Privacy Rarely Considered: Exploring Considerations in the Adoption of Third-Party Services by Websites

Authors: Christine Utz (CISPA Helmholtz Center for Information Security), Sabrina Amft (CISPA Helmholtz Center for Information Security), Martin Degeling (Ruhr University Bochum), Thorsten Holz (CISPA Helmholtz Center for Information Security), Sascha Fahl (CISPA Helmholtz Center for Information Security), Florian Schaub (University of Michigan School of Information)

Volume: 2023
Issue: 1
Pages: 5–28

Download PDF

Abstract: Modern websites frequently use and embed third-party services to facilitate web development, connect to social media, or for monetization. This often introduces privacy issues as the inclusion of third-party services on a website can allow the third party to collect personal data about the website's visitors. While the prevalence and mechanisms of third-party web tracking have been widely studied, little is known about the decision processes that lead to websites using third-party functionality and whether efforts are being made to protect their visitors' privacy. We report results from an online survey with 395 participants involved in the creation and maintenance of websites. For ten common website functionalities we investigated if privacy has played a role in decisions about how the functionality is integrated, if specific efforts for privacy protection have been made during integration, and to what degree people are aware of data collection through third parties. We find that ease of integration drives third-party adoption but visitor privacy is considered if there are legal requirements or respective guidelines. Awareness of data collection and privacy risks is higher if the collection is directly associated with the purpose for which the third-party service is used.

Keywords: web privacy, web tracking, third parties, survey

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution 4.0 license.