Abstract
Data privacy is an important topic in the public debate. Recent policy changes aimed to strengthen users' control over their own data. We conducted a randomized field trial to show that website owners can undermine this agency by deliberately altering the choice architecture of the cookie banner and “nudge” visitors into sharing their data. Based on a sample of 1493 users, we show that cookie banner manipulations can increase consent by 17 percentage points of the sample. We propose a decomposition of the choice architecture of cookie banners into two elements: (1) the choice-making architecture and (2) the choice outcome architecture. Both can be uniquely manipulated but have different effects on privacy choices. We discuss the implications of these findings with regards to user sovereignty and the need for regulation. We conclude that the ability of website owners to manipulate the outcome of user privacy decisions is probably at odds with the ideal of the ePrivacy Directive and the GDPR.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
