007\/978-3-030-02683-7_23","DOI":"10.1007\/978-3-030-02683-7_23"},{"key":"2022060207202851836_j_popets-2022-0046_ref_002","doi-asserted-by":"crossref","unstructured":"[2] R. Amos, G. Acar, E. Lucherini, M. Kshirsagar, A. Narayanan, and J. Mayer. \u201cPrivacy Policies over Time: Curation and Analysis of a Million-Document Dataset.\u201d In: Proceedings of The Web Conference 2021. WWW \u201921. Association for Computing Machinery, Apr. 19, 2021, p. 22. doi: 10.1145\/3442381.3450048.10.1145\/3442381.3450048","DOI":"10.1145\/3442381.3450048"},{"key":"2022060207202851836_j_popets-2022-0046_ref_003","unstructured":"[3] Art. 29 Data Protection Working Party. Opinion 5\/2004 on unsolicited communications for marketing purposes under Article 13 of Directive 2002\/58\/EC. Feb. 2004."},{"key":"2022060207202851836_j_popets-2022-0046_ref_004","unstructured":"[4] Austrian Data Protection Authority (Datenschutzbeh\u00f6rde). DSB-D130.073\/0008-DSB\/2019. https:\/\/gdprhub.eu\/index.php?title=DSB_-_DSB-D130.073\/0008-DSB\/2019. 2019."},{"key":"2022060207202851836_j_popets-2022-0046_ref_005","unstructured":"[5] Baden-W\u00fcrttemberg Data Protection Authority (LfDI Baden-W\u00fcrttemberg). LfDI - O 1018\/115. https:\/\/gdprhub.eu\/index.php?title=LfDI_-_O_1018\/115. 2018."},{"key":"2022060207202851836_j_popets-2022-0046_ref_006","doi-asserted-by":"crossref","unstructured":"[6] Y. Bakos, F. Marotta-Wurgler, and D. R. Trossen. \u201cDoes anyone read the fine print? Consumer attention to standard-form contracts.\u201d In: The Journal of Legal Studies 43.1 (2014), pp. 1\u201335.","DOI":"10.1086\/674424"},{"key":"2022060207202851836_j_popets-2022-0046_ref_007","doi-asserted-by":"crossref","unstructured":"[7] D. Bui, K. G. Shin, J.-M. Choi, and J. Shin. \u201cAutomated Extraction and Presentation of Data Practices in Privacy Policies.\u201d In: Proceedings on Privacy Enhancing Technologies 2021.2 (2021), pp. 88\u2013110.","DOI":"10.2478\/popets-2021-0019"},{"key":"2022060207202851836_j_popets-2022-0046_ref_008","doi-asserted-by":"crossref","unstructured":"[8] M. Chatzimpyrros, K. Solomos, and S. Ioannidis. \u201cYou Shall Not Register! Detecting Privacy Leaks Across Registration Forms.\u201d In: Computer Security. Springer, 2019, pp. 91\u2013104.10.1007\/978-3-030-42051-2_7","DOI":"10.1007\/978-3-030-42051-2_7"},{"key":"2022060207202851836_j_popets-2022-0046_ref_009","doi-asserted-by":"crossref","unstructured":"[9] J. Cohen. \u201cA coefficient of agreement for nominal scales.\u201d In: Educational and psychological measurement 20.1 (1960), pp. 37\u201346.10.1177\/001316446002000104","DOI":"10.1177\/001316446002000104"},{"key":"2022060207202851836_j_popets-2022-0046_ref_010","doi-asserted-by":"crossref","unstructured":"[10] M. Degeling, C. Utz, C. Lentzsch, H. Hosseini, F. Schaub, and T. Holz. \u201cWe Value Your Privacy... Now Take Some Cookies: Measuring the GDPR\u2019s Impact on Web Privacy.\u201d In: Network and Distributed Systems Security (NDSS) Symposium. 2019.10.14722\/ndss.2019.23378","DOI":"10.14722\/ndss.2019.23378"},{"key":"2022060207202851836_j_popets-2022-0046_ref_011","unstructured":"[11] Deutsche Bundestag. German Act against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb) in the version published on 3 March 2010 (Federal Law Gazette I p. 254), as last amended by Article 1 of the Act of 10 August 2021 (Federal Law Gazette I, p. 3504). 2021."},{"key":"2022060207202851836_j_popets-2022-0046_ref_012","unstructured":"[12] Deutsche Bundestag. German Telemedia Act (Telemediengesetz) in the version published on 26 February 2007 (Federal Law Gazette I p. 179, 251), as last amended by Article 3 of the Act of 12 August 2021 (Federal Law Gazette I, p. 3544). 