Cross-Jurisdictional Compliance with Privacy Laws: How Websites Adapt Consent Notices to Regional Regulations

20th International Conference on Availability, Reliability and Security (ARES 2025), 2025-05
Smeets, X.; Campobasso, M., Zannone, N.
PDF

Abstract

Tracking cookies have been widely used for targeted advertising, raising privacy concerns due to their invasive nature. In response, jurisdictions such as the EU, UK, California, and Canada have enacted privacy laws to regulate online tracking. This study examines the compliance of 535 websites with these laws. To do so, we define a set of legal requirements and assess website compliance through region-specific simulated visits. Consistent with prior research, we find widespread privacy violations. Additionally, websites that adapt their privacy interfaces based on visitor location tend to violate EU and UK regulations more frequently while showing higher compliance with Californian requirements. No significant compliance trend was observed for Canadian regulations.