Is Personalization Worth It? Notifying Blogs about a Privacy Issue Resulting from Poorly Implemented Consent Banners
Kriecherbauer, Theresa; Schwank, Richard; Krauss, Adrian; Neureither, Konstantin; Remme, Lian; Volkamer, Melanie
1; Herrmann, Dominik
1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
1; Herrmann, Dominik1 Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB), Karlsruher Institut für Technologie (KIT)
Abstract:
Several websites integrate trackers without users’ consent. Previous
research studied whether notifying responsible website operators
about such issues is an effective measure, often with limited suc-
cess. Insights from marketing research suggest that personalizing
notification emails may be an effective means to improve reme-
diation rates, with previous research pointing in both directions.
We studied this approach using a sample of 119 German fitness
and sports blogs employing Google Analytics (GA) without user
consent: In a first step, we compare the fix rate of blog operators
that received a personalized notification tailored to their blog with
the fix rate of operators that received a generic notification. We find
that personalized notifications do neither increase remediation rate
nor operators’ response behavior. In a second step, we analyzed the
reasons not to fix mentioned in (A) the email responses and (B) a
survey sent to the blog operators. We find that they mostly center
around (I) denial that a data leak exists, (II) a lack of resources
to remedy the issue and (III) claims of specifically requiring GA.
... mehr
research studied whether notifying responsible website operators
about such issues is an effective measure, often with limited suc-
cess. Insights from marketing research suggest that personalizing
notification emails may be an effective means to improve reme-
diation rates, with previous research pointing in both directions.
We studied this approach using a sample of 119 German fitness
and sports blogs employing Google Analytics (GA) without user
consent: In a first step, we compare the fix rate of blog operators
that received a personalized notification tailored to their blog with
the fix rate of operators that received a generic notification. We find
that personalized notifications do neither increase remediation rate
nor operators’ response behavior. In a second step, we analyzed the
reasons not to fix mentioned in (A) the email responses and (B) a
survey sent to the blog operators. We find that they mostly center
around (I) denial that a data leak exists, (II) a lack of resources
to remedy the issue and (III) claims of specifically requiring GA.
... mehr
| Zugehörige Institution(en) am KIT | Institut für Angewandte Informatik und Formale Beschreibungsverfahren (AIFB) Kompetenzzentrum für angewandte Sicherheitstechnologie (KASTEL) |
| Publikationstyp | Proceedingsbeitrag |
| Publikationsdatum | 30.07.2024 |
| Sprache | Englisch |
| Identifikator | ISBN: 979-84-00-71718-5 KITopen-ID: 1000173852 |
| HGF-Programm | 46.23.01 (POF IV, LK 01) Methods for Engineering Secure Systems |
| Erschienen in | ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security |
| Veranstaltung | International Conference on Availability, Reliability and Security (ARES 2024), Wien, Österreich, 30.07.2024 – 02.08.2024 |
| Verlag | Association for Computing Machinery (ACM) |
| Seiten | 1–7 |
| Nachgewiesen in | Scopus Dimensions OpenAlex |