2021."},{"key":"2022060207202851836_j_popets-2022-0046_ref_013","unstructured":"[13] J. Devlin, M.-W. Chang, K. Lee, and K. Toutanova. \u201cBERT: Pre-training of deep bidirectional transformers for language understanding.\u201d In: arXiv preprint arXiv:1810.04805 (2018)."},{"key":"2022060207202851836_j_popets-2022-0046_ref_014","unstructured":"[14] Directorate-General for the Information Society and Media (European Commission). ePrivacy Directive, assessment of transposition, effectiveness and compatibility with the proposed data protection regulation. doi:10.2759\/419180. 2015."},{"key":"2022060207202851836_j_popets-2022-0046_ref_015","doi-asserted-by":"crossref","unstructured":"[15] K. Drakonakis, S. Ioannidis, and J. Polakis. \u201cThe Cookie Hunter: Automated Black-box Auditing for Web Authentication and Authorization Flaws.\u201d In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 2020, pp. 1953\u20131970.10.1145\/3372297.3417869","DOI":"10.1145\/3372297.3417869"},{"key":"2022060207202851836_j_popets-2022-0046_ref_016","unstructured":"[16] L. Edwards. The New Legal Framework for E-Commerce in Europe. ISBN 978-1-847-31261-7, Hart Publishing, 2005."},{"key":"2022060207202851836_j_popets-2022-0046_ref_017","doi-asserted-by":"crossref","unstructured":"[17] V. Emmerich and K. W. Lange. Unfair competition (Unlauterer Wettbewerb). ISBN 978-3-406-72639-2, C.H. Beck, 2019.10.17104\/9783406746475","DOI":"10.17104\/9783406746475"},{"key":"2022060207202851836_j_popets-2022-0046_ref_018","doi-asserted-by":"crossref","unstructured":"[18] S. Englehardt, J. Han, and A. Narayanan. \u201cI never signed up for this! Privacy implications of email tracking.\u201d In: Proceedings on Privacy Enhancing Technologies 2018.1 (2018), pp. 109\u2013126.","DOI":"10.1515\/popets-2018-0006"},{"key":"2022060207202851836_j_popets-2022-0046_ref_019","unstructured":"[19] L. Epstein and A. D. Martin. An introduction to empirical legal research. Oxford University Press, 2014."},{"key":"2022060207202851836_j_popets-2022-0046_ref_020","unstructured":"[20] European Commission. Guidance on the implementation\/application of Directive 2005\/29\/EC on Unfair Commercial Practices. May 25, 2016."},{"key":"2022060207202851836_j_popets-2022-0046_ref_021","doi-asserted-by":"crossref","unstructured":"[21] European Data Protection Board. Opinion 5\/2019 on the interplay between the ePrivacy Directive and the GDPR, in particular regarding the competence, tasks and powers of data protection authorities. Mar. 2019.10.21552\/edpl\/2019\/2\/12","DOI":"10.21552\/edpl\/2019\/2\/12"},{"key":"2022060207202851836_j_popets-2022-0046_ref_022","unstructured":"[22] European Data Protection Board. Guidelines 05\/2020 on consent under Regulation 2016\/679 (GDPR). May 2020."},{"key":"2022060207202851836_j_popets-2022-0046_ref_023","unstructured":"[23] European Parliament, Council of the European Union. Directive 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. 1995."},{"key":"2022060207202851836_j_popets-2022-0046_ref_024","unstructured":"[24] European Parliament, Council of the European Union. Directive 2000\/31\/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (\u2019Directive on electronic commerce\u2019). June 8, 2000."},{"key":"2022060207202851836_j_popets-2022-0046_ref_025","unstructured":"[25] European Parliament, Council of the European Union. Directive 2002\/58\/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). 2002."