Saved in:
Bibliographic Details
Main Authors: Tran, Van Hong, Mehrotra, Aarushi, Sharma, Ranya, Chetty, Marshini, Feamster, Nick, Frankenreiter, Jens, Strahilevitz, Lior
Format: Preprint
Published: 2024
Subjects:
Online Access:https://arxiv.org/abs/2409.09222
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909316308533248
author Tran, Van Hong
Mehrotra, Aarushi
Sharma, Ranya
Chetty, Marshini
Feamster, Nick
Frankenreiter, Jens
Strahilevitz, Lior
author_facet Tran, Van Hong
Mehrotra, Aarushi
Sharma, Ranya
Chetty, Marshini
Feamster, Nick
Frankenreiter, Jens
Strahilevitz, Lior
contents To protect consumer privacy, the California Consumer Privacy Act (CCPA) mandates that businesses provide consumers with a straightforward way to opt out of the sale and sharing of their personal information. However, the control that businesses enjoy over the opt-out process allows them to impose hurdles on consumers aiming to opt out, including by employing dark patterns. Motivated by the enactment of the California Privacy Rights Act (CPRA), which strengthens the CCPA and explicitly forbids certain dark patterns in the opt-out process, we investigate how dark patterns are used in opt-out processes and assess their compliance with CCPA regulations. Our research reveals that websites employ a variety of dark patterns. Some of these patterns are explicitly prohibited under the CCPA; others evidently take advantage of legal loopholes. Despite the initial efforts to restrict dark patterns by policymakers, there is more work to be done.
format Preprint
id arxiv_https___arxiv_org_abs_2409_09222
institution arXiv
publishDate 2024
record_format arxiv
spellingShingle Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA)
Tran, Van Hong
Mehrotra, Aarushi
Sharma, Ranya
Chetty, Marshini
Feamster, Nick
Frankenreiter, Jens
Strahilevitz, Lior
Human-Computer Interaction
To protect consumer privacy, the California Consumer Privacy Act (CCPA) mandates that businesses provide consumers with a straightforward way to opt out of the sale and sharing of their personal information. However, the control that businesses enjoy over the opt-out process allows them to impose hurdles on consumers aiming to opt out, including by employing dark patterns. Motivated by the enactment of the California Privacy Rights Act (CPRA), which strengthens the CCPA and explicitly forbids certain dark patterns in the opt-out process, we investigate how dark patterns are used in opt-out processes and assess their compliance with CCPA regulations. Our research reveals that websites employ a variety of dark patterns. Some of these patterns are explicitly prohibited under the CCPA; others evidently take advantage of legal loopholes. Despite the initial efforts to restrict dark patterns by policymakers, there is more work to be done.
title Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA)
topic Human-Computer Interaction
url https://arxiv.org/abs/2409.09222