To develop a methodology, implemented in an Internet application, for automatic assessment of Website compliance to the Cookie Law. To evaluate the compliance of both commercial and Public Administration websites.
The evaluation tool is currently used by the Italian Data Protection Authority as a support for finding possible infringements of law and for monitoring the compliance of websites to the Cookie Law over time. An experimental evaluation conducted at the end of 2015 has shown a number of interesting findings summarised below.
The Cookie Law is intended to protect the users privacy by requiring that any website should inform its visitors of what type of information is being gathered. In particular, the user must be asked for a consent to use the tracking cookies installed by the website. The tool developed by the project is able to automatically detect whether a website installs tracking cookies and whether it asks for the user consent. The methodology is based on cookie disclosure and classification together with identification of natural language consent requests by web information retrieval techniques. The system has been implemented as a web application, available at http://spai.fub.it, with a password-protected access. An experimental evaluation (as of December 2015) was carried out using the Alexa list of the 500 most popular websites in Italy as well the 23000 Italian Public Administration websites. The main findings were the following:
- at least 20% of the 500 most popular websites were not compliant to the law, because they installed tracking cookies without displaying the notice & consent banner;
- about 2000 out of the 23000 Italian Public Administration websites installed tracking cookies, with 60% of these not asking for consent;