},{"key":"2022060207202851836_j_popets-2022-0046_ref_026","unstructured":"[26] European Parliament, Council of the European Union. Directive 2005\/29\/EC of the European Parliament and of the Council of 11 May 2005 concerning unfair business-to-consumer commercial practices in the Internal Market and amending Council Directive 84\/450\/EEC, Directives 97\/7\/EC, 98\/27\/EC and 2002\/65\/EC of the European Parliament and of the Council and Regulation (EC) No 2006\/2004 of the European Parliament and of the Council (\u2018Unfair Commercial Practices Directive\u2019). May 11, 2005."},{"key":"2022060207202851836_j_popets-2022-0046_ref_027","unstructured":"[27] European Parliament, Council of the European Union. Directive 2006\/114\/EC of the European Parliament and of the Council of 12 December 2006 concerning misleading and comparative advertising. Dec. 12, 2006."},{"key":"2022060207202851836_j_popets-2022-0046_ref_028","doi-asserted-by":"crossref","unstructured":"[28] N. Gelernter, S. Kalma, B. Magnezi, and H. Porcilan. \u201cThe password reset MitM attack.\u201d In: 2017 IEEE Symposium on Security and Privacy (SP). IEEE. 2017, pp. 251\u2013267.10.1109\/SP.2017.9","DOI":"10.1109\/SP.2017.9"},{"key":"2022060207202851836_j_popets-2022-0046_ref_029","unstructured":"[29] J. Gluck, F. Schaub, A. Friedman, H. Habib, N. Sadeh, L. F. Cranor, and Y. Agarwal. \u201cHow short is too short? Implications of length and framing on the effectiveness of privacy notices.\u201d In: Twelfth Symposium on Usable Privacy and Security (SOUPS 2016). 2016, pp. 321\u2013340."},{"key":"2022060207202851836_j_popets-2022-0046_ref_030","unstructured":"[30] I. J. Goodfellow, J. Shlens, and C. Szegedy. \u201cExplaining and harnessing adversarial examples.\u201d In: arXiv preprint arXiv:1412.6572 (2014)."},{"key":"2022060207202851836_j_popets-2022-0046_ref_031","unstructured":"[31] M. Hamin. \u201cdon\u2019t ignore this:\u201d Automating the Collection and Analysis of Campaign Emails. Tech. rep. Princeton University, 2018."},{"key":"2022060207202851836_j_popets-2022-0046_ref_032","unstructured":"[32] H. Harkous, K. Fawaz, R. Lebret, F. Schaub, K. G. Shin, and K. Aberer. \u201cPolisis: Automated analysis and presentation of privacy policies using deep learning.\u201d In: 27th USENIX Security Symposium (USENIX Security 18). 2018, pp. 531\u2013548."},{"key":"2022060207202851836_j_popets-2022-0046_ref_033","unstructured":"[33] D. Jahnel. Legal commentary on the General Data Protection Regulation (GDPR) (Kommentar zur Datenschutz-Grundverordnung (DSGVO)), Art. 7 Conditions for consent (Bedingungen f\u00fcr die Einwilligung). ISBN 978-3-709-70178-2, Jan Sramek Verlag, 2021."},{"key":"2022060207202851836_j_popets-2022-0046_ref_034","unstructured":"[34] A. Javanmard and M. Soltanolkotabi. \u201cPrecise statistical analysis of classification accuracies for adversarial training.\u201d In: arXiv preprint arXiv:2010.11213 (2020)."},{"key":"2022060207202851836_j_popets-2022-0046_ref_035","unstructured":"[35] Judgement of the Court of Justice of the European Union from November 11, 2020. C-61\/19, EU:C:2020:901. 2020."},{"key":"2022060207202851836_j_popets-2022-0046_ref_036","unstructured":"[36] Judgement of the Court of Justice of the European Union from October 1, 2019. C-673\/17, EU:C:2019:801. 2019."},{"key":"2022060207202851836_j_popets-2022-0046_ref_037","unstructured":"[37] Judgement of the Federal Court of Justice (BHG) from February 1, 2018. III ZR 196\/17. 2018."},{"key":"2022060207202851836_j_popets-2022-0046_ref_038","unstructured":"[38] Judgement of the Federal Court of Justice (BHG) from July 10, 2018. VI ZR 225\/17. 2018."