The General Data Protection Regulation (GDPR) has established a de facto standard for presenting consent banners to users. To comply with the GDPR, websites are required to obtain user consent before processing their personal data, both for the provision of services and the monitoring of user behavior. Despite this, the most commonly adopted paradigm involves informing and requesting user preferences when visiting a website, often without adhering to GDPR standards and including dark patterns, such as dark nudges. In this paper, we propose a Personal Information Management Service that automatically generates consent responses based on user preferences, leveraging a Large Language Model. We demonstrate the feasibility of the proposed approach in a case study involving ChatGPT.
Mitigating User Exposure to Dark Patterns in Cookie Banners Through Automated Consent
Ficco M.;Palmieri F.
2023-01-01
Abstract
The General Data Protection Regulation (GDPR) has established a de facto standard for presenting consent banners to users. To comply with the GDPR, websites are required to obtain user consent before processing their personal data, both for the provision of services and the monitoring of user behavior. Despite this, the most commonly adopted paradigm involves informing and requesting user preferences when visiting a website, often without adhering to GDPR standards and including dark patterns, such as dark nudges. In this paper, we propose a Personal Information Management Service that automatically generates consent responses based on user preferences, leveraging a Large Language Model. We demonstrate the feasibility of the proposed approach in a case study involving ChatGPT.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.