Global Privacy Control (GPC) is a relatively new standard – the first draft was published in October 2020 – designed to communicate users’ privacy preferences on the web. It is the spiritual successor of the Do Not Track header originally proposed in 2009. The premise of both is that they allow users to communicate their preference not to be tracked in a standardized way.
Despite being introduced only very recently, we measured a non-negligible adoption by users in practice, mostly driven by browser extensions such as the EFF’s Privacy Badger. At the same time, we found that users who transmitted a GPC signal often still click “Accept” when faced with a cookie dialog. The question this thesis aims to answer is: Why do users, who go through the trouble of installing a browser extension to not be tracked, still accept tracking when faced with a GDPR cookie prompt? As part of this thesis you will will run a classic user study by first developing a questionnaire (which we will run on some websites we control) and then analyze the results.