Me want cookie! Towards automated and transparent data governance on the Web
Jesse Wright, Beatriz Esteves, Rui Zhao
TL;DR
Me want cookie! addresses the problem of opaque and often non-compliant cookie policies by proposing a sociotechnical framework for automated and transparent data governance on the Web. The authors advocate embedding machine-readable terms of use for data sharing (ODRL, DToU, DPV) into cookies via RDFa and HTTP headers, enabling negotiation and enforcement by browsers and agents. They compare this approach to existing privacy policies and CMPs, outlining a three-stage pathway from in-dialogue policy requests to header-based exchanges and broader data governance beyond cookies. The paper also describes an initial methodology using a 304k-cookie dataset to evaluate DPV/ODRL/DToU coverage and calls for collaborative engagement with regulators and industry to realize Web-scale semi-automated governance.
Abstract
This paper presents a sociotechnical vision for managing personal data, including cookies, within Web browsers. We first present our vision for a future of semi-automated data governance on the Web, using policy languages to describe data terms of use, and having browsers act on behalf of users to enact policy-based controls. Then, we present an overview of the technical research required to {prove} that existing policy languages express a sufficient range of concepts for describing cookie policies on the Web today. We view this work as a stepping stone towards a future of semi-automated data governance at Web-scale, which in the long term will also be used by next-generation Web technologies such as Web agents and Solid.