ConsentDiff at Scale: Longitudinal Audits of Web Privacy Policy Changes and UI Frictions
This addresses the need for longitudinal audits of web privacy for users and regulators, though it is incremental in providing a scalable method for such monitoring.
The paper tackled the problem of tracking changes in web privacy policies and consent interfaces over time, finding that policies frequently change, high-friction banner designs are being eliminated, and alignment between policy claims and UI actions is higher when rejecting consent is visible and low-friction.
Web privacy is experienced via two public artifacts: site utterances in policy texts, and the actions users are required to take during consent interfaces. In the extensive cross-section audits we've studied, there is a lack of longitudinal data detailing how these artifacts are changing together, and if interfaces are actually doing what they promise in policy. ConsentDiff provides that longitudinal view. We build a reproducible pipeline that snapshots sites every month, semantically aligns policy clauses to track clause-level churn, and classifies consent-UI patterns by pulling together DOM signals with cues provided by screenshots. We introduce a novel weighted claim-UI alignment score, connecting common policy claims to observable predicates, and enabling comparisons over time, regions, and verticals. Our measurements suggest continued policy churn, systematic changes to eliminate a higher-friction banner design, and significantly higher alignment where rejecting is visible and lower friction.