TY - JOUR T1 - Gizlilik Yasalarının Test Edilmesi: Kullanıcıların Bilgi-Rıza Bildirimleri Hakkında Algıları ve Tepkileri TT - GİZLİLİK YASALARININ TEST EDİLMESİ: KULLANICILARIN BİLGİ/RIZA BİLDİRİMLERİ HAKKINDA ALGILARI VE TEPKİLERİ AU - Güngör Firat, Didem PY - 2024 DA - December Y2 - 2024 JF - Kişisel Verileri Koruma Dergisi PB - Kişisel Verileri Koruma Kurumu WT - DergiPark SN - 2667-6524 SP - 1 EP - 32 VL - 6 IS - 2 LA - en AB - Many websites have been using cookies to store information about users' behaviour. Although cookies provide various benefits for the service provider and the user, they are seen as a threat to online privacy. In recent years, many countries have introduced privacy laws. The regulations led by the European Union impose the responsibility of informing the user about the cookies and obtaining the explicit consent of the user. For this reason, they use information/consent notices on their websites to inform users and ask for consent.The primary concern of this study is to examine the effect of information/consent notices and, therefore, laws on users. The current study asks the following questions in the light of literature related to the subject: What are the users' knowledge and perceptions about the information/consent forms, how do they react to these forms, and what are the factors that affect their consent to these forms. While previous studies mostly focused on the EU region and the US, this study focuses on Turkey. In order to understand user behaviour in Turkey, an online survey was conducted with 56 participants. The study concluded that information/consent notices do not support optimal decision-making in users' privacy-related decisions. KW - Cookies KW - privacy KW - GDPR KW - PDPL KW - information/consent notices (ICN) N2 - Birçok web sitesi, kullanıcıların davranışları hakkında bilgi depolamak için çerezleri kullanıyor. Çerezler, hizmet sağlayıcı ve kullanıcı için çeşitli faydalar sağlasa da, çevrimiçi gizliliğe yönelik bir tehdit olarak görülmektedir. Son yıllarda, birçok ülkede gizlilik yasaları yürürlüğe girmiştir.Avrupa Birliği’nin öncülük ettiği düzenlemeler, hizmet sağlayıcılara kullanıcıyı çerezler hakkında bilgilendirme ve kullanıcının açık rızasını alma sorumluluğunu yüklemektedir. Bu nedenle web siteleri, bilgi/rıza bildirimlerini kullanıcıları bilgilendirmek ve izin istemek için kullanırlar.Bu çalışmanın birincil kaygısı, bilgi/rıza bildirimlerinin ve dolayısıyla yasaların kullanıcılar üzerindeki etkisini incelemektir. Mevcut çalışma, konuyla ilgili literatür ışığında şu soruları sormaktadır: Kullanıcıların bilgi/rıza formları hakkındaki bilgi ve algıları nelerdir, bu formlara nasıl tepki verirler ve rızalarını etkileyen faktörler nelerdir? Daha önceki çalışmalar daha çok AB bölgesi ve ABD'ye odaklanırken, bu çalışma Türkiye'ye odaklanır. Türkiye'deki kullanıcı davranışlarını anlamak için 56 katılımcı ile çevrimiçi bir anket yapılmıştır. Çalışma, bilgi/rıza bildirimlerinin, kullanıcıların gizlilikle ilgili kararlarında optimal karar vermeyi desteklemediği sonucuna varmıştır. CR - Abrardi, L., Cambini, C., & Hoernig, S. (2021). ``I don’t care about cookies!" Platform Data Disclosure and Time- Inconsistent Users. SSRN Electronic Journal. https://doi.org/10.2139/ssrn.3806112 CR - AcquistiAlessandro, AdjeridIdris, BalebakoRebecca, BrandimarteLaura, Faith, C., KomanduriSaranga, Giovanni, L., SadehNorman, SchaubFlorian, SleeperManya, WangYang, & WilsonShomir. (2017). Nudges for Privacy and Security. ACM Computing Surveys (CSUR), 50(3). https://doi.org/10.1145/3054926 CR - Albrecht, J. P. (2016). How the GDPR Will Change the World. European Data Protection Law Review (EDPL), 2. https://heinonline.org/HOL/Page?handle=hein.journals/edpl2&id=313&div=&collection= CR - Alexa. (2021). Alexa - Top Sites in Turke - Alexa. https://www.alexa.com/topsites/countries/TR CR - ARTICLE 29 DATA PROTECTION WORKING PARTY. (2013). ARTICLE 29 DATA PROTECTION WORKING PARTY Opinion 06/2013 on open data and public sector information ('PSI’) reuse THE WORKING PARTY ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA. http://ec.europa.eu/justice/data-protection/index_en.htm CR - Boerman, S. C., Kruikemeier, S., & Zuiderveen Borgesius, F. J. (2018). Exploring Motivations for Online Privacy Protection Behavior: Insights From Panel Data. Communication Research. https://doi.org/10.1177/0093650218800915 CR - Borgesius, Z., Mcdonald, F. J. ;, Frederik, D., Zuiderveen Borgesius, J., & Mcdonald, A. M. (2015). UvA-DARE (Digital Academic Repository) Do Not Track for Europe Do Not Track for Europe. http://ssrn.com/abstract=2588086 CR - Braun, V., & Clarke, V. (2006). Using thematic analysis in psychology. Qualitative Research in Psychology, 3(2), 77– 101. https://doi.org/10.1191/1478088706qp063oa CR - Brewis, J. (2014). The Ethics of Researching Friends: On Convenience Sampling in Qualitative Management and Organization Studies. British Journal of Management, 25(4), 849–862. https://doi.org/10.1111/1467-8551.12064 CR - Burton, D. (2000a). Research Training for Social Scientists : A Handbook for Postgraduate Researchers. Sage Publication. https://ebookcentral.proquest.com/lib/lboro/detail.action?docID=483368 CR - Burton, D. (2000b). Research Training for Social Scientists: A Handbook for Postgraduate Researchers. SAGE Publications. CR - Castelluccia, C., & Narayanan, A. (2012). Privacy considerations of online behavioural tracking. . European Network and Information Security Agency (ENISA). CR - Choi, H., Park, J., & Jung, Y. (2018). The role of privacy fatigue in online privacy behavior. Computers in Human Behavior. CR - Clarke, V., Braun, V., & Hayfield, N. (2015). Qualitative Psychology: A Practical Guide to Research Methods (J. A. Smith, Ed.). SAGE Publicaitons. CR - Comley, P. (2002). Online survey techniques: Current issues and future trends. Interactive Marketing 2002 4:2, 4(2), 156–169. https://doi.org/10.1057/PALGRAVE.IM.4340174 CR - Degeling, M., Utz, C., Lentzsch, C., Hosseini, H., Schaub, F., & Holz, T. (2019). We Value Your Privacy ... Now Take Some Cookies: Measuring the GDPR’s Impact on Web Privacy. https://doi.org/10.14722/ndss.2019.23378 CR - Edenberg, E., & Jones, M. L. (2020). Troubleshooting AI and Consent. In The Oxford Handbook of Ethics of AI. The Oxford Handbook of Ethics of AI. https://philpapers.org/rec/EDETAA-2 CR - Eroğlu, Ş. (2018). Dijital Yaşamda Mahremiyet (Gizlilik) Kavramı ve Kişisel Veriler: Hacettepe Üniversitesi Bilgi ve Belge Yönetimi Bölümü Öğrencilerin Mahremiyet ve Kişisel Veri Algılarının Analizi. Hacettepe Üniversitesi Edebiyat Fakültesi Dergisi, 35(2), 35. https://doi.org/10.32600/huefd.439007 CR - European Commission. (2018). Progress on EU data protection reform now irreversible following European Parliament vote. https://ec.europa.eu/commission/presscorner/detail/en/MEMO_14_186 CR - European Data Protection Supervisor. (n.d.). The History of the General Data Protection Regulation | European Data Protection Supervisor. Retrieved October 5, 2021, from https://edps.europa.eu/data-protection/data- protection/legislation/history-general-data-protection-regulation_en CR - Fogg, B. (2009). A behavior model for persuasive design. ACM International Conference Proceeding Series, 350. https://doi.org/10.1145/1541948.1541999 CR - Fricker, R. D., & Schonlau, M. (2016). Advantages and Disadvantages of Internet Research Surveys: Evidence from the Literature: Http://Dx.Doi.Org/10.1177/152582202237725, 14(4), 347–367. https://doi.org/10.1177/152582202237725 CR - GDPR. (n.d.). Recital 30 - Online Identifiers for Profiling and Identification - General Data Protection Regulation (GDPR). Retrieved October 5, 2021, from https://gdpr-info.eu/recitals/no-30/ CR - Gerson, K., & Horowitz, R. (2002). Observation and interviewing. Qualitative research in action. CR - Giakoumopoulos, C., Buttarelli, G., & O’Flaherty, M. (2018). Handbook on European data protection law - 2018 edition | European Union Agency for Fundamental Rights. https://fra.europa.eu/en/publication/2018/handbook-european- data-protection-law-2018-edition CR - Gray, C. M., Kou, Y., Battles, B., Hoggatt, J., & Toombs, A. L. (2018). The