Can a fair power balance be achieved in the Web ecosystem with the help of Computer Science research?

  • Panel
  • Class Room
  • Wednesday 21.05 — 14:15 - 15:30

Organising Institution

Inria

France

  • Academic 3
  • Business 2
  • Policy 1
Today’s websites and apps are complex applications built with numerous intermediary services. Such services help website owners to build their websites/apps, help them integrate third-party advertising services, or propose compliance and monetization solutions. While these services often facilitate online tracking and collection of personal data, they sometimes include manipulative practices aimed at website owners, yet it’s unclear how such services are covered by the ePrivacy Directive/GDPR or the DSA. As a result, intermediary services may deflect responsibility onto other actors, placing compliance obligations mostly on website owners. In this panel, we present the chains of dependencies between intermediary services down to website/app owners, analyze the current EU regulatory framework, identify challenges for website owners and discuss how research from Computer Science can help improve compliance.

Questions to be answered

  1. Do GDPR and DSA properly cover all the data processing and manipulative practices of intermediate services and ensure the fair balance of power?
  2. How can usable privacy research contribute to better understanding the power imbalance between intermediate service providers and website/app owners and to improving compliance?
  3. How difficult is to integrate intermediary services in website/app products and what challenges do companies face when ensuring compliance?
  4. What technical tools from Computer Science can help website/app owners and regulators to audit compliance with GDPR and DSA?

Moderator

Nataliia Bielova

Inria - France

Nataliia Bielova is a Research Director (equivalent to Full Professor with tenure) at Inria -- the French National Institute for Research in Digital Science and Technology. During 2022, she was a Senior Privacy Fellow at the French Data Protection Authority (CNIL). Dr. Bielova is a privacy expert and her current research interests are at the intersection of Web privacy measurements, auditing compliance with EU laws and human computer interaction with a strong focus on regulating consent, Web tracking and dark patterns.

Speaker

Wojciech Jukowski

L’Oréal Deutschland - Germany

Wojciech believes technology is force for good. He takes privilege working for L’Oreal Deutschland in helping to elevate Digital Compliance, to ensure trust provided by consumers is taken with respect to their decisions. At work, Wojciech enjoys translating technology rules and norms into business responsibility, and helps to implement them. He enjoys solving puzzles and bridging the gap between IT, Digital and legal topics. Holder of CIPT by IAPP and OneTrust Fellow certifications.

Speaker

Sepideh Ghanavati

University of Maine - United States

Sepideh Ghanavati is an associate professor in Computer Science at the University of Maine and the director of the Privacy Engineering - Regulatory Compliance Lab. Her research interests are at the intersections of human-centered privacy and security, software engineering, and natural language processing. Previously, she worked as a (visiting) assistant professor at Texas Tech, Radboud University, and Carnegie Mellon University. She is the recipient of the NSF CAREER and Google Faculty Research Awards. She has about 15 years of academic and industry experience in privacy and regulatory compliance and is a co-founder of the PrivateNLP workshop series.

Speaker

Cristiana Santos

Utrecht University School of Law - Netherlands

Cristiana Santos is Assistant Professor at the School of Law Utrecht University. She holds a joint international Doctoral Degree in Law, Science and Technology and a Ph.D. Degree in Computer Science. Her research interest focus on the compliance of tracking with EU Laws, on the responsibility for legal violations of online players, users manipulation, and Web privacy standards. She is expert of the Data Protection Unit of the Council of Europe; expert for the EDPB Pool of Experts. She holds an International Chair at INRIA. Previously, she worked as a legal adviser at the Portuguese Consumer Protection Organization-DECO.

Speaker

Karel Kubicek

Unaffiliated - Switzerland

Karel Kubicek is an independent researcher who got his PhD from ETH Zurich. Karel specializes in automating privacy compliance auditing for websites using machine learning and advanced web crawlers. His research focuses on detecting privacy violations such as invalid consent for cookie usage or marketing email communication. Karel also led the development of the privacy-enhancing browser extension, CookieBlock, with over 20k installations. CookieBlock automatically categorizes cookies based on purpose and filters them according to user preferences, effectively protecting users against the widespread privacy violations. Beyond these core areas, Karel has contributed to research on vulnerabilities in novel privacy technologies, usability evaluations of privacy-enhancing browser extensions, and the development of scraping methods for legal scholars.