Cookies, GDPR and Dark patterns : Effect on consumer privacy

Sammanfattning: The European General Data Protection Regulation has changed how users interact with cookie notices online. The rules state that users consent must be given via a clear, affirmative act and easily withdrawable by the end-user. Dark patterns, a way of tricking a user into giving more consent than needed with the help of, for example,size of objects, text and button colour could be applied to these notices to trick the user into giving more consent than needed. The objective of the thesis study was to develop a scraper in Python which could analyze web pages automatically against a set of created measurable parameters. That means that first, measurable parameters needed to be defined for the scraper, and then, implemented in such a way that it automatically could find and analyze cookie notices. The scraper was implemented in Python with the help of the browser testing libraries called Splinter and Selenium. The results from the experiment showed that the size of the notices was mostly small, but some pages used up the whole page for the notice. The amount of pre-ticked boxes and the readability of the notices also showed usage of dark patterns. The conclusion that can be drawn from the result is that the GDPR and e-Privacydirective have affected the usage in most web pages, as they seem to use some types of dark patterns to trick the user into giving more consent than is needed to be able to use the web page, and with an improved scraper, the result could show even more