Dark (Patterns) Side of UX Design. https://doi.org/10.1145/3173574.3174108 CR - Gray, P. S. (2007). The Research Imagination : An Introduction to Qualitative and Quantitative Methods. https://ebookcentral.proquest.com/lib/lboro/reader.action?docID=307439 CR - Gurau, C. (2007). The Ethics of Online Surveys. In https://services.igi- global.com/resolvedoi/resolve.aspx?doi=10.4018/978-1-59140-792-8.ch012. IGI Global. https://doi.org/10.4018/978-1-59140-792-8.CH012 CR - Ha, V., Inkpen, K., al Shaar, F., & Hdeib, L. (2006). An examination of user perception and misconception of internet cookies. Conference on Human Factors in Computing Systems - Proceedings, 833–838. https://doi.org/10.1145/1125451.1125615 CR - Human, S., Gsenger, R., & Neumann, G. (2020). ePub WU Institutional Repository End-user Empowerment: An Interdisciplinary Perspective Conference or Workshop Item (Published) (Refereed) End-user Empowerment: An Interdisciplinary Perspective. CR - Jayakumar, L. N. (2021). Cookies ‘n’ consent: An empirical study on the factors influencing website users’ attitudes towards cookie consent in the EU. DBS Business Review, 4, Article 72. https://doi.org/10.22375/dbr.v4i0.72 CR - ICO. (2021). Cookies and similar technologies. Information Commsisioner’s Office; ICO. https://ico.org.uk/for- organisations/guide-to-pecr/cookies-and-similar-technologies/ CR - Kulyk, O., Gerber, N., Hilt, A., & Volkamer, M. (2021). Has the GDPR hype affected users’ reaction to cookie disclaimers? Journal of Cybersecurity, 6(1). https://doi.org/10.1093/CYBSEC/TYAA022 CR - Kulyk, O., Hilt, A., Gerber, N., & Volkamer, M. (2018, July 1). “This Website Uses Cookies”: Users’ Perceptions and Reactions to the Cookie Disclaimer. https://doi.org/10.14722/eurousec.2018.23012 CR - Kuner, C. (2012). The European Commission’s Proposed Data Protection Regulation: A Copernican Revolution in European Data Protection Law. Bloomberg BNA Privacy and Security Law Report. https://papers.ssrn.com/abstract=2162781. CR - KVKP. (2018). Turkish Personal Data Protection Law no. 6698 • Kişisel Verilerin Korunması Mevzuatı • KVKP. https://www.kisiselverilerinkorunmasi.org/kanunu-ingilizce-ceviri/ CR - Leon, P. G., Ur, B., Wang, Y., Sleeper, M., Balebako, R., Shay, R., Bauer, L., Christodorescu, M., & Cranor, L. F. (2013). What matters to users? Factors that affect users’ willingness to share information with online advertisers. SOUPS 2013 - Proceedings of the 9th Symposium on Usable Privacy and Security. https://doi.org/10.1145/2501604.2501611 CR - Lessig, L. (2009). Code: And Other Laws of Cyberspace. CR - Lyon, D. (2006). Theorizing Surveillance. In Theorizing Surveillance. Willan. https://doi.org/10.4324/9781843926818- 5 CR - Machuletz, D., & Böhme, R. (2020). Multiple Purposes, Multiple Problems: A User Study of Consent Dialogs after GDPR. Proceedings on Privacy Enhancing Technologies, 2020(2), 481–498. https://doi.org/10.2478/popets-2020- 0037 CR - May, T. (2011). Social Research Issues, Methods and Process (Forth Edition). Open University Press. CR - McDonald, A., & Cranor, L. F. (2010). Beliefs and Behaviors: Internet Users’ Understanding of Behavioral Advertising by Aleecia McDonald, Lorrie Faith Cranor :: SSRN. PTRC 2010. https://papers.ssrn.com/sol3/papers.cfm?abstract_id=1989092 CR - Meyers, W. A. (2018). C Is for Cookie: Is the EU’s New Cookie Law Good Enough to Protect My Data. International Lawyer, 52. https://heinonline.org/HOL/Page?handle=hein.journals/intlyr52&id=513&div=&collection= CR - Milne, G. R., Labrecque, L. I., & Cromer, C. (2009). Toward an understanding of the online consumer’s risky behavior and protection practices. Journal of Consumer Affairs, 43(3), 449–473. https://doi.org/10.1111/j.1745- 6606.2009.01148.x CR - Miyazaki, A. D. (2008). Online privacy and the disclosure of cookie use: Effects on consumer trust and anticipated patronage. Journal of Public Policy and Marketing, 27(1), 19–33. https://doi.org/10.1509/jppm.27.1.19 CR - Montulli, L. (2000). HTTP State Management Mechanism. Bell Laboratories, Lucent