{"id":"https://openalex.org/W4416961912","doi":"https://doi.org/10.1109/pst65910.2025.11268848","title":"A Longitudinal Look at GDPR Compliance","display_name":"A Longitudinal Look at GDPR Compliance","publication_year":2025,"publication_date":"2025-08-26","ids":{"openalex":"https://openalex.org/W4416961912","doi":"https://doi.org/10.1109/pst65910.2025.11268848"},"language":null,"primary_location":{"id":"doi:10.1109/pst65910.2025.11268848","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268848","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5077832973","display_name":"Brian Kim","orcid":"https://orcid.org/0009-0004-5477-6733"},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Brian Kim","raw_affiliation_strings":["The University of Texas at Austin,The Center for Identity,Austin,Texas,USA"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Austin,The Center for Identity,Austin,Texas,USA","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101424064","display_name":"Y. Cao","orcid":"https://orcid.org/0000-0003-3565-906X"},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yang Trista Cao","raw_affiliation_strings":["The University of Texas at Austin,The Center for Identity,Austin,Texas,USA"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Austin,The Center for Identity,Austin,Texas,USA","institution_ids":["https://openalex.org/I86519309"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5037778963","display_name":"K. Suzanne Barber","orcid":"https://orcid.org/0000-0003-2906-6583"},"institutions":[{"id":"https://openalex.org/I86519309","display_name":"The University of Texas at Austin","ror":"https://ror.org/00hj54h04","country_code":"US","type":"education","lineage":["https://openalex.org/I86519309"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"K. Suzanne Barber","raw_affiliation_strings":["The University of Texas at Austin,The Center for Identity,Austin,Texas,USA"],"affiliations":[{"raw_affiliation_string":"The University of Texas at Austin,The Center for Identity,Austin,Texas,USA","institution_ids":["https://openalex.org/I86519309"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5077832973"],"corresponding_institution_ids":["https://openalex.org/I86519309"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.48741997,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"1","last_page":"7"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9501000046730042,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11045","display_name":"Privacy, Security, and Data Protection","score":0.9501000046730042,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.007300000172108412,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.004900000058114529,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/general-data-protection-regulation","display_name":"General Data Protection Regulation","score":0.7192999720573425},{"id":"https://openalex.org/keywords/transparency","display_name":"Transparency (behavior)","score":0.6769999861717224},{"id":"https://openalex.org/keywords/enforcement","display_name":"Enforcement","score":0.6565999984741211},{"id":"https://openalex.org/keywords/compliance","display_name":"Compliance (psychology)","score":0.6446999907493591},{"id":"https://openalex.org/keywords/audit","display_name":"Audit","score":0.6272000074386597},{"id":"https://openalex.org/keywords/privacy-policy","display_name":"Privacy policy","score":0.5834000110626221},{"id":"https://openalex.org/keywords/context","display_name":"Context (archaeology)","score":0.5803999900817871},{"id":"https://openalex.org/keywords/data-protection-act-1998","display_name":"Data Protection Act 1998","score":0.5618000030517578},{"id":"https://openalex.org/keywords/information-privacy","display_name":"Information privacy","score":0.5595999956130981},{"id":"https://openalex.org/keywords/privacy-by-design","display_name":"Privacy by Design","score":0.5115000009536743}],"concepts":[{"id":"https://openalex.org/C3090818","wikidata":"https://www.wikidata.org/wiki/Q1172506","display_name":"General Data Protection Regulation","level":3,"score":0.7192999720573425},{"id":"https://openalex.org/C2780233690","wikidata":"https://www.wikidata.org/wiki/Q535347","display_name":"Transparency (behavior)","level":2,"score":0.6769999861717224},{"id":"https://openalex.org/C2779777834","wikidata":"https://www.wikidata.org/wiki/Q4202277","display_name":"Enforcement","level":2,"score":0.6565999984741211},{"id":"https://openalex.org/C2781460075","wikidata":"https://www.wikidata.org/wiki/Q1399332","display_name":"Compliance (psychology)","level":2,"score":0.6446999907493591},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.6272000074386597},{"id":"https://openalex.org/C144133560","wikidata":"https://www.wikidata.org/wiki/Q4830453","display_name":"Business","level":0,"score":0.6007000207901001},{"id":"https://openalex.org/C102938260","wikidata":"https://www.wikidata.org/wiki/Q1999831","display_name":"Privacy policy","level":3,"score":0.5834000110626221},{"id":"https://openalex.org/C2779343474","wikidata":"https://www.wikidata.org/wiki/Q3109175","display_name":"Context (archaeology)","level":2,"score":0.5803999900817871},{"id":"https://openalex.org/C69360830","wikidata":"https://www.wikidata.org/wiki/Q1172237","display_name":"Data Protection Act 1998","level":2,"score":0.5618000030517578},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.5595999956130981},{"id":"https://openalex.org/C193934123","wikidata":"https://www.wikidata.org/wiki/Q7246028","display_name":"Privacy by Design","level":3,"score":0.5115000009536743},{"id":"https://openalex.org/C39389867","wikidata":"https://www.wikidata.org/wiki/Q380767","display_name":"Corporate governance","level":2,"score":0.48989999294281006},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.47040000557899475},{"id":"https://openalex.org/C141972696","wikidata":"https://www.wikidata.org/wiki/Q1247836","display_name":"Privacy law","level":4,"score":0.4609000086784363},{"id":"https://openalex.org/C121955636","wikidata":"https://www.wikidata.org/wiki/Q4116214","display_name":"Accounting","level":1,"score":0.4311000108718872},{"id":"https://openalex.org/C196879817","wikidata":"https://www.wikidata.org/wiki/Q872685","display_name":"Data governance","level":4,"score":0.3961000144481659},{"id":"https://openalex.org/C100776233","wikidata":"https://www.wikidata.org/wiki/Q2532492","display_name":"Bridge (graph theory)","level":2,"score":0.3756999969482422},{"id":"https://openalex.org/C2779965156","wikidata":"https://www.wikidata.org/wiki/Q5227350","display_name":"Data sharing","level":3,"score":0.37130001187324524},{"id":"https://openalex.org/C2776393157","wikidata":"https://www.wikidata.org/wiki/Q113462","display_name":"Digital rights","level":2,"score":0.36550000309944153},{"id":"https://openalex.org/C39549134","wikidata":"https://www.wikidata.org/wiki/Q133080","display_name":"Public relations","level":1,"score":0.364300012588501},{"id":"https://openalex.org/C109986646","wikidata":"https://www.wikidata.org/wiki/Q546113","display_name":"Public policy","level":2,"score":0.35010001063346863},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.3400000035762787},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.3246000111103058},{"id":"https://openalex.org/C78524284","wikidata":"https://www.wikidata.org/wiki/Q6031155","display_name":"Information privacy law","level":4,"score":0.31949999928474426},{"id":"https://openalex.org/C2778069335","wikidata":"https://www.wikidata.org/wiki/Q32098","display_name":"Sanctions","level":2,"score":0.3084999918937683},{"id":"https://openalex.org/C2780866740","wikidata":"https://www.wikidata.org/wiki/Q5227345","display_name":"Data retention","level":2,"score":0.30309998989105225},{"id":"https://openalex.org/C2780262971","wikidata":"https://www.wikidata.org/wiki/Q44554","display_name":"Law enforcement","level":2,"score":0.29980000853538513},{"id":"https://openalex.org/C2777351106","wikidata":"https://www.wikidata.org/wiki/Q49371","display_name":"Legislation","level":2,"score":0.29339998960494995},{"id":"https://openalex.org/C18762648","wikidata":"https://www.wikidata.org/wiki/Q42213","display_name":"Work (physics)","level":2,"score":0.2824000120162964},{"id":"https://openalex.org/C2776007630","wikidata":"https://www.wikidata.org/wiki/Q2798912","display_name":"Accountability","level":2,"score":0.27469998598098755},{"id":"https://openalex.org/C100001284","wikidata":"https://www.wikidata.org/wiki/Q2248246","display_name":"Public