},{"key":"2022060207202851836_j_popets-2022-0046_ref_039","unstructured":"[39] Judgement of the Federal Court of Justice (BHG) from July 16, 2008. VIII ZR 348\/06. 2008."},{"key":"2022060207202851836_j_popets-2022-0046_ref_040","unstructured":"[40] Judgement of the Federal Court of Justice (BHG) from March 14, 2017. VI ZR 721\/15. 2017."},{"key":"2022060207202851836_j_popets-2022-0046_ref_041","unstructured":"[41] Judgement of the Federal Court of Justice (BHG) from May 28, 2020. I ZR 7\/16. 2020."},{"key":"2022060207202851836_j_popets-2022-0046_ref_042","unstructured":"[42] Judgement of the Higher Regional Court of Munich (OLG M\u00fcnchen) from February 15, 2018. 29 U 2799\/17. 2018."},{"key":"2022060207202851836_j_popets-2022-0046_ref_043","unstructured":"[43] P. Kast. Automating website registration for GDPR compliance analysis, Bachelor\u2019s thesis, ETH Zurich. Bachelor\u2019s Thesis. 2021."},{"key":"2022060207202851836_j_popets-2022-0046_ref_044","unstructured":"[44] V. B. Kumar, R. Iyengar, N. Nisal, Y. Feng, H. Habib, P. Story, S. Cherivirala, M. Hagan, L. Cranor, S. Wilson, et al. \u201cFinding a Choice in a Haystack: Automatic Extraction of Opt-Out Statements from Privacy Policy Text.\u201d In: Proceedings of The Web Conference 2020. 2020."},{"key":"2022060207202851836_j_popets-2022-0046_ref_045","unstructured":"[45] Legal team of the Certified Senders Alliance. DOI: if not now, then when?! https:\/\/certified-senders.org\/blog\/doi-if-not-now-then-when\/. 2017. (Visited on 08\/25\/2021)."},{"key":"2022060207202851836_j_popets-2022-0046_ref_046","unstructured":"[46] R. Liepin, G. Contissa, K. Drazewski, F. Lagioia, M. Lippi, H.-W. Micklitz, P. Palka, G. Sartor, and P. Torroni. \u201cGDPR privacy policies in CLAUDETTE: Challenges of omission, context and multilingualism.\u201d In: 3rd Workshop on Automated Semantic Analysis of Information in Legal Texts, ASAIL 2019. Vol. 2385. CEUR-WS. 2019."},{"key":"2022060207202851836_j_popets-2022-0046_ref_047","doi-asserted-by":"crossref","unstructured":"[47] T. Linden, R. Khandelwal, H. Harkous, and K. Fawaz. \u201cThe privacy policy landscape after the GDPR.\u201d In: Proceedings on Privacy Enhancing Technologies 2020.1 (2020), pp. 47\u201364.","DOI":"10.2478\/popets-2020-0004"},{"key":"2022060207202851836_j_popets-2022-0046_ref_048","doi-asserted-by":"crossref","unstructured":"[48] D. Machuletz and R. B\u00f6hme. \u201cMultiple purposes, multiple problems: A user study of consent dialogs after GDPR.\u201d In: Proceedings on Privacy Enhancing Technologies 2020.2 (2020), pp. 481\u2013498.","DOI":"10.2478\/popets-2020-0037"},{"key":"2022060207202851836_j_popets-2022-0046_ref_049","unstructured":"[49] P. Mankowski. Legal commentary on the German Act against Unfair Competition (Kommentar zum Gesetz gegen den unlauteren Wettbewerb (UWG)), \u00a7 7 UWG Unacceptable nuisance (Unzumutbare Bel\u00e4stigungen), Par. 238, in K. Fezer, W. B\u00fcscher and E. Obergfell. Unfair competition law (Lauterkeitsrecht). 2016."},{"key":"2022060207202851836_j_popets-2022-0046_ref_050","unstructured":"[50] Is email marketing dead? https:\/\/optinmonster.com\/is-email-marketing-dead-heres-what-the-statistics-show\/."},{"key":"2022060207202851836_j_popets-2022-0046_ref_051","unstructured":"[51] Marketing email tracker 2019. https:\/\/dma.org.uk\/uploads\/misc\/marketers-email-tracker-2019.pdf."},{"key":"2022060207202851836_j_popets-2022-0046_ref_052","doi-asserted-by":"crossref","unstructured":"[52] A. Mathur, G. Acar, M. J. Friedman, E. Lucherini, J. Mayer, M. Chetty, and A. Narayanan. \u201cDark patterns at scale: Findings from a crawl of 11K shopping websites.