AAU logo

CMI News

CMI News

One year with GDPR at websites - monitoring the developments

Last modified: 21.06.2019

One year ago GDPR came into force - May 25, 2018. Two researchers from CMI - Associate professor Jannick Kirk Sørensen and Assistant Professor Sokol Kosta have during the last 15 months been measuring the presence of third-party servers at 1291 webpages in Europe. One of the purposes was to monitor for possible changes that could be attributed to GDPR. Until now, each of the +1200 websites have been visited 33 times. In total +46 million HTTP responses have been collected and analysed. The character and amount of third party interactions at websites is relevant for privacy, as third-party servers is an essential tool in profiling users.

The researchers observe a drop in the number of advertising- and analytics related third-parties around May, 25 2018, particularly for private media websites. For public media and other websites published by public authorities the researchers see no such clear correlations. The drop stabiles after May 2018, indicating a new ‘business as usual’ situation for third party servers - and for privacy.

The data-set is complex as it covers more than 4700 different third party URLs. Further analyses are being undertaken, using clustering techniques to discover patterns in the appearance of the third party servers at the 1291 webpages.

Recently the researchers presented preliminary results in a paper at the prestigious conference “The Web Conference” in San Francisco (https://www2019.thewebconf.org) The paper can the downloaded here: https://dl.acm.org/citation.cfm?id=3313524

By Jannick Kirk Sørensen