The web is global, but privacy laws differ by country. Which set of privacy rules do websites follow? We empirically study this question by detecting and analyzing cookie notices in an automated way. We crawl 1,500 European, American, and Canadian websites from each of 18 countries. We detect cookie notices on 40 percent of websites in our sample. We treat the presence or absence of cookie notices, as well as visual differences, as proxies for differences in privacy rules. Using a series of regression models, we find that the website's Top Level Domain explains a substantial portion of the variance in cookie notice metrics, but the user's vantage point does not. This suggests that websites follow one set of privacy rules for all their users. There is one exception to this finding: cookie notices differ when accessing .com domains from inside versus outside of the EU. We highlight ways in which future research could build on our preliminary findings.
翻译:网络是全球性的, 但隐私法却因国家而异。 网站遵循哪些隐私规则? 我们通过自动方式检测和分析饼干通知来实证研究这一问题。 我们从18个国家的每个网站爬行1500个欧洲、美国和加拿大网站。 我们从抽样的40%的网站上探测到饼干通知。 我们把是否存在饼干通知以及视觉差异作为隐私规则差异的替代物。 我们使用一系列回归模型发现,网站的顶层域名说明了饼干通知标准差异的很大一部分,但用户的偏好点并非如此。 这表明网站遵循了所有用户的一套隐私规则。 这一发现有一个例外: 当访问欧盟内外的.com域时, cookie通知有所不同。 我们强调未来研究可以借鉴我们的初步发现的方式。