\u201d In: Proceedings of the ACM on Human-Computer Interaction 3.CSCW (2019), pp. 1\u201332.","DOI":"10.1145\/3359183"},{"key":"2022060207202851836_j_popets-2022-0046_ref_053","doi-asserted-by":"crossref","unstructured":"[53] A. Mathur, M. Kshirsagar, and J. Mayer. \u201cWhat makes a dark pattern... dark? Design attributes, normative considerations, and measurement methods.\u201d In: Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems. 2021, pp. 1\u201318.10.1145\/3411764.3445610","DOI":"10.1145\/3411764.3445610"},{"key":"2022060207202851836_j_popets-2022-0046_ref_054","unstructured":"[54] A. Mathur, A. Wang, C. Schwemmer, M. Hamin, B. M. Stewart, and A. Narayanan. Manipulative tactics are the norm in political emails: Evidence from 100K emails from the 2020 U.S. election cycle. https:\/\/electionemails2020.org.2020."},{"key":"2022060207202851836_j_popets-2022-0046_ref_055","doi-asserted-by":"crossref","unstructured":"[55] C. Matte, N. Bielova, and C. Santos. \u201cDo Cookie Banners Respect my Choice? Measuring Legal Compliance of Banners from IAB Europe\u2019s Transparency and Consent Framework.\u201d In: 2020 IEEE Symposium on Security and Privacy (SP). IEEE. 2020, pp. 791\u2013809.10.1109\/SP40000.2020.00076","DOI":"10.1109\/SP40000.2020.00076"},{"key":"2022060207202851836_j_popets-2022-0046_ref_056","unstructured":"[56] A. M. McDonald and L. F. Cranor. \u201cThe cost of reading privacy policies.\u201d In: ISJLP 4 (2008), p. 543."},{"key":"2022060207202851836_j_popets-2022-0046_ref_057","unstructured":"[57] D. Mederle. The regulation of spam and unsolicited commercial emails (Die Regulierung von Spam und unerbetenen kommerziellen E-Mails). Heymanns, 2010. isbn: 3452272680."},{"key":"2022060207202851836_j_popets-2022-0046_ref_058","unstructured":"[58] H. Micklitz and M. Schirmbacher. Legal commentary on the German Act against Unfair Competition (Kommentar zum Gesetz gegen den unlauteren Wettbewerb (UWG)), \u00a7 7 UWG Unacceptable nuisance (Unzumutbare Bel\u00e4stigungen), Par. 203 in G. Spindler and F. Schuster, Electronic Media Law, 4th edition 2019, (Recht der elektronischen Medien, 4. Aufl. 2019). 2019."},{"key":"2022060207202851836_j_popets-2022-0046_ref_059","unstructured":"[59] H. Micklitz and M. Schirmbacher. Legal commentary on the German Telemedia Act (Kommentar zum Telemediengesetz (TMG)), \u00a7 4-6 TMG, in G. Spindler and F. Schuster, Electronic Media Law, 4th edition 2019, (Recht der elektronischen Medien, 4. Aufl. 2019). 2019."},{"key":"2022060207202851836_j_popets-2022-0046_ref_060","doi-asserted-by":"crossref","unstructured":"[60] M. Nouwens, I. Liccardi, M. Veale, D. Karger, and L. Kagal. \u201cDark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence.\u201d In: Proceedings of the 2020 CHI conference on human factors in computing systems. 2020, pp. 1\u201313.10.1145\/3313831.3376321","DOI":"10.1145\/3313831.3376321"},{"key":"2022060207202851836_j_popets-2022-0046_ref_061","doi-asserted-by":"crossref","unstructured":"[61] J. Oh, J. Hong, C. Lee, J. J. Lee, S. S. Woo, and K. Lee. \u201cWill EU\u2019s GDPR Act as an Effective Enforcer to Gain Consent?\u201d In: IEEE Access (2021).10.1109\/ACCESS.2021.3083897","DOI":"10.1109\/ACCESS.2021.3083897"},{"key":"2022060207202851836_j_popets-2022-0046_ref_062","doi-asserted-by":"crossref","unstructured":"[62] C. Routh, B. DeCrescenzo, and S. Roy. \u201cAttacks and vulnerability analysis of e-mail as a password reset point.