Technologies. https://www.rfc- editor.org/rfc/rfc2965.txt CR - Murat, D., & Dülger, V. (2019). AVRUPA BİRLİĚİ GENEL VERİ KORUMA TÜZÜĚÜ BAĚLAMINDA KİŞİSEL VERİLERİN KORUNMASI. https://orcid.org/0000-0003-4034-5436 CR - Norberg, P., Horne, D. R., & Horne, D. (2007). The Privacy Paradox: Personal Information Disclosure Intentions versus Behaviors. The Journal of Consumer Affairs. CR - Nouwens, M., Liccardi, I., Veale, M., Karger, D., & Kagal, L. (2020, April 21). Dark Patterns after the GDPR: Scraping Consent Pop-ups and Demonstrating their Influence. Conference on Human Factors in Computing Systems - Proceedings. https://doi.org/10.1145/3313831.3376321 CR - Oldendick, R. W. (2012). Survey Research Ethics. Handbook of Survey Methodology for the Social Sciences, 23–35. https://doi.org/10.1007/978-1-4614-3876-2_3 CR - OneTrust. (2020). Cookie Consent | Comply with Cookie Laws | Products | OneTrust. https://www.onetrust.com/products/cookie-consent/ CR - PDPO. (2019). Communique on the Procedures and Principles to be Followed for the Fulfillment of the Obligation of Informing. www.kvkk.gov.tr CR - Peng, W., & Cisna, J. (2000). HTTP cookies – a promising technology. Online Information Review, 24(2), 150–153. https://doi.org/10.1108/14684520010330346 CR - Peters, R., & Sikorski, R. (1997). SITE FINDER: Cookie Monster? Science, 278(5342), 1486b–11487. https://doi.org/10.1126/SCIENCE.278.5342.1486B CR - Sanchez-Rola, I., Dell’Amico, M., Kotzias, P., Balzarotti, D., Bilge, L., Vervier, P. A., & Santos, I. (2019). Can i opt out yet? GDPR and the global illusion of cookie control. AsiaCCS 2019 - Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security, 12, 340–351. https://doi.org/10.1145/3321705.3329806 CR - Schermer, B. W., Custers, B., & van der Hof, S. (2014). The crisis of consent: how stronger legal protection may lead to weaker consent in data protection. Ethics and Information Technology. CR - Schillewaert, N., Langerak, F., & Duhamei, T. (1998). Non-probability Sampling for WWW surveys: a comparison of methods’. Journal of the Market Research Society, 1(40), 307–321. CR - Sedgwick, P. (2013). Convenience sampling. BMJ, 347(oct25 2), f6304–f6304. https://doi.org/10.1136/BMJ.F6304 CR - Sharp, M. K., Glonti, K., & Hren, D. (2020). Online survey about the STROBE statement highlighted diverging views about its content, purpose, and value. Journal of Clinical Epidemiology, 123, 100–106. https://doi.org/10.1016/J.JCLINEPI.2020.03.025 CR - Skouma, G., & Léonard, L. (2015). On-line Behavioral Tracking: What May Change After the Legal Reform on Personal Data Protection. 35–60. https://doi.org/10.1007/978-94-017-9385-8_2 CR - Strycharz, J., Ausloos, J., & Helberger, N. (2020). Data Protection or Data Frustration? Individual Perceptions and Attitudes towards the GDPR. European Data Protection Law Review (EDPL), 6. https://heinonline.org/HOL/Page?handle=hein.journals/edpl6&id=430&div=&collection= CR - TASKAYA, M., & TALAY, Ö. (2019). Dijital Gözetimin Pazarlama Amaçlı Aracıları: “Çerezler” ve Çerez Kullanımında “Açık Rıza.” Akdeniz Üniversitesi İletişim Fakültesi Dergisi. CR - Trevisan, M., Traverso, S., Bassi, E., Mellia, M., di Torino, P., & Cyber Secu-, E. (2019). 4 Years of EU Cookie Law: Results and Lessons Learned. 126–145. https://doi.org/10.2478/popets-2019-0023 CR - Ur, B., Leon, P. G., Cranor, L. F., Shay, R., & Wang, Y. (2012). Smart, useful, scary, creepy: Perceptions of online behavioral advertising. SOUPS 2012 - Proceedings of the 8th Symposium on Usable Privacy and Security. https://doi.org/10.1145/2335356.2335362 CR - Utz, C., Degeling, M., Fahl, S., Schaub, F., & Holz, T. (2019). (Un)informed Consent: Studying GDPR Consent Notices in the Field ACM Reference Format. Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, 18. https://doi.org/10.1145/3319535.3354212 CR - W3Techs. (2021). Usage Statistics of Persistent Cookies for Websites, October 2021. https://w3techs.com/technologies/details/ce-persistentcookies UR - https://dergipark.org.tr/tr/pub/kvkd/issue//1571237 L1 - https://dergipark.org.tr/tr/download/article-file/4304804 ER -