economics","level":1,"score":0.2669999897480011},{"id":"https://openalex.org/C18414002","wikidata":"https://www.wikidata.org/wiki/Q8354932","display_name":"Right to privacy","level":2,"score":0.2653000056743622},{"id":"https://openalex.org/C184356942","wikidata":"https://www.wikidata.org/wiki/Q830382","display_name":"Best practice","level":2,"score":0.2646999955177307},{"id":"https://openalex.org/C123587114","wikidata":"https://www.wikidata.org/wiki/Q2101508","display_name":"Policy analysis","level":2,"score":0.2623000144958496},{"id":"https://openalex.org/C3116431","wikidata":"https://www.wikidata.org/wiki/Q31728","display_name":"Public administration","level":1,"score":0.2574999928474426},{"id":"https://openalex.org/C190253527","wikidata":"https://www.wikidata.org/wiki/Q295354","display_name":"Law and economics","level":1,"score":0.2556000053882599},{"id":"https://openalex.org/C17744445","wikidata":"https://www.wikidata.org/wiki/Q36442","display_name":"Political science","level":0,"score":0.25529998540878296},{"id":"https://openalex.org/C195094911","wikidata":"https://www.wikidata.org/wiki/Q14167904","display_name":"Process management","level":1,"score":0.25450000166893005},{"id":"https://openalex.org/C28719098","wikidata":"https://www.wikidata.org/wiki/Q44946","display_name":"Point (geometry)","level":2,"score":0.2524999976158142},{"id":"https://openalex.org/C162118730","wikidata":"https://www.wikidata.org/wiki/Q1128453","display_name":"Actuarial science","level":1,"score":0.2506999969482422}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/pst65910.2025.11268848","is_oa":false,"landing_page_url":"https://doi.org/10.1109/pst65910.2025.11268848","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2025 22nd Annual International Conference on Privacy, Security, and Trust (PST)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":6,"referenced_works":["https://openalex.org/W2791737564","https://openalex.org/W2885362917","https://openalex.org/W2887679736","https://openalex.org/W3049637327","https://openalex.org/W3094029910","https://openalex.org/W4401672695"],"related_works":[],"abstract_inverted_index":{"This":[0,133],"paper":[1],"presents":[2],"a":[3,22,39,54,83,91,115],"longitudinal":[4],"study":[5,134],"investigating":[6],"how":[7],"the":[8,136,143,150,159],"General":[9],"Data":[10],"Protection":[11],"Regulation":[12],"(GDPR)":[13],"compliance":[14,59,118],"of":[15,41,138,161],"website":[16],"privacy":[17,28,96,131],"policies":[18,97],"has":[19],"evolved":[20],"over":[21],"fiveyear":[23],"period.":[24],"Using":[25],"an":[26],"automated":[27],"policy":[29,140,154],"evaluation":[30],"tool,":[31],"we":[32],"assessed":[33],"ten":[34],"core":[35],"GDPR":[36],"factors":[37],"across":[38],"corpus":[40],"websites":[42],"originally":[43],"analyzed":[44],"in":[45,49,85,94,117,129,158],"2020":[46],"and":[47,67,80,102,127,142,155],"re-evaluated":[48],"2025.":[50],"Our":[51],"analysis":[52],"reveals":[53],"mixed":[55],"progression:":[56],"while":[57,106],"user-facing":[58],"measures":[60],"such":[61],"as":[62,77],"consent,":[63],"data":[64,68,81],"retention":[65],"notification,":[66],"sharing":[69],"transparency":[70],"showed":[71],"measurable":[72],"improvement,":[73],"technically":[74],"oriented":[75],"factors-such":[76],"breach":[78],"notification":[79],"encryption-experienced":[82],"decline":[84],"explicit":[86],"disclosure.":[87],"These":[88],"findings":[89],"suggest":[90],"broader":[92],"trend":[93],"which":[95],"increasingly":[98],"emphasize":[99],"legal":[100],"rights":[101],"visible":[103],"consent":[104],"mechanisms,":[105],"de-emphasizing":[107],"backend":[108],"technical":[109],"safeguards.":[110],"The":[111],"results":[112],"point":[113],"to":[114],"split":[116],"communication,":[119],"possibly":[120],"influenced":[121],"by":[122],"regulatory":[123],"clarity,":[124],"enforcement":[125],"pressure,":[126],"shifts":[128],"organizational":[130],"strategy.":[132],"underscores":[135],"importance":[137],"continued":[139],"auditing":[141],"need":[144],"for":[145],"complementary":[146],"methods":[147],"that":[148],"bridge":[149],"gap":[151],"between":[152],"stated":[153],"implemented":[156],"practice":[157],"context":[160],"evolving":[162],"digital":[163],"governance":[164],"frameworks.":[165]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-12-03T00:00:00"}