Saved in:
| Main Authors: | , , , , , , |
|---|---|
| Format: | Preprint |
| Published: |
2024
|
| Subjects: | |
| Online Access: | https://arxiv.org/abs/2409.09222 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1866909316308533248 |
|---|---|
| author | Tran, Van Hong Mehrotra, Aarushi Sharma, Ranya Chetty, Marshini Feamster, Nick Frankenreiter, Jens Strahilevitz, Lior |
| author_facet | Tran, Van Hong Mehrotra, Aarushi Sharma, Ranya Chetty, Marshini Feamster, Nick Frankenreiter, Jens Strahilevitz, Lior |
| contents | To protect consumer privacy, the California Consumer Privacy Act (CCPA) mandates that businesses provide consumers with a straightforward way to opt out of the sale and sharing of their personal information. However, the control that businesses enjoy over the opt-out process allows them to impose hurdles on consumers aiming to opt out, including by employing dark patterns. Motivated by the enactment of the California Privacy Rights Act (CPRA), which strengthens the CCPA and explicitly forbids certain dark patterns in the opt-out process, we investigate how dark patterns are used in opt-out processes and assess their compliance with CCPA regulations. Our research reveals that websites employ a variety of dark patterns. Some of these patterns are explicitly prohibited under the CCPA; others evidently take advantage of legal loopholes. Despite the initial efforts to restrict dark patterns by policymakers, there is more work to be done. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2409_09222 |
| institution | arXiv |
| publishDate | 2024 |
| record_format | arxiv |
| spellingShingle | Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA) Tran, Van Hong Mehrotra, Aarushi Sharma, Ranya Chetty, Marshini Feamster, Nick Frankenreiter, Jens Strahilevitz, Lior Human-Computer Interaction To protect consumer privacy, the California Consumer Privacy Act (CCPA) mandates that businesses provide consumers with a straightforward way to opt out of the sale and sharing of their personal information. However, the control that businesses enjoy over the opt-out process allows them to impose hurdles on consumers aiming to opt out, including by employing dark patterns. Motivated by the enactment of the California Privacy Rights Act (CPRA), which strengthens the CCPA and explicitly forbids certain dark patterns in the opt-out process, we investigate how dark patterns are used in opt-out processes and assess their compliance with CCPA regulations. Our research reveals that websites employ a variety of dark patterns. Some of these patterns are explicitly prohibited under the CCPA; others evidently take advantage of legal loopholes. Despite the initial efforts to restrict dark patterns by policymakers, there is more work to be done. |
| title | Dark Patterns in the Opt-Out Process and Compliance with the California Consumer Privacy Act (CCPA) |
| topic | Human-Computer Interaction |
| url | https://arxiv.org/abs/2409.09222 |