Investigation on the presence of third-parties on EU websites before and after GDPR
Author
Kristofik, Michal
Term
4. term
Publication year
2021
Submitted on
2021-03-31
Pages
71
Abstract
I maj 2018 trådte Databeskyttelsesforordningen (GDPR) i kraft, hvilket satte gang i debatter om efterlevelse og konsekvenser for nettet. Dette projekt undersøger, om starttidspunktet for GDPR påvirkede tilstedeværelsen af tredjeparter på websites med oprindelse i EU/EØS. Tredjeparter er eksterne virksomheder, hvis kode indlæses på en side, fx reklamenetværk, analyse- og sporingstjenester eller sociale medie-widgets. Vi indsamlede data fra februar 2018 til juni 2020 i 59 gentagne runder. I hver runde besøgte vi 12.778 sider, hvoraf 10.089 havde oprindelse i EU/EØS. For hver side registrerede vi, hvor mange tredjeparter der blev kontaktet, samt HTTP-svarstatus (hvor “200 OK” betyder, at siden var tilgængelig). Vi så et lille, indledende fald i antallet af tredjeparter efter GDPR trådte i kraft, efterfulgt af et langsomt, gradvist fald over tid. Da vi imidlertid hver gang besøgte den samme mængde sider, og færre sider i hver runde returnerede 200 OK, har vi ikke stærke beviser for, at GDPR forårsagede faldet. Faldet kan afspejle tilgængelighed og andre forhold, så vi kan ikke tilskrive det GDPR’s ikrafttræden. Afslutningsvis analyserer vi også tredjeparternes formål og om nogle fremstår skadelige.
In May 2018, the General Data Protection Regulation (GDPR) took effect, prompting debate about compliance and its impact on the web. This study asks whether its start affected the presence of third parties on websites originating in the EU/EEA. Third parties are outside companies whose code loads on a site, such as advertising networks, analytics and tracking services, or social media widgets. We collected data from February 2018 to June 2020 across 59 repeated rounds. In each round we visited 12,778 sites, of which 10,089 were from the EU/EEA. For each site we recorded how many third parties were contacted and the HTTP response status (where “200 OK” means the site was reachable). We observed a small initial drop in the number of third parties after GDPR took effect, followed by a slow, gradual decrease over time. However, because we revisited the same set of sites and, in each round, fewer sites returned a 200 OK status, we lack strong evidence that GDPR caused the decline. The decrease may reflect site availability and other factors, so we cannot attribute it to the start of GDPR. Finally, we examine what these third parties are used for and whether any appear malicious.
[This abstract was generated with the help of AI]
Keywords
Documents