The paper addresses the over-reliance on GDPR in digital privacy research by systematically normalizing heterogeneous global data protection laws into a unified, data-lifecycle-aligned abstraction.

This comprehensive systematic review synthesizes decades of research on web tracker detection, proposing a new taxonomy and identifying key open research gaps to guide future work.

The paper introduces SST-Guard, a multi-modal browser-based system that detects and blocks server-side Google Analytics (sGA) by identifying the semantic patterns of collected data rather than relying…

The paper develops a comprehensive, GDPR-aligned item bank of 527 statements to accurately measure user preferences regarding specific regulatory protections, addressing a gap left by older privacy me…

The paper introduces UMBRA, a novel system that detects evolved and subtle dark patterns in cookie consent banners, demonstrating that systematic non-compliance and user autonomy erosion are widesprea…

This study analyzed the online exposure of Thai National Identification Numbers and other sensitive personal data, revealing over 1.2 million records, primarily originating from government websites, w…

This paper demonstrates that encrypted traffic metadata (packet lengths and timing) can leak a user's persona, achieving high inference accuracy across multiple modern websites.

The paper proposes a robust causal decision framework to measure advertising incrementality despite multiple sources of privacy-induced signal degradation, providing certified decisions on the strengt…

The paper introduces WebPII, a novel, large-scale synthetic benchmark for detecting personally identifiable information (PII) in web screenshots, and demonstrates a model (WebRedact) that significantl…

This paper systematically measured web tracking across 20 popular AI chatbots, finding that a majority share both conversational content and user identity information with third parties.

The paper empirically investigates the lead marketing ecosystem, revealing a highly non-compliant system that aggressively collects, shares, and monetizes sensitive personal data through deceptive bro…

This paper analyzes location-data provenance risks across multiple European sectors, proposing a risk taxonomy and architectural design for a next-generation digital trust infrastructure that treats l…

The paper proposes that party autonomy can be used to determine the applicable law for non-contractual obligations arising from cross-border data transfers by aligning it with the law chosen for the r…

This techreport evaluates a Tor-based protocol, Tor push, demonstrating that it can significantly enhance the location privacy of Ethereum validators by unlinking their identities from their IP addres…

The paper analyzes current and proposed age verification methods and proposes an alternative using open standards and cryptography to achieve secure, privacy-preserving age checking.

The paper introduces the PROMPT framework to systematically analyze and mitigate privacy risks in online propaganda detection pipelines, demonstrating that current widely used methods are often non-co…

The paper introduces the PrivacyIceberg framework to systematically categorize and empirically demonstrate the high risk of automated, deep personal profiling using LLM agents, revealing a significant…

The paper argues that over-engineered university cybersecurity protocols, while necessary, create significant accessibility barriers that disproportionately harm remote international students, particu…

This study analyzed I2P's routing topology and found no significant evidence that peer selection is influenced by geographic location, suggesting highly random global mixing.

This case study systematically measures how placing anonymization at different points (dataset vs. generated answer) within the RAG pipeline affects the privacy-utility trade-off, demonstrating that p…