CSChecker: Revisiting GDPR and CCPA Compliance of Cookie Banners on the Web
Privacy regulations like GDPR and CCPA have greatly affected online advertising and tracking strategies. To comply with the regulations, websites need to display consent management UIs (i.e., cookie banners) implemented under the corresponding technical frameworks, allowing users to specify consents regarding their personal data processing.
In this artifact, we release CSChecker, a browser-based tool that monitors and records consent strings on websites. We provide a VM image, which include 1) the source code, build scripts and a compiled binary of CSChecker, 2) our experiment data, and 3) the analysis scripts. We use CSChecker to analyze the GDPR and CCPA cookie banners, and reveal previously unknown compliance problems under both frameworks. It also enables us to discover and analyze possible miscreants leading to the violations, e.g., consent management providers that return wrong consent data.