\u201d In: 2018 Fourth International Conference on Mobile and Secure Services (MobiSecServ). IEEE. 2018, pp. 1\u20135.10.1109\/MOBISECSERV.2018.8311443","DOI":"10.1109\/MOBISECSERV.2018.8311443"},{"key":"2022060207202851836_j_popets-2022-0046_ref_063","unstructured":"[63] C. Santos, N. Bielova, and C. Matte. \u201cAre cookie banners indeed compliant with the law? Deciphering EU legal requirements on consent and technical means to verify compliance of cookie banners.\u201d In: Technology and Regulation (2020). 2019, pp. 91\u2013135."},{"key":"2022060207202851836_j_popets-2022-0046_ref_064","doi-asserted-by":"crossref","unstructured":"[64] J. Sim and C. C. Wright. \u201cThe kappa statistic in reliability studies: use, interpretation, and sample size requirements.\u201d In: Physical therapy 85.3 (2005), pp. 257\u2013268.","DOI":"10.1093\/ptj\/85.3.257"},{"key":"2022060207202851836_j_popets-2022-0046_ref_065","doi-asserted-by":"crossref","unstructured":"[65] M. Trevisan, S. Traverso, E. Bassi, and M. Mellia. \u201c4 years of EU cookie law: Results and lessons learned.\u201d In: Proceedings on Privacy Enhancing Technologies 2019.2 (2019), pp. 126\u2013145.","DOI":"10.2478\/popets-2019-0023"},{"key":"2022060207202851836_j_popets-2022-0046_ref_066","unstructured":"[66] J. Weiser. \u201cThe possibility of using a partnership exchange can be \u201cselling a service\u201d in the sense of the UWG (Nutzungsm\u00f6glichkeit einer Partnerschaftsb\u00f6rse kann \u201cVerkauf einer Dienstleistung\u201d im Sinne des UWG sein).\u201d In: GRUR-Prax, (Gewerblicher Rechtsschutz und Urheberrecht, Praxis im Immaterialg\u00fcter- und Wettbewerbsrecht) 2018.10 (2018), p. 291."},{"key":"2022060207202851836_j_popets-2022-0046_ref_067","doi-asserted-by":"crossref","unstructured":"[67] S. Wilson, F. Schaub, A. A. Dara, F. Liu, S. Cherivirala, P. G. Leon, M. S. Andersen, S. Zimmeck, K. M. Sathyendra, N. C. Russell, et al. \u201cThe creation and analysis of a website privacy policy corpus.\u201d In: Proceedings of the 54th Annual Meeting of the Association for Computational Linguistics (Volume 1: Long Papers). 2016, pp. 1330\u20131340.10.18653\/v1\/P16-1126","DOI":"10.18653\/v1\/P16-1126"},{"key":"2022060207202851836_j_popets-2022-0046_ref_068","doi-asserted-by":"crossref","unstructured":"[68] S. Zimmeck, P. Story, D. Smullen, A. Ravichander, Z. Wang, J. Reidenberg, N. C. Russell, and N. Sadeh. \u201cMAPS: Scaling privacy compliance analysis to a million apps.\u201d In: Proceedings on Privacy Enhancing Technologies 2019.3 (2019), pp. 66\u201386.","DOI":"10.2478\/popets-2019-0037"},{"key":"2022060207202851836_j_popets-2022-0046_ref_069","unstructured":"[69] K. A. Zscherpe. \u201cDirect marketing by e-mail \u2013 How can companies proceed legally? (Direktmarketing per E-Mail \u2013 Wie k\u00f6nnen Unternehmen rechtlich einwandfrei vorgehen?)\u201d In: Journal of Business and Consumer Law, (Zeitschrift f\u00fcr Wirtschafts- und Verbraucherrecht) 2008.9 (2008), pp. 327\u2013322."}],"container-title":["Proceedings on Privacy Enhancing Technologies"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.sciendo.com\/pdf\/10.2478\/popets-2022-0046","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2022,7,20]],"date-time":"2022-07-20T16:32:04Z","timestamp":1658334724000},"score":1,"resource":{"primary":{"URL":"https:\/\/petsymposium.org\/popets\/2022\/popets-2022-0046.php"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,3,3]]},"references-count":69,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2022,3,3]]},"published-print":{"date-parts":[[2022,4,1]]}},"alternative-id":["10.2478\/popets-2022-0046"],"URL":"https:\/\/doi.org\/10.2478\/popets-2022-0046","relation":{},"ISSN":["2299-0984"],"issn-type":[{"value":"2299-0984","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,3,3]]}}}