Really Enforceable Solution to Protect End-users Consent & Tracking Decisions

The interdisciplinary research project RESPECTeD (“Really Enforceable Solution to Protect End-users Consent & Tracking Decisions”) is a joint project of the Vienna University of Economics and Business (the Privacy and Sustainable Computing Lab, the Institute of Information Systems and Society, and the Institute of Information Systems and New Media) and NOYB – European Center for Digital Rights (noyb). RESPECTeD is funded by NetIdee programme of Internet Privatstiftung Austria (IPA).

Project Motivations

RESPECTeD tackles a wide range of ongoing privacy-related issues on Internet, among others:
1. providing consents on the Internet is a time and expertise-demanding task which cannot correctly be performed by most of the users,
2. withdrawing consents is normally a sophisticated task,
3. the existing anti-tracking mechanisms (e.g. W3C’s Tracking Preference Expression – DNT) are not legally enforceable and are in many cases ignored by the service providers. 
We aim to develop a mechanism to address these issues.

Project Goal

Based on an extensive study of existing patterns of tracking, we develop a detailed standard mechanism for communicating users consent and tracking decisions via HTTP headers. Moreover, a set of client-side and server-side software (e.g. web-browser plugins) support the legal enforcement of the expressed consents, e.g. by sending the required identifiers or legally binding emails.

Target Group of the Project

Almost everyone on Internet can be considered as the target group of the project: 
1) end-users will finally have a mechanism to express their consent and tracking decisions in a manner, which not only is human-cetnricuser-friendly and easy- to-use, but also lawfully and technically enforceable;
2) service providers (data controllers) will be provided by a clearly defined technical mechanism and supporting codes to gain and respect user consents;
3) NGOs will be provide mechanisms to track which data-controllers do not comply the GDPR.