Abstract
Data privacy is an important topic in the public debate. Recent policy changes aimed to strengthen users' control over their own data. We conducted a randomized field trial to show that website owners can undermine this agency by deliberately altering the choice architecture of the cookie banner and “nudge” visitors into sharing their data. Based on a sample of 1493 users, we show that cookie banner manipulations can increase consent by 17 percentage points of the sample. We propose a decomposition of the choice architecture of cookie banners into two elements: (1) the choice-making architecture and (2) the choice outcome architecture. Both can be uniquely manipulated but have different effects on privacy choices. We discuss the implications of these findings with regards to user sovereignty and the need for regulation. We conclude that the ability of website owners to manipulate the outcome of user privacy decisions is probably at odds with the ideal of the ePrivacy Directive and the GDPR.
Original language | English |
---|---|
Article number | 106729 |
Journal | Computers in Human Behavior |
Volume | 120 |
Number of pages | 7 |
ISSN | 0747-5632 |
DOIs | |
Publication status | Published - Jul 2021 |
Keywords
- Dark patterns
- GDPR
- Choice architecture
- Online data privacy