What is in Your Cookie Box? Explaining Ingredients of Web Cookies with Knowledge Graphs

Tracking #: 3435-4649

Geni Bushati
Sven Rasmusen
Anelia Kurteva
Petraq Nako
Anurag Vats
Anna Fensel

Responsible editor: 
Guest Editors Interactive SW 2022

Submission type: 
Full Paper
The General Data Protection Regulation (GDPR) has imposed strict requirements for data sharing, one of which is informed consent. A common way to request consent online is via cookies. However, commonly, users accept online cookies being unaware of the meaning of the given consent and the following implications. Once consent is given, the cookie "disappears", and one forgets that consent was given in the first place. Retrieving cookies and consent logs becomes challenging, as most information is stored in the specific internet browser’s logs. To make users aware of the data sharing implied by cookie consent and to support transparency and traceability within systems, we present a knowledge graph (KG) based tool for personalised cookie consent information visualisation. The KG is based on the OntoCookie ontology, which models cookies in a machine-readable format and supports data interpretability across domains. Evaluation results confirm that the users’ comprehension of the data shared through cookies is vague and insufficient. Furthermore, our work has resulted in an increase of 47.5% in the users’ willingness to be cautious when viewing cookie banners before giving consent. These and other evaluation results confirm that our cookie data visualisation approach and tool help to increase users’ awareness of cookies and data sharing.
Full PDF Version: 


Solicited Reviews:
Click to Expand/Collapse
Review #1
Anonymous submitted on 13/Apr/2023
Review Comment:

Thank you to the authors for your thorough response to my concerns.
The paper is in a much more acceptable state.

While I appreciate the need for GDPR compliance and privacy concerns, I still think some provision of a KG that exemplifies your use-case is a reasonable thing to expect. Sample, anonymized data would be really nice.

Review #2
Anonymous submitted on 15/May/2023
Minor Revision
Review Comment:

First, I would like to thank the authors for their detailed response. In my opinion, this version has addressed most of my concerns. However, my recommendation is minor revision, since the presentation of the paper can be further improved as it described with more details, below:

*Concerning the weak points 1 & 2 that I have mentioned in the previous version, the related work section has been improved. Also, I like Table 1, which provides a comparison with existing Online Consent Request approaches. However, Ι believe that Table 1 and its textual description should be moved in the related work section, e.g., in a subsection of Section 2.

*In the evaluation section, I think that the presentation of the paper should be improved, now it is not so easy to follow. In particular:
*There is no need to repeat all the numbers that are presented in Figures 7 & 8, so it is better to provide a less-detailed version of Section 5.
*Provide a better link between the text and the figures, e.g., write Fig. 8 (a) when you refer to the corresponding chart and not just Fig. 8.
*An alternative option could be to provide additional Tables (e.g., for Section 5.2.2).

*I also think that in some parts the introduction can be improved, e.g., parts of the text “ KGs also support data … new knowledge” should be described in the related work section and not in the introductory section. Moreover, it would be also good to mention in the introduction, e.g., in the second bullet of the contribution, that you perform a user-based evaluation with 40 participants, and not just to say “cookies of 40 users”.

*In the conclusion section, please provide 1-2 sentences about the results of the evaluation.

Finally, as a general advice, for aiding the reviewers in my opinion it is preferable to use a different color in the text (e.g., blue), for showing the revised content of the manuscript.

Minor Issues
predominately → predominantly
as consent represented → as consent is represented
GaphDB→ GraphDB
The tool is build → The tool is built